test_plugin_utils.py

import sys
from pathlib import Path

from simplesecurity import level, plugins

THISDIR = str(Path(__file__).resolve().parent)

evidence = f"{THISDIR}/data/evidence.txt"
evidenceBig = f"{THISDIR}/data/evidence_big.txt"


def test_doSysExec_ls():
	ls = "ls"
	if "win" in sys.platform.lower():
		ls = "dir"
	assert plugins._doSysExec(f"{ls} {THISDIR}")[0] == 0


def test_doSysExec_commandnotexists():
	assert plugins._doSysExec("commandnotexists")[0] != 0


def test_extractEvidence_1line():
	compare = [
		{"content": "Lorem", "line": 1, "selected": True},
		{"content": "ipsum", "line": 2, "selected": False},
		{"content": "dolor", "line": 3, "selected": False},
	]
	assert plugins.extractEvidence(1, evidence) == compare


def test_extractEvidence_5line():
	compare = [
		{"content": "Lorem", "line": 1, "selected": False},
		{"content": "ipsum", "line": 2, "selected": False},
		{"content": "dolor", "line": 3, "selected": True},
		{"content": "sit", "line": 4, "selected": False},
		{"content": "amet,", "line": 5, "selected": False},
	]
	assert plugins.extractEvidence(3, evidence) == compare


def test_extractEvidence_line_notinfile_lower():
	compare = [
		{"content": "Lorem", "line": 1, "selected": False},
		{"content": "ipsum", "line": 2, "selected": False},
	]
	assert plugins.extractEvidence(0, evidence) == compare


def test_extractEvidence_line_notinfile_upper():
	compare = [
		{"content": "Nulla", "line": 18, "selected": False},
		{"content": "ut", "line": 19, "selected": False},
		{"content": "lectus.", "line": 20, "selected": True},
	]
	assert plugins.extractEvidence(20, evidence) == compare


def test__doSafetyProcessing():
	safety = {
		"vulnerabilities": [
			{
				"vulnerability_id": "44742",
				"package_name": "django",
				"ignored": False,
				"ignored_reason": None,
				"ignored_expires": None,
				"vulnerable_spec": ">=4.0a1,<4.0.2",
				"all_vulnerable_specs": [">=4.0a1,<4.0.2"],
				"analyzed_version": "4.0.1",
				"analyzed_requirement": {
					"raw": "django==4.0.1",
					"extras": [],
					"marker": None,
					"name": "django",
					"specifier": "==4.0.1",
					"url": None,
					"found": None,
				},
				"advisory": "The {% debug %} template tag in Django",
				"is_transitive": False,
				"published_date": "2022-Feb-03",
				"fixed_versions": ["2.2.27", "3.2.12", "4.0.2"],
				"closest_versions_without_known_vulnerabilities": [],
				"resources": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"],
				"CVE": "CVE-2022-22818",
				"severity": {
					"source": "CVE-2022-22818",
					"cvssv2": {
						"base_score": 4.3,
						"impact_score": 2.9,
						"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
					},
					"cvssv3": {
						"base_score": 6.1,
						"impact_score": 2.7,
						"base_severity": "MEDIUM",
						"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
					},
				},
				"affected_versions": [
					"4.0.1",
				],
				"more_info_url": "https://pyup.io/vulnerabilities/CVE-2022-22818/44742/",
			},
		],
	}
	findings = [
		{
			"id": "44742",
			"title": "44742: django",
			"description": (
				"Vulnerability found in package django,"
				"version(s)=4.0.1. The {% debug %} template tag in Django. More info available at https://pyup.io/vulnerabilities/CVE-2022-22818/44742/"
			),
			"file": "Project Requirements",
			"evidence": [
				{
					"selected": True,
					"line": 0,
					"content": "django, version(s)=4.0.1",
				}
			],
			"severity": level.Level.MED,
			"confidence": level.Level.HIGH,
			"line": "Unknown",
			"_other": {"id": "44742", "affectedVersions": "4.0.1"},
		}
	]
	assert plugins._doSafetyProcessing(safety) == findings