Skip to content

Commit

Permalink
feat: add support for VEX (Fixes intel#1570)
Browse files Browse the repository at this point in the history
  • Loading branch information
@anthonyharrison
anthonyharrison committed Mar 1, 2022
1 parent 672fde0 commit d26fe7a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 41 deletions.
7 changes: 4 additions & 3 deletions test/test_input_engine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@

import os
import re
from collections import defaultdict

import pytest
from collections import defaultdict

from cve_bin_tool.error_handler import ErrorMode
from cve_bin_tool.input_engine import (
InputEngine,
Expand Down Expand Up @@ -145,9 +146,9 @@ def test_valid_file(self, filepath, parsed_data):
"filepath, parsed_data",
(
(os.path.join(VEX_PATH, "test_triage.vex"), VEX_TRIAGE_DATA),
(os.path.join(VEX_PATH, "bad.vex"), defaultdict(dict)),
(os.path.join(VEX_PATH, "bad.vex"), defaultdict(dict)),
),
)
def test_vex_file(self, filepath, parsed_data):
input_engine = InputEngine(filepath, error_mode=ErrorMode.FullTrace)
assert dict(input_engine.parse_input()) == parsed_data
assert dict(input_engine.parse_input()) == parsed_data
60 changes: 22 additions & 38 deletions test/test_output_engine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,18 +448,18 @@ class TestOutputEngine(unittest.TestCase):
"id": "CVE-1234-1234",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234"
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234",
},
"ratings": [
{
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=C:H&version=2.0"
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=C:H&version=2.0",
},
"score": "4.2",
"severity": "MEDIUM",
"method": "CVSSv2",
"vector": "C:H"
"vector": "C:H",
}
],
"cwes": [],
Expand All @@ -473,30 +473,26 @@ class TestOutputEngine(unittest.TestCase):
"state": "under_review",
"response": "Outstanding",
"justification": "",
"detail": ""
"detail": "",
},
"affects": [
{
"ref": "urn:cdx:NOTKNOWN/1#product0-1.0"
}
]
"affects": [{"ref": "urn:cdx:NOTKNOWN/1#product0-1.0"}],
},
{
"id": "CVE-1234-1234",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234"
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234",
},
"ratings": [
{
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=CVSS2.0/C:H&version=2.0"
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=CVSS2.0/C:H&version=2.0",
},
"score": "1.2",
"severity": "LOW",
"method": "CVSSv2",
"vector": "CVSS2.0/C:H"
"vector": "CVSS2.0/C:H",
}
],
"cwes": [],
Expand All @@ -510,30 +506,26 @@ class TestOutputEngine(unittest.TestCase):
"state": "under_review",
"response": "Outstanding",
"justification": "",
"detail": ""
"detail": "",
},
"affects": [
{
"ref": "urn:cdx:NOTKNOWN/1#product0-1.0"
}
]
"affects": [{"ref": "urn:cdx:NOTKNOWN/1#product0-1.0"}],
},
{
"id": "CVE-1234-1234",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234"
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234",
},
"ratings": [
{
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-1234-1234&vector=CVSS3.0/C:H/I:L/A:M&version=3.1"
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-1234-1234&vector=CVSS3.0/C:H/I:L/A:M&version=3.1",
},
"score": "2.5",
"severity": "LOW",
"method": "CVSSv3",
"vector": "CVSS3.0/C:H/I:L/A:M"
"vector": "CVSS3.0/C:H/I:L/A:M",
}
],
"cwes": [],
Expand All @@ -547,30 +539,26 @@ class TestOutputEngine(unittest.TestCase):
"state": "under_review",
"response": "Outstanding",
"justification": "",
"detail": ""
"detail": "",
},
"affects": [
{
"ref": "urn:cdx:NOTKNOWN/1#product0-2.8.6"
}
]
"affects": [{"ref": "urn:cdx:NOTKNOWN/1#product0-2.8.6"}],
},
{
"id": "CVE-1234-1234",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234"
"url": "https://nvd.nist.gov/vuln/detail/CVE-1234-1234",
},
"ratings": [
{
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=C:H/I:L/A:M&version=2.0"
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-1234-1234&vector=C:H/I:L/A:M&version=2.0",
},
"score": "7.5",
"severity": "HIGH",
"method": "CVSSv2",
"vector": "C:H/I:L/A:M"
"vector": "C:H/I:L/A:M",
}
],
"cwes": [],
Expand All @@ -584,15 +572,11 @@ class TestOutputEngine(unittest.TestCase):
"state": "under_review",
"response": "Outstanding",
"justification": "",
"detail": ""
"detail": "",
},
"affects": [
{
"ref": "urn:cdx:NOTKNOWN/1#product1-3.2.1.0"
}
]
}
]
"affects": [{"ref": "urn:cdx:NOTKNOWN/1#product1-3.2.1.0"}],
},
],
}
]

Expand Down

0 comments on commit d26fe7a

Please sign in to comment.