1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import unittest 5 6from stix.test import EntityTestCase, TypedListTestCase, assert_warnings 7from stix.test import data_marking_test 8from stix.test.common import information_source_test, related_test 9 10from stix.core import STIXPackage 11import stix.exploit_target as et 12from stix.exploit_target import weakness, vulnerability, configuration 13 14class CVSSVectorTests(EntityTestCase, unittest.TestCase): 15 klass = vulnerability.CVSSVector 16 17 _full_dict = { 18 'overall_score': "9.3", 19 'base_score': "8.3", 20 'base_vector': "(AV:N/AC:L/Au:N/C:N/I:N/A:P)", 21 'temporal_score': "7.7", 22 'temporal_vector': "(E:U/RL:T/RC:C)", 23 'environmental_score': "2.0", 24 'environmental_vector': "(CPD:ND/TD:ND)", 25 } 26 27 28class AffectedSoftwareTests(EntityTestCase, unittest.TestCase): 29 klass = vulnerability.AffectedSoftware 30 31 _full_dict = { 32 'scope': 'inclusive', 33 'affected_software': [ 34 related_test.RelatedObservableTests._full_dict 35 ] 36 } 37 38 39class VulnerabilityTests(EntityTestCase, unittest.TestCase): 40 klass = vulnerability.Vulnerability 41 42 _full_dict = { 43 'is_known': False, 44 'is_publicly_acknowledged': True, 45 'title': "CVE-2012-0158", 46 'description': "Vulnerability Description", 47 'short_description': "MSCOMCTL.OCX Memory Corruption", 48 'cvss_score': CVSSVectorTests._full_dict, 49 'discovered_datetime': { 50 'value': '2010-02-21T00:00:00', 51 'precision': 'day', 52 }, 53 'published_datetime': { 54 'value': '2010-03-01T00:00:00', 55 'precision': 'month', 56 }, 57 'affected_software': AffectedSoftwareTests._full_dict, 58 'references': ['foo','bar'] 59 } 60 61 62class VulnerabilitiesTests(TypedListTestCase, unittest.TestCase): 63 klass = vulnerability._Vulnerabilities 64 65 _full_dict = [ 66 VulnerabilityTests._full_dict 67 ] 68 69 70class PotentialCOAsTests(EntityTestCase, unittest.TestCase): 71 klass = et.PotentialCOAs 72 73 _full_dict = { 74 'scope': 'inclusive', 75 'coas': [ 76 related_test.RelatedCOATests._full_dict 77 ] 78 } 79 80 81class RelatedExploitTargetsTests(EntityTestCase, unittest.TestCase): 82 klass = et.RelatedExploitTargets 83 84 _full_dict = { 85 'scope': 'inclusive', 86 'related_exploit_targets': [ 87 related_test.RelatedExploitTargetTests._full_dict 88 ] 89 } 90 91class WeaknessTests(EntityTestCase, unittest.TestCase): 92 klass = weakness.Weakness 93 94 _full_dict = { 95 'description': "Deadlock", 96 'cwe_id': "CWE-833", 97 } 98 99 100class WeaknessesTests(TypedListTestCase, unittest.TestCase): 101 klass = weakness._Weaknesses 102 103 _full_dict = [ 104 WeaknessTests._full_dict 105 ] 106 107 108 109class ConfigurationTests(EntityTestCase, unittest.TestCase): 110 klass = configuration.Configuration 111 112 _full_dict = { 113 'description': "The 'Games' features should be configured" 114 "correctly.", 115 'short_description': "Games feature", 116 'cce_id': "CCE-18880-5", 117 } 118 119 120class ExploitTargetTests(EntityTestCase, unittest.TestCase): 121 klass = et.ExploitTarget 122 _full_dict = { 123 'id': 'example:test-1', 124 #idref omitted since it should not have both an ID and an IDREF. 125 'timestamp': "2014-04-01T03:17:45", 126 'version': '1.1', 127 'title': "ExploitTarget 1", 128 'description': "This is a long description about an ExploitTarget", 129 'short_description': "an ExploitTarget", 130 'vulnerabilities': VulnerabilitiesTests._full_dict, 131 'weaknesses': WeaknessesTests._full_dict, 132 'configuration': [ConfigurationTests._full_dict], 133 'potential_coas': PotentialCOAsTests._full_dict, 134 'information_source': information_source_test.InformationSourceTests._full_dict, 135 'handling': data_marking_test.MarkingTests._full_dict, 136 'related_exploit_targets': RelatedExploitTargetsTests._full_dict, 137 'related_packages': related_test.RelatedPackageRefsTests._full_dict 138 } 139 140 def test_add_description(self): 141 o1 = self.klass() 142 o2 = self.klass() 143 144 o1.add_description("Test") 145 o2.descriptions.add("Test") 146 147 self.assertEqual( 148 o1.descriptions.to_dict(), 149 o2.descriptions.to_dict() 150 ) 151 152 def test_add_short_description(self): 153 o1 = self.klass() 154 o2 = self.klass() 155 156 o1.add_short_description("Test") 157 o2.short_descriptions.add("Test") 158 159 self.assertEqual( 160 o1.short_descriptions.to_dict(), 161 o2.short_descriptions.to_dict() 162 ) 163 164 @assert_warnings 165 def test_deprecated_related_packages(self): 166 e = et.ExploitTarget() 167 e.related_packages.append(STIXPackage()) 168 self.assertEqual(len(e.related_packages), 1) 169 170if __name__ == "__main__": 171 unittest.main() 172