From 48457b857f83f5d8de7b159138ddb75fd0797214 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sun, 13 Mar 2022 11:25:32 -0400 Subject: add cisa/catalog_test.go and cisa/testdata --- cisa/catalog_test.go | 172 ++++++++++++++++++++++++++ cisa/testdata/catalog-test-data.json.gz | Bin 0 -> 192 bytes cisa/testdata/cisa-kevc-20220313-tiny.json.gz | Bin 0 -> 675 bytes cisa/testdata/cisa-kevc-20220313.json.gz | Bin 0 -> 36282 bytes 4 files changed, 172 insertions(+) create mode 100644 cisa/catalog_test.go create mode 100644 cisa/testdata/catalog-test-data.json.gz create mode 100644 cisa/testdata/cisa-kevc-20220313-tiny.json.gz create mode 100644 cisa/testdata/cisa-kevc-20220313.json.gz diff --git a/cisa/catalog_test.go b/cisa/catalog_test.go new file mode 100644 index 0000000..b86d21c --- /dev/null +++ b/cisa/catalog_test.go @@ -0,0 +1,172 @@ +package cisa + +import ( + "compress/gzip" + "encoding/json" + "github.com/pablotron/cvez/feed" + "os" + "reflect" + "testing" + "time" +) + +// catalog test data +type catalogTestData struct { + CveIds map[string]feed.CveId `json:"cves"` + Dates map[string]Date `json:"dates"` + Times map[string]time.Time `json:"times"` +} + +func getCatalogTestData(path string) (catalogTestData, error) { + var r catalogTestData + + // open file + f, err := os.Open(path) + if err != nil { + return r, err + } + defer f.Close() + + // open reader + gz, err := gzip.NewReader(f) + if err != nil { + return r, err + } + defer gz.Close() + + // create decoder + d := json.NewDecoder(gz) + + // unmarshal json, return result + return r, d.Decode(&r) +} + +// read gzipped JSON CISA KEV catalog. +func readTestCatalog(path string, fn func(Catalog)) error { + // open file + f, err := os.Open(path) + if err != nil { + return err + } + defer f.Close() + + // create gzip reader + r, err := gzip.NewReader(f) + if err != nil { + return err + } + defer r.Close() + + // create decoder + d := json.NewDecoder(r) + + // unmarshal catalog + var c Catalog + if err = d.Decode(&c); err != nil { + return err + } + + // invoke callback, return result + fn(c) + + // return success + return nil +} + + +// "title": "CISA Catalog of Known Exploited Vulnerabilities", +// "catalogVersion": "2022.03.07", +// "dateReleased": "2022-03-07T12:45:26.2626Z", +// "count": 489, +// "vulnerabilities": [ +// { +// "cveID": "CVE-2021-27104", +// "vendorProject": "Accellion", +// "product": "FTA", +// "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability", +// "dateAdded": "2021-11-03", +// "shortDescription": "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.", +// "requiredAction": "Apply updates per vendor instructions.", +// "dueDate": "2021-11-17" +// }, + +func TestCatalogUnmarshal(t *testing.T) { + data, err := getCatalogTestData("testdata/catalog-test-data.json.gz") + if err != nil { + t.Error(err) + return + } + + tests := []struct { + path string + exp Catalog + } {{ + path: "testdata/cisa-kevc-20220313-tiny.json.gz", + exp: Catalog { + Title: "CISA Catalog of Known Exploited Vulnerabilities", + Version: "2022.03.07", + DateReleased: data.Times["2022-03-07T12:45:26.2626Z"], + Count: 489, + Vulnerabilities: []Vulnerability { + Vulnerability { + CveId: data.CveIds["CVE-2021-27104"], + VendorProject: "Accellion", + Product: "FTA", + Name: "Accellion FTA OS Command Injection Vulnerability", + DateAdded: data.Dates["2021-11-03"], + ShortDescription: "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.", + RequiredAction: "Apply updates per vendor instructions.", + DueDate: data.Dates["2021-11-17"], + }, + + Vulnerability { + CveId: data.CveIds["CVE-2021-27102"], + VendorProject: "Accellion", + Product: "FTA", + Name: "Accellion FTA OS Command Injection Vulnerability", + DateAdded: data.Dates["2021-11-03"], + ShortDescription: "Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.", + RequiredAction: "Apply updates per vendor instructions.", + DueDate: data.Dates["2021-11-17"], + }, + + Vulnerability { + CveId: data.CveIds["CVE-2013-0625"], + VendorProject: "Adobe", + Product: "ColdFusion", + Name: "Adobe ColdFusion Authentication Bypass Vulnerability", + DateAdded: data.Dates["2022-03-07"], + ShortDescription: "Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.", + RequiredAction: "Apply updates per vendor instructions.", + DueDate: data.Dates["2022-09-07"], + }, + + Vulnerability { + CveId: data.CveIds["CVE-2009-3960"], + VendorProject: "Adobe ", + Product: "BlazeDS", + Name: "Adobe BlazeDS Information Disclosure Vulnerability", + DateAdded: data.Dates["2022-03-07"], + ShortDescription: "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability which allows for information disclosure.", + RequiredAction: "Apply updates per vendor instructions.", + DueDate: data.Dates["2022-09-07"], + }, + }, + }, + }} + + for _, test := range(tests) { + t.Run(test.path, func(t *testing.T) { + err := readTestCatalog(test.path, func(got Catalog) { + if !reflect.DeepEqual(got, test.exp) { + t.Errorf("got %v, exp %v", got, test.exp) + } + }) + + if err != nil { + t.Error(err) + return + } + }) + } +} diff --git a/cisa/testdata/catalog-test-data.json.gz b/cisa/testdata/catalog-test-data.json.gz new file mode 100644 index 0000000..b9b6754 Binary files /dev/null and b/cisa/testdata/catalog-test-data.json.gz differ diff --git a/cisa/testdata/cisa-kevc-20220313-tiny.json.gz b/cisa/testdata/cisa-kevc-20220313-tiny.json.gz new file mode 100644 index 0000000..25b3002 Binary files /dev/null and b/cisa/testdata/cisa-kevc-20220313-tiny.json.gz differ diff --git a/cisa/testdata/cisa-kevc-20220313.json.gz b/cisa/testdata/cisa-kevc-20220313.json.gz new file mode 100644 index 0000000..fed906f Binary files /dev/null and b/cisa/testdata/cisa-kevc-20220313.json.gz differ -- cgit v1.2.3