-
Notifications
You must be signed in to change notification settings - Fork 203
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix the cvss vector test Resolve merge conflicts Add exception for s.scoring_system when is not in SCORING_SYSTEMS Add a get serverity values test Resolve merge conflict Change the style of cvss_printer display Add a new filter to print cvss vectors Change the table heading to Vertical Add support for CVSS vectors display Signed-off-by: ziadhany <ziadhany2016@gmail.com>
- Loading branch information
Showing
6 changed files
with
216 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# | ||
# Copyright (c) nexB Inc. and others. All rights reserved. | ||
# VulnerableCode is a trademark of nexB Inc. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. | ||
# See https://github.com/nexB/vulnerablecode for support or download. | ||
# See https://aboutcode.org for more information about nexB OSS projects. | ||
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from django import template | ||
from django.utils.safestring import mark_safe | ||
|
||
register = template.Library() | ||
|
||
|
||
@register.filter(is_safe=True) | ||
def cvss_printer(selected_vector, vector_values): | ||
"""highlight the selected vector value and return a list of paragraphs""" | ||
p_list = [] | ||
selected_vector = selected_vector.lower() | ||
for vector_value in vector_values.split(","): | ||
if selected_vector == vector_value: | ||
p_list.append(f"<p class='has-text-black-bis mb-2'>{selected_vector}</p>") | ||
else: | ||
p_list.append(f"<p class='has-text-grey mb-2'>{vector_value}</p>") | ||
return mark_safe("".join(p_list)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
import pytest | ||
from cvss.exceptions import CVSS2MalformedError | ||
from cvss.exceptions import CVSS3MalformedError | ||
|
||
from vulnerabilities.severity_systems import CVSSV2 | ||
from vulnerabilities.severity_systems import CVSSV3 | ||
from vulnerabilities.templatetags.show_cvss import cvss_printer | ||
|
||
|
||
def test_get_cvss2_vector_values(): | ||
assert ( | ||
CVSSV2.get("AV:N/AC:L/Au:N/C:P/I:N/A:N ") | ||
== CVSSV2.get("AV:N/AC:L/Au:N/C:P/I:N/A:N") | ||
== { | ||
"accessComplexity": "LOW", | ||
"accessVector": "NETWORK", | ||
"authentication": "NONE", | ||
"availabilityImpact": "NONE", | ||
"availabilityRequirement": "NOT_DEFINED", | ||
"baseScore": 5.0, | ||
"collateralDamagePotential": "NOT_DEFINED", | ||
"confidentialityImpact": "PARTIAL", | ||
"confidentialityRequirement": "NOT_DEFINED", | ||
"environmentalScore": 0.0, | ||
"exploitability": "NOT_DEFINED", | ||
"integrityImpact": "NONE", | ||
"integrityRequirement": "NOT_DEFINED", | ||
"remediationLevel": "NOT_DEFINED", | ||
"reportConfidence": "NOT_DEFINED", | ||
"targetDistribution": "NOT_DEFINED", | ||
"temporalScore": 0.0, | ||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", | ||
"version": "2.0", | ||
} | ||
) | ||
|
||
with pytest.raises(CVSS2MalformedError): | ||
CVSSV2.get("") | ||
|
||
with pytest.raises(CVSS2MalformedError): | ||
CVSSV2.get("AV:N/AffgL/Au:N/C:P/I:N/A:N ") | ||
|
||
|
||
def test_get_cvss3_vector_values(): | ||
assert ( | ||
CVSSV3.get("CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H ") | ||
== CVSSV3.get("CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H") | ||
== { | ||
"attackComplexity": "LOW", | ||
"attackVector": "NETWORK", | ||
"availabilityImpact": "HIGH", | ||
"availabilityRequirement": "NOT_DEFINED", | ||
"baseScore": 9.1, | ||
"baseSeverity": "CRITICAL", | ||
"confidentialityImpact": "HIGH", | ||
"confidentialityRequirement": "NOT_DEFINED", | ||
"environmentalScore": 9.1, | ||
"environmentalSeverity": "CRITICAL", | ||
"exploitCodeMaturity": "NOT_DEFINED", | ||
"integrityImpact": "HIGH", | ||
"integrityRequirement": "NOT_DEFINED", | ||
"modifiedAttackComplexity": "LOW", | ||
"modifiedAttackVector": "NETWORK", | ||
"modifiedAvailabilityImpact": "HIGH", | ||
"modifiedConfidentialityImpact": "HIGH", | ||
"modifiedIntegrityImpact": "HIGH", | ||
"modifiedPrivilegesRequired": "HIGH", | ||
"modifiedScope": "CHANGED", | ||
"modifiedUserInteraction": "NONE", | ||
"privilegesRequired": "HIGH", | ||
"remediationLevel": "NOT_DEFINED", | ||
"reportConfidence": "NOT_DEFINED", | ||
"scope": "CHANGED", | ||
"temporalScore": 9.1, | ||
"temporalSeverity": "CRITICAL", | ||
"userInteraction": "NONE", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", | ||
"version": "3.1", | ||
} | ||
) | ||
|
||
with pytest.raises(CVSS3MalformedError): | ||
CVSSV3.get("CVSS:3.7/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ") | ||
|
||
with pytest.raises(CVSS3MalformedError): | ||
CVSSV3.get("") | ||
|
||
|
||
def test_blank_cvss_printer(): | ||
result = cvss_printer("", "") | ||
assert result == "<p class='has-text-black-bis mb-2'></p>" | ||
|
||
|
||
def test_cvss_printer(): | ||
result = cvss_printer("HIGH", "high,medium,low") | ||
assert result == ( | ||
"<p class='has-text-black-bis mb-2'>high</p>" | ||
"<p class='has-text-grey mb-2'>medium</p>" | ||
"<p class='has-text-grey mb-2'>low</p>" | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters