In [1]:
import commons


# this is a list of features which are used in the Unpatched Vulnerability Score
features = [
    'Info about vulnerabilities in open-source project'
]

class TestVector(commons.BaseTestVector):
        
    def __init__(self, alias = ''):
        super().__init__(features, alias)

    def vulnerabilities(self, value):
        return self.set('Info about vulnerabilities in open-source project', value)


test_vector_list = commons.TestVectorList(features)

In [2]:
# info about vulnerabilities

vuln_id_major = 123
vuln_id_minor = 1

# generates a unique vulnerability ID
def vuln_id():
    global vuln_id_major
    global vuln_id_minor
    id = 'VULN-{}-{}'.format(vuln_id_major, vuln_id_minor)
    vuln_id_major = vuln_id_major + 1
    vuln_id_minor = vuln_id_minor + 1
    return id

# creates a vulnerability with a unique ID and specified parameters
def vulnerability(description = '', cvss_version = 'v3', cvss = '', 
                  resolution = 'patched', introduced = '', fixed = ''):
    return {
        'id': vuln_id(),
        'description': description,
        'cvss': {
            'version': cvss_version.upper(),
            'value': cvss,
        },
        'introduced': introduced,
        'fixed': fixed,
        'resolution': resolution.upper(),
        'references': []
    }

def vulnerabilities(entries):
    result = { 'entries': [] }
    for entry in entries:
        result['entries'].append(entry)
    return result

no_vulnerabilities = vulnerabilities([])

all_vulnerabilities_fixed_very_fast = vulnerabilities([
    vulnerability(cvss = 9.0, introduced = '2019-01-01', fixed = '2019-01-03'),
    vulnerability(cvss = 7.0, introduced = '2018-11-28', fixed = '2018-12-02'),
    vulnerability(cvss = 3.0, introduced = '2017-07-04', fixed = '2017-07-08')
])

all_vulnerabilities_fixed_fast = vulnerabilities([
    vulnerability(cvss = 9.0, introduced = '2019-01-01', fixed = '2019-01-12'),
    vulnerability(cvss = 7.0, introduced = '2018-11-28', fixed = '2018-12-10'),
    vulnerability(cvss = 3.0, introduced = '2017-07-04', fixed = '2017-07-10')
])

all_vulnerabilities_fixed_slow = vulnerabilities([
    vulnerability(cvss = 9.0, introduced = '2019-01-01', fixed = '2019-05-02'),
    vulnerability(cvss = 7.0, introduced = '2018-11-28', fixed = '2018-12-31'),
    vulnerability(cvss = 3.0, introduced = '2017-02-04', fixed = '2017-05-28')
])

one_minor_unpatched_vulnerability = vulnerabilities([
    vulnerability(cvss = 1.0, resolution = 'unpatched')
])

one_major_unpatched_vulnerability = vulnerabilities([
    vulnerability(cvss = 5.0, resolution = 'unpatched')
])

one_critical_unpatched_vulnerability = vulnerabilities([
    vulnerability(cvss = 9.5, resolution = 'unpatched')
])

two_minor_unpatched_vulnerabilities = vulnerabilities([
    vulnerability(cvss = 1.0, resolution = 'unpatched'),
    vulnerability(cvss = 2.0, resolution = 'unpatched')
])

two_major_unpatched_vulnerabilities = vulnerabilities([
    vulnerability(cvss = 5.0, resolution = 'unpatched'),
    vulnerability(cvss = 6.0, resolution = 'unpatched')
])

two_critical_unpatched_vulnerabilities = vulnerabilities([
    vulnerability(cvss = 9.0, resolution = 'unpatched'),
    vulnerability(cvss = 10.0, resolution = 'unpatched')
])

In [3]:
test_vector_list.register(
    TestVector()
        .vulnerabilities('unknown')
        .score_from(0.0)
        .score_to(1.0)
)

test_vector_list.register(
    TestVector()
        .vulnerabilities(no_vulnerabilities)
        .score_from(8.0)
        .score_to(10.0)
)

test_vector_list.register(
    TestVector()
        .vulnerabilities(all_vulnerabilities_fixed_very_fast)
        .score_from(8.0)
        .score_to(10.0)
)

test_vector_list.register(
    TestVector()
        .vulnerabilities(all_vulnerabilities_fixed_fast)
        .score_from(7.0)
        .score_to(10.0)
)

# TODO: should it be less than 10?
test_vector_list.register(
    TestVector()
        .vulnerabilities(all_vulnerabilities_fixed_slow)
        .score_from(7.0)
        .score_to(10.0)
)

# TODO: should it be less than 9?
test_vector_list.register(
    TestVector()
        .vulnerabilities(one_minor_unpatched_vulnerability)
        .score_from(5.0)
        .score_to(9.0)
)

# TODO: should it be less than 8?
test_vector_list.register(
    TestVector()
        .vulnerabilities(one_major_unpatched_vulnerability)
        .score_from(4.0)
        .score_to(8.0)
)

test_vector_list.register(
    TestVector()
        .vulnerabilities(one_critical_unpatched_vulnerability)
        .score_from(0.0)
        .score_to(2.0)
)

# TODO: should it be less than 8?
test_vector_list.register(
    TestVector()
        .vulnerabilities(two_minor_unpatched_vulnerabilities)
        .score_from(4.0)
        .score_to(8.0)
)

# TODO: should it be less than 6?
test_vector_list.register(
    TestVector()
        .vulnerabilities(two_major_unpatched_vulnerabilities)
        .score_from(3.0)
        .score_to(6.0)
)

test_vector_list.register(
    TestVector()
        .vulnerabilities(two_critical_unpatched_vulnerabilities)
        .score_from(0.0)
        .score_to(1.0)
)

registered: test_vector_0
registered: test_vector_1
registered: test_vector_2
registered: test_vector_3
registered: test_vector_4
registered: test_vector_5
registered: test_vector_6
registered: test_vector_7
registered: test_vector_8
registered: test_vector_9
registered: test_vector_10


In [4]:
test_vector_list.check()

In [5]:
# define test vectors
test_vectors = test_vector_list.make_data_frame()

# store the test vectors to a CSV file
filename = '../../../resources/com/sap/sgs/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScoreTestVectors.csv'
test_vectors.to_csv(filename)

# print out the test vectors
test_vectors

Unnamed: 0,alias,score_from,score_to,label,Info about vulnerabilities in open-source project
0,test_vector_0,0.0,1.0,,unknown
1,test_vector_1,8.0,10.0,,{'entries': []}
2,test_vector_2,8.0,10.0,,"{'entries': [{'id': 'VULN-123-1', 'description..."
3,test_vector_3,7.0,10.0,,"{'entries': [{'id': 'VULN-126-4', 'description..."
4,test_vector_4,7.0,10.0,,"{'entries': [{'id': 'VULN-129-7', 'description..."
5,test_vector_5,5.0,9.0,,"{'entries': [{'id': 'VULN-132-10', 'descriptio..."
6,test_vector_6,4.0,8.0,,"{'entries': [{'id': 'VULN-133-11', 'descriptio..."
7,test_vector_7,0.0,2.0,,"{'entries': [{'id': 'VULN-134-12', 'descriptio..."
8,test_vector_8,4.0,8.0,,"{'entries': [{'id': 'VULN-135-13', 'descriptio..."
9,test_vector_9,3.0,6.0,,"{'entries': [{'id': 'VULN-137-15', 'descriptio..."
