Add a test, and update Kev pipeline

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/pipelines/enhance_with_kev.py

@@ -80,6 +80,10 @@ def add_vulnerability_exploit(kev_vul, logger):
         logger(f"No vulnerability found for aliases {cve_id}")
         return 0
 
+    if not vulnerability:
+        logger(f"No vulnerability found for aliases {cve_id}")
+        return 0
+
     Exploit.objects.update_or_create(
         vulnerability=vulnerability,
         data_source="KEV",

vulnerabilities/tests/pipelines/test_enhance_with_exploitdb.py

@@ -45,3 +45,18 @@ def test_exploit_db_improver(mock_get):
     # Run Exploit-DB Improver again when there are matching aliases.
     improver.execute()
     assert Exploit.objects.count() == 1
+
+
+@pytest.mark.django_db
+@mock.patch("requests.get")
+def test_invalid_exploit_db_improver(mock_get):
+    mock_response = Mock(status_code=200)
+    with open(TEST_DATA, "r") as f:
+        mock_response.text = f.read()
+    mock_get.return_value = mock_response
+
+    improver = ExploitDBImproverPipeline()
+    Alias.objects.create(alias="CVE-2009-3699", vulnerability=None)
+    status, _ = improver.execute()
+    assert status == 0
+    assert Exploit.objects.count() == 0

vulnerabilities/tests/pipelines/test_enhance_with_kev.py

@@ -45,3 +45,18 @@ def test_kev_improver(mock_get):
     # Run Kev Improver again when there are matching aliases.
     improver.execute()
     assert Exploit.objects.count() == 1
+
+
+@pytest.mark.django_db
+@mock.patch("requests.get")
+def test_invalid_kev_improver(mock_get):
+    mock_response = Mock(status_code=200)
+    mock_response.json.return_value = load_json(TEST_DATA)
+    mock_get.return_value = mock_response
+
+    improver = VulnerabilityKevPipeline()
+    Alias.objects.create(alias="CVE-2021-38647", vulnerability=None)
+
+    status, _ = improver.execute()
+    assert status == 0
+    assert Exploit.objects.count() == 0

vulnerabilities/tests/pipelines/test_enhance_with_metasploit.py

@@ -42,3 +42,17 @@ def test_metasploit_improver(mock_get):
     # Run metasploit Improver again when there are matching aliases.
     improver.execute()
     assert Exploit.objects.count() == 1
+
+
+@pytest.mark.django_db
+@mock.patch("requests.get")
+def test_invalid_metasploit_improver(mock_get):
+    mock_response = Mock(status_code=200)
+    mock_response.json.return_value = load_json(TEST_DATA)
+    mock_get.return_value = mock_response
+
+    Alias.objects.create(alias="CVE-2007-4387", vulnerability=None)  # Alias without vulnerability
+    improver = MetasploitImproverPipeline()
+    status, _ = improver.execute()
+    assert status == 0
+    assert Exploit.objects.count() == 0