Skip to content

Commit af00938

Browse files
ziadhanyziadhany
committed
Fix a vulnrichment importer test to correctly mock a CVSSv4 score
Signed-off-by: ziad hany <ziadhany2016@gmail.com>
1 parent de3ecf6 commit af00938

File tree

1 file changed

+21
-10
lines changed

1 file changed

+21
-10
lines changed

vulnerabilities/tests/pipelines/v2_importers/test_vulnrichment_importer_v2.py

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,15 +8,16 @@
88
#
99

1010
import json
11-
from pathlib import Path
1211
from unittest.mock import MagicMock
1312
from unittest.mock import patch
1413

1514
import pytest
1615

1716
from vulnerabilities.importer import AdvisoryDataV2
17+
from vulnerabilities.importer import ReferenceV2
1818
from vulnerabilities.importer import VulnerabilitySeverity
1919
from vulnerabilities.pipelines.v2_importers.vulnrichment_importer import VulnrichImporterPipeline
20+
from vulnerabilities.severity_systems import Cvssv4ScoringSystem
2021

2122

2223
@pytest.fixture
@@ -58,8 +59,10 @@ def mock_pathlib(tmp_path):
5859
"metrics": [
5960
{
6061
"cvssV4_0": {
61-
"baseScore": 7.5,
62-
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
62+
"version": "4.0",
63+
"baseScore": 5.3,
64+
"baseSeverity": "MEDIUM",
65+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
6366
}
6467
}
6568
],
@@ -103,15 +106,20 @@ def test_collect_advisories(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs)
103106
mock_parse.return_value = AdvisoryDataV2(
104107
advisory_id="CVE-2021-1234",
105108
summary="Sample PyPI vulnerability",
106-
references=[{"url": "https://example.com"}],
109+
references=[ReferenceV2(url="https://example.com")],
107110
affected_packages=[],
108111
weaknesses=[],
109112
url="https://example.com",
110113
severities=[
111114
VulnerabilitySeverity(
112-
system="cvssv4",
113-
value=7.5,
114-
scoring_elements="AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
115+
system=Cvssv4ScoringSystem(
116+
identifier="cvssv4",
117+
name="CVSSv4 Base Score",
118+
url="https://www.first.org/cvss/v4-0/",
119+
notes="CVSSv4 base score and vector",
120+
),
121+
value="5.3",
122+
scoring_elements="CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
115123
)
116124
],
117125
)
@@ -126,6 +134,7 @@ def test_collect_advisories(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs)
126134
assert advisory.advisory_id == "CVE-2021-1234"
127135
assert advisory.summary == "Sample PyPI vulnerability"
128136
assert advisory.url == "https://example.com"
137+
assert len(advisory.severities) == 1
129138

130139

131140
def test_clean_downloads(mock_vcs_response, mock_fetch_via_vcs):
@@ -165,8 +174,10 @@ def test_parse_cve_advisory(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs)
165174
"metrics": [
166175
{
167176
"cvssV4_0": {
168-
"baseScore": 7.5,
169-
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
177+
"version": "4.0",
178+
"baseScore": 5.3,
179+
"baseSeverity": "MEDIUM",
180+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
170181
}
171182
}
172183
],
@@ -185,7 +196,7 @@ def test_parse_cve_advisory(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs)
185196
assert advisory.summary == "Sample PyPI vulnerability"
186197
assert advisory.url == advisory_url
187198
assert len(advisory.severities) == 1
188-
assert advisory.severities[0].value == 7.5
199+
assert advisory.severities[0].value == 5.3
189200

190201

191202
def test_collect_advisories_with_invalid_json(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs):

0 commit comments

Comments
 (0)