package cisa import ( "compress/gzip" "encoding/json" "github.com/pablotron/cvez/feed" "github.com/pablotron/cvez/rfc3339" "os" "reflect" "testing" "time" ) // catalog test data type catalogTestData struct { CveIds map[string]feed.CveId `json:"cves"` Dates map[string]rfc3339.Date `json:"dates"` Times map[string]time.Time `json:"times"` } func getCatalogTestData(path string) (catalogTestData, error) { var r catalogTestData // open file f, err := os.Open(path) if err != nil { return r, err } defer f.Close() // open reader gz, err := gzip.NewReader(f) if err != nil { return r, err } defer gz.Close() // create decoder d := json.NewDecoder(gz) // unmarshal json, return result return r, d.Decode(&r) } // read gzipped JSON CISA KEV catalog. func readTestCatalog(path string, fn func(Catalog)) error { // open file f, err := os.Open(path) if err != nil { return err } defer f.Close() // create gzip reader r, err := gzip.NewReader(f) if err != nil { return err } defer r.Close() // create decoder d := json.NewDecoder(r) // unmarshal catalog var c Catalog if err = d.Decode(&c); err != nil { return err } // invoke callback, return result fn(c) // return success return nil } // "title": "CISA Catalog of Known Exploited Vulnerabilities", // "catalogVersion": "2022.03.07", // "dateReleased": "2022-03-07T12:45:26.2626Z", // "count": 489, // "vulnerabilities": [ // { // "cveID": "CVE-2021-27104", // "vendorProject": "Accellion", // "product": "FTA", // "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability", // "dateAdded": "2021-11-03", // "shortDescription": "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.", // "requiredAction": "Apply updates per vendor instructions.", // "dueDate": "2021-11-17" // }, func TestCatalogUnmarshal(t *testing.T) { data, err := getCatalogTestData("testdata/catalog-test-data.json.gz") if err != nil { t.Error(err) return } tests := []struct { path string exp Catalog } {{ path: "testdata/cisa-kevc-20220313-tiny.json.gz", exp: Catalog { Title: "CISA Catalog of Known Exploited Vulnerabilities", Version: "2022.03.07", DateReleased: data.Times["2022-03-07T12:45:26.2626Z"], Count: 489, Vulnerabilities: []Vulnerability { Vulnerability { CveId: data.CveIds["CVE-2021-27104"], VendorProject: "Accellion", Product: "FTA", Name: "Accellion FTA OS Command Injection Vulnerability", DateAdded: data.Dates["2021-11-03"], ShortDescription: "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.", RequiredAction: "Apply updates per vendor instructions.", DueDate: data.Dates["2021-11-17"], }, Vulnerability { CveId: data.CveIds["CVE-2021-27102"], VendorProject: "Accellion", Product: "FTA", Name: "Accellion FTA OS Command Injection Vulnerability", DateAdded: data.Dates["2021-11-03"], ShortDescription: "Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.", RequiredAction: "Apply updates per vendor instructions.", DueDate: data.Dates["2021-11-17"], }, Vulnerability { CveId: data.CveIds["CVE-2013-0625"], VendorProject: "Adobe", Product: "ColdFusion", Name: "Adobe ColdFusion Authentication Bypass Vulnerability", DateAdded: data.Dates["2022-03-07"], ShortDescription: "Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.", RequiredAction: "Apply updates per vendor instructions.", DueDate: data.Dates["2022-09-07"], }, Vulnerability { CveId: data.CveIds["CVE-2009-3960"], VendorProject: "Adobe ", Product: "BlazeDS", Name: "Adobe BlazeDS Information Disclosure Vulnerability", DateAdded: data.Dates["2022-03-07"], ShortDescription: "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability which allows for information disclosure.", RequiredAction: "Apply updates per vendor instructions.", DueDate: data.Dates["2022-09-07"], }, }, }, }} for _, test := range(tests) { t.Run(test.path, func(t *testing.T) { err := readTestCatalog(test.path, func(got Catalog) { if !reflect.DeepEqual(got, test.exp) { t.Errorf("got %v, exp %v", got, test.exp) } }) if err != nil { t.Error(err) return } }) } }