mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
4194c44131
#14888 @getvictor This is ready for review, but keeping as draft as there are probably many tests that need amending. I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to compare the current vulnerabilities found in our dogfood environment with the vulnerabilities found by the code in this PR and both results match: ``` go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt [...] CVEs found and expected matched! ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com> Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
61 lines
1.6 KiB
Go
61 lines
1.6 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path"
|
|
"testing"
|
|
|
|
"github.com/fleetdm/fleet/v4/pkg/nettest"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestVulnerabilityDataStream(t *testing.T) {
|
|
nettest.Run(t)
|
|
|
|
runAppCheckErr(t, []string{"vulnerability-data-stream"}, "No directory provided")
|
|
|
|
vulnPath := t.TempDir()
|
|
expectedOutput := `[-] Downloading CPE database... Done
|
|
[-] Downloading CPE translations... Done
|
|
[-] Downloading NVD CVE feed... Done
|
|
[-] Downloading EPSS feed... Done
|
|
[-] Downloading CISA known exploits feed... Done
|
|
[-] Downloading Oval definitions... Done
|
|
[-] Downloading MSRC artifacts... Done
|
|
[-] Downloading MacOffice release notes... Done
|
|
[+] Data streams successfully downloaded!
|
|
`
|
|
|
|
// Set start and end indexes otherwise a full sync using the NVD API 2.0 takes a long time (>15m).
|
|
os.Setenv("NETWORK_TEST_NVD_CVE_START_IDX", "220000")
|
|
os.Setenv("NETWORK_TEST_NVD_CVE_END_IDX", "226000")
|
|
|
|
var actualOutput string
|
|
err := nettest.RunWithNetRetry(t, func() error {
|
|
w, err := runAppNoChecks([]string{"vulnerability-data-stream", "--dir", vulnPath})
|
|
actualOutput = w.String()
|
|
return err
|
|
})
|
|
require.NoError(t, err)
|
|
assert.Equal(t, expectedOutput, actualOutput)
|
|
|
|
assert.FileExists(t, path.Join(vulnPath, "cpe.sqlite"))
|
|
|
|
files := []string{
|
|
"cpe.sqlite",
|
|
"epss_scores-current.csv",
|
|
"known_exploited_vulnerabilities.json",
|
|
}
|
|
for y := 2008; y <= 2023; y++ {
|
|
files = append(
|
|
files,
|
|
fmt.Sprintf("nvdcve-1.1-%d.json", y),
|
|
)
|
|
}
|
|
for _, file := range files {
|
|
assert.FileExists(t, path.Join(vulnPath, file))
|
|
}
|
|
}
|