2017-04-25 00:29:56 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
import pytest
|
|
|
|
import pytz
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
import stix2
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
from .constants import VULNERABILITY_ID
|
|
|
|
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
EXPECTED = """{
|
2017-08-15 19:41:51 +02:00
|
|
|
"type": "vulnerability",
|
|
|
|
"id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
2017-06-23 00:47:35 +02:00
|
|
|
"created": "2016-05-12T08:17:27.000Z",
|
2017-08-15 19:41:51 +02:00
|
|
|
"modified": "2016-05-12T08:17:27.000Z",
|
|
|
|
"name": "CVE-2016-1234",
|
2017-02-24 18:56:55 +01:00
|
|
|
"external_references": [
|
|
|
|
{
|
2017-08-15 19:41:51 +02:00
|
|
|
"source_name": "cve",
|
|
|
|
"external_id": "CVE-2016-1234"
|
2017-02-24 18:56:55 +01:00
|
|
|
}
|
2017-08-15 19:41:51 +02:00
|
|
|
]
|
2017-02-24 18:56:55 +01:00
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_vulnerability_example():
|
|
|
|
vulnerability = stix2.Vulnerability(
|
|
|
|
id="vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
2017-06-23 00:47:35 +02:00
|
|
|
created="2016-05-12T08:17:27.000Z",
|
|
|
|
modified="2016-05-12T08:17:27.000Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
name="CVE-2016-1234",
|
|
|
|
external_references=[
|
|
|
|
stix2.ExternalReference(source_name='cve',
|
|
|
|
external_id="CVE-2016-1234"),
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(vulnerability) == EXPECTED
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
|
|
|
|
@pytest.mark.parametrize("data", [
|
|
|
|
EXPECTED,
|
|
|
|
{
|
|
|
|
"created": "2016-05-12T08:17:27Z",
|
|
|
|
"external_references": [
|
|
|
|
{
|
|
|
|
"external_id": "CVE-2016-1234",
|
|
|
|
"source_name": "cve"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
|
|
|
"modified": "2016-05-12T08:17:27Z",
|
|
|
|
"name": "CVE-2016-1234",
|
|
|
|
"type": "vulnerability"
|
|
|
|
},
|
|
|
|
])
|
|
|
|
def test_parse_vulnerability(data):
|
|
|
|
vuln = stix2.parse(data)
|
|
|
|
|
|
|
|
assert vuln.type == 'vulnerability'
|
|
|
|
assert vuln.id == VULNERABILITY_ID
|
|
|
|
assert vuln.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert vuln.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert vuln.name == "CVE-2016-1234"
|
|
|
|
assert vuln.external_references[0].external_id == "CVE-2016-1234"
|
|
|
|
assert vuln.external_references[0].source_name == "cve"
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
# TODO: Add other examples
|