Update upstream source from tag 'upstream/0.10.0'
Update to upstream version '0.10.0'
with Debian dir 82ebdb492460ebdff7d0674241ae858aa04bb99b
Sophie Brun
4 years ago
8 | 8 | module ClassMethods |
9 | 9 | # @return [ Array<Symbol> ] |
10 | 10 | def references_keys |
11 | @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus] | |
11 | @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube] | |
12 | 12 | end |
13 | 13 | end |
14 | 14 | |
17 | 17 | @references = {} |
18 | 18 | |
19 | 19 | self.class.references_keys.each do |key| |
20 | @references[key] = [*refs[key]].map(&:to_s) if refs.key?(key) | |
20 | next unless refs.key?(key) | |
21 | ||
22 | @references[key] = if key == :youtube | |
23 | [*refs[:youtube]].map { |id| youtube_url(id) } | |
24 | else | |
25 | [*refs[key]].map(&:to_s) | |
26 | end | |
21 | 27 | end |
22 | 28 | end |
23 | 29 | |
29 | 35 | # @return [ Array<String> ] All the references URLs |
30 | 36 | def references_urls |
31 | 37 | cve_urls + exploitdb_urls + urls + msf_urls + |
32 | packetstorm_urls + securityfocus_urls | |
38 | packetstorm_urls + securityfocus_urls + youtube_urls | |
33 | 39 | end |
34 | 40 | |
35 | 41 | # @return [ Array<String> ] The CVEs |
111 | 117 | def securityfocus_url(id) |
112 | 118 | "https://www.securityfocus.com/bid/#{id}/" |
113 | 119 | end |
120 | ||
121 | # @return [ Array<String> ] | |
122 | def youtube_urls | |
123 | references[:youtube] || [] | |
124 | end | |
125 | ||
126 | # @return [ String ] | |
127 | def youtube_url(id) | |
128 | "https://www.youtube.com/watch?v=#{id}" | |
129 | end | |
114 | 130 | end |
115 | 131 | end |
4 | 4 | class Vulnerability |
5 | 5 | include References |
6 | 6 | |
7 | attr_reader :title, :type, :fixed_in | |
7 | attr_reader :title, :type, :fixed_in, :cvss | |
8 | 8 | |
9 | 9 | # @param [ String ] title |
10 | 10 | # @param [ Hash ] references |
11 | # @option references [ Array<String>, String ] cve | |
12 | # @option references [ Array<String>, String ] secunia | |
13 | # @option references [ Array<String>, String ] osvdb | |
14 | # @option references [ Array<String>, String ] exploitdb | |
15 | # @option references [ Array<String> ] url URL(s) to related advisories etc | |
16 | # @option references [ Array<String>, String ] metasploit The related metasploit module(s) | |
11 | # @option references [ Array<String>, String ] :cve | |
12 | # @option references [ Array<String>, String ] :secunia | |
13 | # @option references [ Array<String>, String ] :osvdb | |
14 | # @option references [ Array<String>, String ] :exploitdb | |
15 | # @option references [ Array<String> ] :url URL(s) to related advisories etc | |
16 | # @option references [ Array<String>, String ] :metasploit The related metasploit module(s) | |
17 | # @option references [ Array<String> ] :youtube | |
17 | 18 | # @param [ String ] type |
18 | 19 | # @param [ String ] fixed_in |
19 | def initialize(title, references = {}, type = nil, fixed_in = nil) | |
20 | # @param [ HashSymbol ] cvss | |
21 | # @option cvss [ String ] :score | |
22 | # @option cvss [ String ] :vector | |
23 | def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil) | |
20 | 24 | @title = title |
21 | 25 | @type = type |
22 | 26 | @fixed_in = fixed_in |
27 | @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss | |
23 | 28 | |
24 | 29 | self.references = references |
25 | 30 | end |
31 | 36 | title == other.title && |
32 | 37 | type == other.type && |
33 | 38 | references == other.references && |
34 | fixed_in == other.fixed_in | |
39 | fixed_in == other.fixed_in && | |
40 | cvss == other.cvss | |
35 | 41 | end |
36 | 42 | end |
37 | 43 | end |
0 | 0 | # frozen_string_literal: true |
1 | 1 | |
2 | 2 | describe CMSScanner::Vulnerability do |
3 | subject(:vuln) { described_class.new(title, references) } | |
3 | subject(:vuln) { described_class.new(title, references: references, cvss: cvss) } | |
4 | 4 | let(:title) { 'Test Vuln' } |
5 | 5 | let(:references) { {} } |
6 | let(:cvss) { nil } | |
6 | 7 | |
7 | 8 | it_behaves_like CMSScanner::References |
8 | 9 | |
11 | 12 | its(:references) { should eql({}) } |
12 | 13 | its(:type) { should eql nil } |
13 | 14 | its(:fixed_in) { should eql nil } |
15 | its(:cvss) { should eql nil } | |
16 | ||
17 | context 'when CVSS' do | |
18 | let(:cvss) { { score: '5.4', vector: 'spec', y: 'key should not be added' } } | |
19 | ||
20 | its(:cvss) { should eql({ score: '5.4', vector: 'spec' }) } | |
21 | end | |
14 | 22 | end |
15 | 23 | |
16 | 24 | describe '#==' do |
17 | context 'when te same vuln' do | |
25 | context 'when the same vuln' do | |
26 | let(:cvss) { { score: '5.4', vector: 'spec' } } | |
27 | ||
18 | 28 | it 'returns true' do |
19 | 29 | expect(vuln).to eq vuln.dup |
20 | 30 | end |
3 | 3 | describe '#references_keys' do |
4 | 4 | it 'returns the expected array of symbols' do |
5 | 5 | expect(subject.class.references_keys) |
6 | .to eql %i[cve exploitdb url metasploit packetstorm securityfocus] | |
6 | .to eql %i[cve exploitdb url metasploit packetstorm securityfocus youtube] | |
7 | 7 | end |
8 | 8 | end |
9 | 9 | |
10 | 10 | describe 'references' do |
11 | 11 | context 'when no references' do |
12 | %i[cves exploitdb_ids urls msf_modules packetstorm_ids securityfocus_ids].each do |attribute| | |
12 | %i[cves exploitdb_ids urls msf_modules packetstorm_ids securityfocus_ids youtube_urls].each do |attribute| | |
13 | 13 | its(attribute) { should eql([]) } |
14 | 14 | end |
15 | 15 | |
16 | %i[cve_urls exploitdb_urls msf_urls packetstorm_urls securityfocus_urls].each do |attribute| | |
16 | %i[cve_urls exploitdb_urls msf_urls packetstorm_urls securityfocus_urls youtube_urls].each do |attribute| | |
17 | 17 | its(attribute) { should eql([]) } |
18 | 18 | end |
19 | 19 | |
36 | 36 | url: 'single-url', |
37 | 37 | metasploit: '/exploit/yolo', |
38 | 38 | packetstorm: 15, |
39 | securityfocus: 16 | |
39 | securityfocus: 16, | |
40 | youtube: 'xAAAA' | |
40 | 41 | } |
41 | 42 | end |
42 | 43 | |
57 | 58 | its(:securityfocus_ids) { should eq %w[16] } |
58 | 59 | its(:securityfocus_urls) { should eql %w[https://www.securityfocus.com/bid/16/] } |
59 | 60 | |
61 | its(:youtube_urls) { should eql %w[https://www.youtube.com/watch?v=xAAAA] } | |
62 | ||
60 | 63 | its(:references_urls) do |
61 | 64 | should eql [ |
62 | 65 | 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11', |
64 | 67 | 'single-url', |
65 | 68 | 'https://www.rapid7.com/db/modules/exploit/yolo', |
66 | 69 | 'https://packetstormsecurity.com/files/15/', |
67 | 'https://www.securityfocus.com/bid/16/' | |
70 | 'https://www.securityfocus.com/bid/16/', | |
71 | 'https://www.youtube.com/watch?v=xAAAA' | |
68 | 72 | ] |
69 | 73 | end |
70 | 74 | end |
79 | 83 | url: %w[single-url another-url], |
80 | 84 | metasploit: %w[/exploit/yolo exploit/aa], |
81 | 85 | packetstorm: [50, 51], |
82 | securityfocus: [60, 61] | |
86 | securityfocus: [60, 61], | |
87 | youtube: %w[xBBBB] | |
83 | 88 | } |
84 | 89 | end |
85 | 90 | |
115 | 120 | https://www.securityfocus.com/bid/61/] |
116 | 121 | end |
117 | 122 | |
123 | its(:youtube_urls) { should eql %w[https://www.youtube.com/watch?v=xBBBB] } | |
124 | ||
118 | 125 | its(:references_urls) do |
119 | 126 | should eql [ |
120 | 127 | 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-10', |
128 | 135 | 'https://packetstormsecurity.com/files/50/', |
129 | 136 | 'https://packetstormsecurity.com/files/51/', |
130 | 137 | 'https://www.securityfocus.com/bid/60/', |
131 | 'https://www.securityfocus.com/bid/61/' | |
138 | 'https://www.securityfocus.com/bid/61/', | |
139 | 'https://www.youtube.com/watch?v=xBBBB' | |
132 | 140 | ] |
133 | 141 | end |
134 | 142 | end |