Skip to content

Commit 571cf6f

Browse files
committed
test: add coverage for vulnerability severity scores
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
1 parent 79cd8f4 commit 571cf6f

3 files changed

Lines changed: 31 additions & 11 deletions

File tree

vulnerabilities/tests/test_data/postgresql/parse-advisory-postgresql-expected.json

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,7 @@
6363
{
6464
"system": "cvssv3",
6565
"value": "6.7",
66-
"scoring_elements": [
67-
"AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
68-
]
66+
"scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
6967
}
7068
]
7169
},
@@ -144,9 +142,7 @@
144142
{
145143
"system": "cvssv3",
146144
"value": "3.1",
147-
"scoring_elements": [
148-
"AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
149-
]
145+
"scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
150146
}
151147
]
152148
},

vulnerabilities/tests/test_importer.py

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
from vulnerabilities.importer import PackageCommitPatchData
1414
from vulnerabilities.importer import PatchData
1515
from vulnerabilities.importer import ReferenceV2
16+
from vulnerabilities.importer import VulnerabilitySeverity
1617
from vulnerabilities.pipes.advisory import classify_patch_source
1718

1819

@@ -201,3 +202,26 @@ def test_classify_patch_source_integration(url, commit_hash, patch_text, results
201202
assert actual_data_obj.reference_id == expected_data_obj.reference_id
202203
assert actual_data_obj.reference_type == expected_data_obj.reference_type
203204
assert actual_data_obj.url == expected_data_obj.url
205+
206+
207+
def test_vulnerability_severity_cvss_validation():
208+
severity = VulnerabilitySeverity.from_dict(
209+
{
210+
"system": "cvssv3",
211+
"value": "7.5",
212+
"scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
213+
}
214+
)
215+
216+
assert severity.scoring_elements == "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
217+
218+
219+
def test_vulnerability_severity_cvss_validation_with_invalid_value():
220+
with pytest.raises(ValueError):
221+
VulnerabilitySeverity.from_dict(
222+
{
223+
"system": "cvssv3",
224+
"value": "7.5",
225+
"scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
226+
}
227+
)

vulnerabilities/tests/test_utils.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -186,15 +186,15 @@ def setUp(self):
186186
VulnerabilitySeverity.from_dict(
187187
{
188188
"system": "cvssv4",
189-
"value": "7.5",
190-
"scoring_elements": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
189+
"value": "7.6",
190+
"scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/MPR:N",
191191
}
192192
),
193193
VulnerabilitySeverity.from_dict(
194194
{
195195
"system": "cvssv3",
196-
"value": "6.5",
197-
"scoring_elements": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
196+
"value": "7.5",
197+
"scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
198198
}
199199
),
200200
],
@@ -250,7 +250,7 @@ def setUp(self):
250250

251251
def test_compute_content_id_v2(self):
252252
result = utils.compute_content_id_v2(self.advisory1)
253-
self.assertEqual(result, "5211f1e6c3d935759fb288d79a865eeacc06e3e0e352ab7f5b4cb0e76a43a955")
253+
self.assertEqual(result, "c302966268cd63444978df6a131f8d4f9e15544cdb18799dc844fb7b94089f02")
254254

255255
def test_content_id_from_adv_data_and_adv_model_are_same(self):
256256
id_from_data = utils.compute_content_id_v2(self.advisory1)

0 commit comments

Comments
 (0)