Skip to content

Commit 1cbaa98

Browse files
MaineK00nclaude
andcommitted
test(detector): add JVN/VulnCheck detection and enrichment unit tests
Cover the two CPE sources migrated to vuls2 whose source-specific logic the NVD-based cases did not exercise. Test_postConvert (inline DetectResult): - VulnCheck exact CPE accept -> VulncheckExactVersionMatch + models.Vulncheck content with the console.vulncheck.com SourceLink. - JVN exact CPE accept -> demoted to JvnVendorProductMatch, sparse models.Jvn content (SourceLink ""), and the JVNDB DistroAdvisory. Test_enrich (testdata/fixtures/enrich/{vulncheck-nist-nvd2,jvn-feed-rss}): - enrichVulnCheck fills models.Vulncheck content (CVSS/CWE/refs/SourceLink). - enrichJVN rebuilds the rich Jvn content from the advisory, folds the sparse detection content's references forward (carriedRefs), and emits the JP-CERT alert from a jpcert.or.jp/at/ reference. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 644a4ea commit 1cbaa98

5 files changed

Lines changed: 508 additions & 0 deletions

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"id": "JVNDB-2024-000123",
3+
"advisories": [
4+
{
5+
"content": {
6+
"id": "JVNDB-2024-000123",
7+
"title": "Fortinet FortiOS におけるバッファエラーの脆弱性",
8+
"description": "Fortinet が提供する FortiOS には、バッファエラー (CWE-787) の脆弱性が存在します。",
9+
"severity": [
10+
{
11+
"type": "cvss_v31",
12+
"source": "jvndb.jvn.jp",
13+
"cvss_v31": {
14+
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
15+
"base_score": 9.8,
16+
"base_severity": "CRITICAL"
17+
}
18+
}
19+
],
20+
"cwe": [
21+
{
22+
"source": "jvndb.jvn.jp",
23+
"cwe": [
24+
"CWE-787"
25+
]
26+
}
27+
],
28+
"references": [
29+
{
30+
"source": "jvndb.jvn.jp",
31+
"url": "https://www.jpcert.or.jp/at/2024/at240008.html"
32+
},
33+
{
34+
"source": "jvndb.jvn.jp",
35+
"url": "https://jvn.jp/vu/JVNVU90001234/index.html"
36+
}
37+
],
38+
"published": "2024-02-09T00:00:00Z",
39+
"modified": "2024-02-15T00:00:00Z"
40+
}
41+
}
42+
],
43+
"vulnerabilities": [
44+
{
45+
"content": {
46+
"id": "CVE-2024-21762"
47+
}
48+
}
49+
],
50+
"data_source": {
51+
"id": "jvn-feed-rss",
52+
"raws": [
53+
"fixtures/2024/JVNDB-2024-000123.json"
54+
]
55+
}
56+
}
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"id": "jvn-feed-rss",
3+
"name": "Japan Vulnerability Notes (JVN) Feed RSS"
4+
}
Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"id": "CVE-2024-3400",
3+
"vulnerabilities": [
4+
{
5+
"content": {
6+
"id": "CVE-2024-3400",
7+
"title": "PAN-OS GlobalProtect Command Injection",
8+
"description": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.",
9+
"severity": [
10+
{
11+
"type": "cvss_v31",
12+
"source": "nvd@nist.gov",
13+
"cvss_v31": {
14+
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
15+
"base_score": 10.0,
16+
"base_severity": "CRITICAL"
17+
}
18+
}
19+
],
20+
"cwe": [
21+
{
22+
"source": "nvd@nist.gov",
23+
"cwe": [
24+
"CWE-77"
25+
]
26+
}
27+
],
28+
"references": [
29+
{
30+
"source": "nvd@nist.gov",
31+
"url": "https://security.paloaltonetworks.com/CVE-2024-3400"
32+
},
33+
{
34+
"source": "nvd@nist.gov",
35+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3400"
36+
}
37+
],
38+
"published": "2024-04-12T00:00:00Z",
39+
"modified": "2024-04-19T00:00:00Z"
40+
}
41+
}
42+
],
43+
"data_source": {
44+
"id": "vulncheck-nist-nvd2",
45+
"raws": [
46+
"vuls-data-raw-vulncheck-nist-nvd2/2024/CVE-2024-3400.json"
47+
]
48+
}
49+
}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
{
2+
"id": "vulncheck-nist-nvd2",
3+
"name": "VulnCheck NIST NVD2",
4+
"raw": [
5+
{
6+
"url": "ghcr.io/vulsio/vuls-data-db:vuls-data-raw-vulncheck-nist-nvd2",
7+
"commit": "0000000000000000000000000000000000000000",
8+
"date": "2025-01-01T00:00:00Z"
9+
}
10+
]
11+
}

0 commit comments

Comments
 (0)