fleet/server/vulnerabilities/nvd/sync_test.go

package nvd

import (
	"context"
	"path/filepath"
	"strings"
	"testing"

	"github.com/fleetdm/fleet/v4/server/contexts/license"

	"github.com/fleetdm/fleet/v4/pkg/nettest"
	"github.com/fleetdm/fleet/v4/server/fleet"
	"github.com/fleetdm/fleet/v4/server/mock"
	"github.com/go-kit/log"
	"github.com/stretchr/testify/require"
	"github.com/tj/assert"
)

func TestDownloadEPSSFeed(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadEPSSFeed(tempDir)
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, strings.TrimSuffix(epssFilename, ".gz")))
}

func TestDownloadCISAKnownExploitsFeed(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCISAKnownExploitsFeed(tempDir, "")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))
}

func TestDownloadCISAKnownExploitsFeedMirror(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCISAKnownExploitsFeed(tempDir, "https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))
}

func TestLoadCVEMeta(t *testing.T) {
	ds := new(mock.Store)

	var cveMeta []fleet.CVEMeta
	ds.InsertCVEMetaFunc = func(ctx context.Context, x []fleet.CVEMeta) error {
		cveMeta = x
		return nil
	}

	logger := log.NewNopLogger()
	err := LoadCVEMeta(license.NewContext(context.Background(), &fleet.LicenseInfo{
		Tier: "premium",
	}), logger, "../testdata", ds)
	require.NoError(t, err)
	require.True(t, ds.InsertCVEMetaFuncInvoked)

	// check some cves to make sure they got loaded correctly
	metaMap := make(map[string]fleet.CVEMeta)
	for _, meta := range cveMeta {
		metaMap[meta.CVE] = meta
	}

	meta := metaMap["CVE-2022-29676"]
	require.Equal(t, float64(7.2), *meta.CVSSScore)
	require.Equal(t, float64(0.00885), *meta.EPSSProbability)
	require.Equal(t, false, *meta.CISAKnownExploit)
	require.Equal(
		t,
		"CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.",
		meta.Description,
	)

	meta = metaMap["CVE-2022-22587"]
	require.Equal(t, float64(9.8), *meta.CVSSScore)
	require.Equal(t, float64(0.01843), *meta.EPSSProbability)
	require.Equal(t, true, *meta.CISAKnownExploit)
	require.Equal(
		t,
		"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",
		meta.Description,
	)
}

func TestDownloadCPETranslations(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCPETranslationsFromGithub(tempDir, "")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cpeTranslationsFilename))
}
Fixes various bugs with NVD vulnerability detection (#7963) - Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value. 2022-10-04 11:04:48 +00:00			`package nvd`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00
			`import (`
			`"context"`
			`"path/filepath"`
			`"strings"`
			`"testing"`

Handle flaky vulnerability tests (#11262) - Refactored some of the vulnerabilities tests to help with flakiness. - Don't load NVD assets if local assets have a timestamp of today. 2023-04-21 23:37:29 +00:00			`"github.com/fleetdm/fleet/v4/server/contexts/license"`

Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`"github.com/fleetdm/fleet/v4/pkg/nettest"`
			`"github.com/fleetdm/fleet/v4/server/fleet"`
			`"github.com/fleetdm/fleet/v4/server/mock"`
🧹 friday cleanup party: substitute deprecated import of go-kit (#19774) `go-kit/kit/log` was deprecated and generating warnings # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality 2024-06-17 13:27:31 +00:00			`"github.com/go-kit/log"`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`"github.com/stretchr/testify/require"`
			`"github.com/tj/assert"`
			`)`

			`func TestDownloadEPSSFeed(t *testing.T) {`
			`nettest.Run(t)`

			`tempDir := t.TempDir()`

Fleet server and tooling to use `NETWORK_TEST_GITHUB_TOKEN` when environment variable is set. (#9143) * WIP * Add more logging * Check rate limit at end of action * Add github client in more places * Add new published firefox 93 vulnerabilities to tests * Remove fmt printfs * Restore CI check settings * Readd newline 2023-01-03 17:56:11 +00:00			`err := DownloadEPSSFeed(tempDir)`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`require.NoError(t, err)`

			`assert.FileExists(t, filepath.Join(tempDir, strings.TrimSuffix(epssFilename, ".gz")))`
			`}`

			`func TestDownloadCISAKnownExploitsFeed(t *testing.T) {`
			`nettest.Run(t)`

			`tempDir := t.TempDir()`

feat: allow different cisa url to be provided (#31728) Summary • Allow custom CISA vulnerability data source URL to work around blocked requests • Updates vulnerability sync logic to use configurable CISA endpoint • Enables organizations to use CISA mirrors when direct access is blocked ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually 2025-08-13 18:35:45 +00:00			`err := DownloadCISAKnownExploitsFeed(tempDir, "")`
			`require.NoError(t, err)`

			`assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))`
			`}`

			`func TestDownloadCISAKnownExploitsFeedMirror(t *testing.T) {`
			`nettest.Run(t)`

			`tempDir := t.TempDir()`

			`err := DownloadCISAKnownExploitsFeed(tempDir, "https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json")`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`require.NoError(t, err)`

			`assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))`
			`}`

			`func TestLoadCVEMeta(t *testing.T) {`
			`ds := new(mock.Store)`

fix epss probability (#6083) 2022-06-03 17:37:47 +00:00			`var cveMeta []fleet.CVEMeta`
			`ds.InsertCVEMetaFunc = func(ctx context.Context, x []fleet.CVEMeta) error {`
			`cveMeta = x`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`return nil`
			`}`

fix mem usage cve sync (#6131) 2022-06-08 19:15:44 +00:00			`logger := log.NewNopLogger()`
vuln processing distinct command (#9813) closes https://github.com/fleetdm/fleet/issues/3723 Add new vuln processing command, configs, and documentation on how to utilize. 2023-02-17 15:00:57 +00:00			`err := LoadCVEMeta(license.NewContext(context.Background(), &fleet.LicenseInfo{`
			`Tier: "premium",`
			`}), logger, "../testdata", ds)`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`require.NoError(t, err)`
			`require.True(t, ds.InsertCVEMetaFuncInvoked)`

fix epss probability (#6083) 2022-06-03 17:37:47 +00:00			`// check some cves to make sure they got loaded correctly`
			`metaMap := make(map[string]fleet.CVEMeta)`
			`for _, meta := range cveMeta {`
			`metaMap[meta.CVE] = meta`
			`}`

			`meta := metaMap["CVE-2022-29676"]`
			`require.Equal(t, float64(7.2), *meta.CVSSScore)`
			`require.Equal(t, float64(0.00885), *meta.EPSSProbability)`
			`require.Equal(t, false, *meta.CISAKnownExploit)`
Add Description text to CVE Metadata (#13856) 2023-09-15 17:24:10 +00:00			`require.Equal(`
			`t,`
			`"CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.",`
Enable staticcheck Go linter. (#23487) #23486 Linter: https://staticcheck.dev/ 2024-11-05 17:16:24 +00:00			`meta.Description,`
Add Description text to CVE Metadata (#13856) 2023-09-15 17:24:10 +00:00			`)`
fix epss probability (#6083) 2022-06-03 17:37:47 +00:00
			`meta = metaMap["CVE-2022-22587"]`
Handle flaky vulnerability tests (#11262) - Refactored some of the vulnerabilities tests to help with flakiness. - Don't load NVD assets if local assets have a timestamp of today. 2023-04-21 23:37:29 +00:00			`require.Equal(t, float64(9.8), *meta.CVSSScore)`
fix epss probability (#6083) 2022-06-03 17:37:47 +00:00			`require.Equal(t, float64(0.01843), *meta.EPSSProbability)`
			`require.Equal(t, true, *meta.CISAKnownExploit)`
Add Description text to CVE Metadata (#13856) 2023-09-15 17:24:10 +00:00			`require.Equal(`
			`t,`
			`"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",`
Enable staticcheck Go linter. (#23487) #23486 Linter: https://staticcheck.dev/ 2024-11-05 17:16:24 +00:00			`meta.Description,`
Add Description text to CVE Metadata (#13856) 2023-09-15 17:24:10 +00:00			`)`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`}`
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw 2022-09-01 16:02:07 +00:00
			`func TestDownloadCPETranslations(t *testing.T) {`
			`nettest.Run(t)`

			`tempDir := t.TempDir()`

Fleet server and tooling to use `NETWORK_TEST_GITHUB_TOKEN` when environment variable is set. (#9143) * WIP * Add more logging * Check rate limit at end of action * Add github client in more places * Add new published firefox 93 vulnerabilities to tests * Remove fmt printfs * Restore CI check settings * Readd newline 2023-01-03 17:56:11 +00:00			`err := DownloadCPETranslationsFromGithub(tempDir, "")`
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw 2022-09-01 16:02:07 +00:00			`require.NoError(t, err)`

			`assert.FileExists(t, filepath.Join(tempDir, cpeTranslationsFilename))`
			`}`