Add tests

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

vulnerabilities/tests/conftest.py

@@ -36,7 +36,6 @@ def no_rmtree(monkeypatch):
     "test_mozilla.py",
     "test_msr2019.py",
     "test_package_managers.py",
-    "test_retiredotnet.py",
     "test_ruby.py",
     "test_rust.py",
     "test_safety_db.py",

vulnerabilities/tests/test_data/retiredotnet/expected_file.json

@@ -0,0 +1,88 @@
+{
+  "aliases": [
+    "CVE-2019-0982"
+  ],
+  "summary": "Microsoft Security Advisory CVE-2019-0982: ASP.NET Core Denial of Service Vulnerability",
+  "affected_packages": [
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.0.0",
+      "fixed_version": "1.0.11"
+    },
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.0.1",
+      "fixed_version": "1.0.11"
+    },
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.0.2",
+      "fixed_version": "1.0.11"
+    },
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.0.3",
+      "fixed_version": "1.0.11"
+    },
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.0.4",
+      "fixed_version": "1.0.11"
+    },
+    {
+      "package": {
+        "type": "nuget",
+        "namespace": null,
+        "name": "Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nuget/1.1.0",
+      "fixed_version": "1.1.5"
+    }
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://github.com/aspnet/Announcements/issues/359",
+      "severities": []
+    }
+  ],
+  "date_published": null
+}

vulnerabilities/tests/test_retiredotnet.py

@@ -9,138 +9,27 @@
 
 
 import os
-from collections import OrderedDict
-from unittest import TestCase
 
-from packageurl import PackageURL
-
-from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import Reference
 from vulnerabilities.importers.retiredotnet import RetireDotnetImporter
-from vulnerabilities.utils import AffectedPackage
+from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 
-class TestRetireDotnetImporter(TestCase):
-    @classmethod
-    def setUpClass(cls):
-        data_source_cfg = {
-            "repository_url": "https://test.net",
-        }
-        cls.data_src = RetireDotnetImporter(1, config=data_source_cfg)
-
-    def test_vuln_id_from_desc(self):
-
-        gibberish = "xyzabcpqr123" * 50 + "\n" * 100
-        res = self.data_src.vuln_id_from_desc(gibberish)
-        assert res is None
-
-        desc = "abcdef CVE-2002-1968 pqrstuvwxyz:_|-|"
-        res = self.data_src.vuln_id_from_desc(desc)
-        assert res == "CVE-2002-1968"
-
-    def test_process_file(self):
+def test_vuln_id_from_desc():
+    importer = RetireDotnetImporter()
+    gibberish = "xyzabcpqr123" * 50 + "\n" * 100
+    res = importer.vuln_id_from_desc(gibberish)
+    assert res is None
 
-        path = os.path.join(BASE_DIR, "test_data/retiredotnet/test_file.json")
-        expected_data = Advisory(
-            summary="Microsoft Security Advisory CVE-2019-0982: ASP.NET Core Denial of Service Vulnerability",
-            vulnerability_id="CVE-2019-0982",
-            affected_packages=[
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.0",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.11",
-                    ),
-                ),
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.1",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.11",
-                    ),
-                ),
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.2",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.11",
-                    ),
-                ),
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.3",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.11",
-                    ),
-                ),
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.4",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.0.11",
-                    ),
-                ),
-                AffectedPackage(
-                    vulnerable_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.1.0",
-                    ),
-                    patched_package=PackageURL(
-                        type="nuget",
-                        namespace=None,
-                        name="Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
-                        version="1.1.5",
-                    ),
-                ),
-            ],
-            references=[
-                Reference(
-                    reference_id="",
-                    url="https://github.com/aspnet/Announcements/issues/359",
-                    severities=[],
-                )
-            ],
-        )
+    desc = "abcdef CVE-2002-1968 pqrstuvwxyz:_|-|"
+    res = importer.vuln_id_from_desc(desc)
+    assert res == "CVE-2002-1968"
 
-        found_data = self.data_src.process_file(path)
 
-        assert expected_data == found_data
+def test_process_file():
+    path = os.path.join(BASE_DIR, "test_data/retiredotnet/test_file.json")
+    importer = RetireDotnetImporter()
+    expected_file = os.path.join(BASE_DIR, "test_data/retiredotnet/expected_file.json")
+    advisory = importer.process_file(path)
+    util_tests.check_results_against_json(advisory.to_dict(), expected_file)