fleet/server/vulnerabilities/nvd/sync_test.go

package nvd

import (
	"context"
	"path/filepath"
	"strings"
	"testing"

	"github.com/fleetdm/fleet/v4/server/contexts/license"

	"github.com/fleetdm/fleet/v4/pkg/nettest"
	"github.com/fleetdm/fleet/v4/server/fleet"
	"github.com/fleetdm/fleet/v4/server/mock"
	"github.com/go-kit/log"
	"github.com/stretchr/testify/require"
	"github.com/tj/assert"
)

func TestDownloadEPSSFeed(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadEPSSFeed(tempDir)
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, strings.TrimSuffix(epssFilename, ".gz")))
}

func TestDownloadCISAKnownExploitsFeed(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCISAKnownExploitsFeed(tempDir, "")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))
}

func TestDownloadCISAKnownExploitsFeedMirror(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCISAKnownExploitsFeed(tempDir, "https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cisaKnownExploitsFilename))
}

func TestLoadCVEMeta(t *testing.T) {
	ds := new(mock.Store)

	var cveMeta []fleet.CVEMeta
	ds.InsertCVEMetaFunc = func(ctx context.Context, x []fleet.CVEMeta) error {
		cveMeta = x
		return nil
	}

	logger := log.NewNopLogger()
	err := LoadCVEMeta(license.NewContext(context.Background(), &fleet.LicenseInfo{
		Tier: "premium",
	}), logger, "../testdata", ds)
	require.NoError(t, err)
	require.True(t, ds.InsertCVEMetaFuncInvoked)

	// check some cves to make sure they got loaded correctly
	metaMap := make(map[string]fleet.CVEMeta)
	for _, meta := range cveMeta {
		metaMap[meta.CVE] = meta
	}

	meta := metaMap["CVE-2022-29676"]
	require.Equal(t, float64(7.2), *meta.CVSSScore)
	require.Equal(t, float64(0.00885), *meta.EPSSProbability)
	require.Equal(t, false, *meta.CISAKnownExploit)
	require.Equal(
		t,
		"CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.",
		meta.Description,
	)

	meta = metaMap["CVE-2022-22587"]
	require.Equal(t, float64(9.8), *meta.CVSSScore)
	require.Equal(t, float64(0.01843), *meta.EPSSProbability)
	require.Equal(t, true, *meta.CISAKnownExploit)
	require.Equal(
		t,
		"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",
		meta.Description,
	)
}

func TestDownloadCPETranslations(t *testing.T) {
	nettest.Run(t)

	tempDir := t.TempDir()

	err := DownloadCPETranslationsFromGithub(tempDir, "")
	require.NoError(t, err)

	assert.FileExists(t, filepath.Join(tempDir, cpeTranslationsFilename))
}