mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
812d3c85de
- Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value.
87 lines
2.0 KiB
Go
87 lines
2.0 KiB
Go
package nvd
|
|
|
|
import (
|
|
"context"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/fleetdm/fleet/v4/pkg/fleethttp"
|
|
"github.com/fleetdm/fleet/v4/pkg/nettest"
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
"github.com/fleetdm/fleet/v4/server/mock"
|
|
"github.com/go-kit/kit/log"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/tj/assert"
|
|
)
|
|
|
|
func TestDownloadEPSSFeed(t *testing.T) {
|
|
nettest.Run(t)
|
|
|
|
client := fleethttp.NewClient()
|
|
|
|
tempDir := t.TempDir()
|
|
|
|
err := DownloadEPSSFeed(tempDir, client)
|
|
require.NoError(t, err)
|
|
|
|
assert.FileExists(t, filepath.Join(tempDir, strings.TrimSuffix(epssFilename, ".gz")))
|
|
}
|
|
|
|
func TestDownloadCISAKnownExploitsFeed(t *testing.T) {
|
|
nettest.Run(t)
|
|
|
|
client := fleethttp.NewClient()
|
|
|
|
tempDir := t.TempDir()
|
|
|
|
err := DownloadCISAKnownExploitsFeed(tempDir, client)
|
|
require.NoError(t, err)
|
|
|
|
assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))
|
|
}
|
|
|
|
func TestLoadCVEMeta(t *testing.T) {
|
|
ds := new(mock.Store)
|
|
|
|
var cveMeta []fleet.CVEMeta
|
|
ds.InsertCVEMetaFunc = func(ctx context.Context, x []fleet.CVEMeta) error {
|
|
cveMeta = x
|
|
return nil
|
|
}
|
|
|
|
logger := log.NewNopLogger()
|
|
err := LoadCVEMeta(logger, "testdata", ds)
|
|
require.NoError(t, err)
|
|
require.True(t, ds.InsertCVEMetaFuncInvoked)
|
|
|
|
// check some cves to make sure they got loaded correctly
|
|
metaMap := make(map[string]fleet.CVEMeta)
|
|
for _, meta := range cveMeta {
|
|
metaMap[meta.CVE] = meta
|
|
}
|
|
|
|
meta := metaMap["CVE-2022-29676"]
|
|
require.Equal(t, float64(7.2), *meta.CVSSScore)
|
|
require.Equal(t, float64(0.00885), *meta.EPSSProbability)
|
|
require.Equal(t, false, *meta.CISAKnownExploit)
|
|
|
|
meta = metaMap["CVE-2022-22587"]
|
|
require.Equal(t, (*float64)(nil), meta.CVSSScore)
|
|
require.Equal(t, float64(0.01843), *meta.EPSSProbability)
|
|
require.Equal(t, true, *meta.CISAKnownExploit)
|
|
}
|
|
|
|
func TestDownloadCPETranslations(t *testing.T) {
|
|
nettest.Run(t)
|
|
|
|
client := fleethttp.NewClient()
|
|
|
|
tempDir := t.TempDir()
|
|
|
|
err := DownloadCPETranslations(tempDir, client, "")
|
|
require.NoError(t, err)
|
|
|
|
assert.FileExists(t, filepath.Join(tempDir, cpeTranslationsFilename))
|
|
}
|