1# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
2# See LICENSE.txt for complete terms.
3
4import unittest
5
6from stix.test import EntityTestCase, TypedListTestCase, assert_warnings
7from stix.test import data_marking_test
8from stix.test.common import information_source_test, related_test
9
10from stix.core import STIXPackage
11import stix.exploit_target as et
12from stix.exploit_target import weakness, vulnerability, configuration
13
14class CVSSVectorTests(EntityTestCase, unittest.TestCase):
15    klass = vulnerability.CVSSVector
16
17    _full_dict = {
18        'overall_score': "9.3",
19        'base_score': "8.3",
20        'base_vector': "(AV:N/AC:L/Au:N/C:N/I:N/A:P)",
21        'temporal_score': "7.7",
22        'temporal_vector': "(E:U/RL:T/RC:C)",
23        'environmental_score': "2.0",
24        'environmental_vector': "(CPD:ND/TD:ND)",
25    }
26
27
28class AffectedSoftwareTests(EntityTestCase, unittest.TestCase):
29    klass = vulnerability.AffectedSoftware
30
31    _full_dict = {
32        'scope': 'inclusive',
33        'affected_software': [
34            related_test.RelatedObservableTests._full_dict
35        ]
36    }
37
38
39class VulnerabilityTests(EntityTestCase, unittest.TestCase):
40    klass = vulnerability.Vulnerability
41
42    _full_dict = {
43        'is_known': False,
44        'is_publicly_acknowledged': True,
45        'title': "CVE-2012-0158",
46        'description': "Vulnerability Description",
47        'short_description': "MSCOMCTL.OCX Memory Corruption",
48        'cvss_score': CVSSVectorTests._full_dict,
49        'discovered_datetime': {
50            'value': '2010-02-21T00:00:00',
51            'precision': 'day',
52        },
53        'published_datetime': {
54            'value': '2010-03-01T00:00:00',
55            'precision': 'month',
56        },
57        'affected_software': AffectedSoftwareTests._full_dict,
58        'references': ['foo','bar']
59    }
60
61
62class VulnerabilitiesTests(TypedListTestCase, unittest.TestCase):
63    klass = vulnerability._Vulnerabilities
64
65    _full_dict = [
66        VulnerabilityTests._full_dict
67    ]
68
69
70class PotentialCOAsTests(EntityTestCase, unittest.TestCase):
71    klass = et.PotentialCOAs
72
73    _full_dict = {
74        'scope': 'inclusive',
75        'coas': [
76            related_test.RelatedCOATests._full_dict
77        ]
78    }
79
80
81class RelatedExploitTargetsTests(EntityTestCase, unittest.TestCase):
82    klass = et.RelatedExploitTargets
83
84    _full_dict = {
85        'scope': 'inclusive',
86        'related_exploit_targets': [
87            related_test.RelatedExploitTargetTests._full_dict
88        ]
89    }
90
91class WeaknessTests(EntityTestCase, unittest.TestCase):
92    klass = weakness.Weakness
93
94    _full_dict = {
95        'description': "Deadlock",
96        'cwe_id': "CWE-833",
97    }
98
99
100class WeaknessesTests(TypedListTestCase, unittest.TestCase):
101    klass = weakness._Weaknesses
102
103    _full_dict = [
104        WeaknessTests._full_dict
105    ]
106
107
108
109class ConfigurationTests(EntityTestCase, unittest.TestCase):
110    klass = configuration.Configuration
111
112    _full_dict =  {
113        'description': "The 'Games' features should be configured"
114                       "correctly.",
115        'short_description': "Games feature",
116        'cce_id': "CCE-18880-5",
117    }
118
119
120class ExploitTargetTests(EntityTestCase, unittest.TestCase):
121    klass = et.ExploitTarget
122    _full_dict = {
123        'id': 'example:test-1',
124        #idref omitted since it should not have both an ID and an IDREF.
125        'timestamp': "2014-04-01T03:17:45",
126        'version': '1.1',
127        'title': "ExploitTarget 1",
128        'description': "This is a long description about an ExploitTarget",
129        'short_description': "an ExploitTarget",
130        'vulnerabilities': VulnerabilitiesTests._full_dict,
131        'weaknesses': WeaknessesTests._full_dict,
132        'configuration': [ConfigurationTests._full_dict],
133        'potential_coas': PotentialCOAsTests._full_dict,
134        'information_source': information_source_test.InformationSourceTests._full_dict,
135        'handling': data_marking_test.MarkingTests._full_dict,
136        'related_exploit_targets': RelatedExploitTargetsTests._full_dict,
137        'related_packages': related_test.RelatedPackageRefsTests._full_dict
138    }
139
140    def test_add_description(self):
141        o1 = self.klass()
142        o2 = self.klass()
143
144        o1.add_description("Test")
145        o2.descriptions.add("Test")
146
147        self.assertEqual(
148            o1.descriptions.to_dict(),
149            o2.descriptions.to_dict()
150        )
151
152    def test_add_short_description(self):
153        o1 = self.klass()
154        o2 = self.klass()
155
156        o1.add_short_description("Test")
157        o2.short_descriptions.add("Test")
158
159        self.assertEqual(
160            o1.short_descriptions.to_dict(),
161            o2.short_descriptions.to_dict()
162        )
163
164    @assert_warnings
165    def test_deprecated_related_packages(self):
166        e = et.ExploitTarget()
167        e.related_packages.append(STIXPackage())
168        self.assertEqual(len(e.related_packages), 1)
169
170if __name__ == "__main__":
171    unittest.main()
172