public void GetHashCodeReturnsTheSameValueIfObjectsAreEqual() { var a = new Cve("cve-1", "https://cve.com"); var b = new Cve("cve-1", "https://cve.com"); Assert.Equal(a.GetHashCode(), b.GetHashCode()); }
public void ReturnsHttp200AndExpectedBodyForValidRequests(string queryString, string expectedCveIdStartString) { var cveRepositoryMock = GetMock <IEntityRepository <Cve> >(); var expectedResult1 = new Cve { CveId = "CVE-2000-011", Description = "Description A: listed.", Listed = true }; var notExpectedResult1 = new Cve { CveId = "CVE-2000-012", Description = "Description A: unlisted.", Listed = false }; var expectedResult2 = new Cve { CveId = "CVE-2000-013", Description = "description B", Listed = true }; var expectedResult3 = new Cve { CveId = "CVE-2000-014", Description = "description C", Listed = true }; var expectedResult4 = new Cve { CveId = "CVE-2000-015", Description = "description D", Listed = true }; var expectedResult5 = new Cve { CveId = "CVE-2000-016", Description = "description E", Listed = true }; var notExpectedResult2 = new Cve { CveId = "CVE-2000-017", Description = "description F", Listed = true }; cveRepositoryMock .Setup(x => x.GetAll()) .Returns(new[] { expectedResult1, notExpectedResult1, expectedResult2, expectedResult3, expectedResult4, expectedResult5, notExpectedResult2 }.AsQueryable()); var queryResults = InvokeAndAssertStatusCode(queryString, HttpStatusCode.OK); Assert.True(queryResults.Success); Assert.Null(queryResults.ErrorMessage); Assert.Equal(5, queryResults.Results.Count); Assert.True(queryResults.Success); Assert.Null(queryResults.ErrorMessage); Assert.All( queryResults.Results, r => { Assert.StartsWith(expectedCveIdStartString, r.CveId, StringComparison.OrdinalIgnoreCase); // Only the listed elements with CWE-ID starting with the query string should be returned (up to 5 elements). Assert.NotEqual(notExpectedResult1.CveId, r.CveId, StringComparer.OrdinalIgnoreCase); // Sorted numerically, this is the 6th element in the resultset and should be filtered out (max 5). Assert.NotEqual(notExpectedResult2.CveId, r.CveId, StringComparer.OrdinalIgnoreCase); }); }
public IActionResult TestUpdate(IFormFile testFile) { // Check file type string fileExtension = Path.GetExtension(testFile.FileName); if (fileExtension != ".json" || testFile == null) { return(RedirectToAction(nameof(Index))); } // Get the CVE items string jsonString = ""; using (var reader = new StreamReader(testFile.OpenReadStream())) { jsonString = reader.ReadToEnd(); } JObject jsonObject = JObject.Parse(jsonString); IList <JToken> jsonCveList = jsonObject["CVE_Items"].ToList(); // Foreach CVE foreach (JToken currCve in jsonCveList) { // Ignore rejected CVE's if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; // Get existing cve string existingCveGivenId = cveMeta["ID"].ToString(); Cve existingCve = _context.Cves .Where(c => c.GivenID == existingCveGivenId) .Include(c => c.CveConfigurations) .ThenInclude(cc => cc.Product) .Include(c => c.References) .FirstOrDefault(); // If the CVE already exists if (existingCve != null) { // Update existing CVE //UpdateExistingCve(existingCve, currCve); } else // If the CVE doesn't exist { // Add new CVE AddNewCve(currCve); } } } // Send emails SendEmails(); return(RedirectToAction(nameof(Index))); }
public async Task ReturnsExistingAndCreatedCves(bool commitChanges) { // Arrange var matchingCve1 = new Cve { CveId = "cve-1" }; var notMatchingCve1 = new Cve { CveId = "cve-2" }; var matchingCve2 = new Cve { CveId = "cve-3" }; var notMatchingCve2 = new Cve { CveId = "cve-4" }; var cves = new[] { matchingCve1, notMatchingCve1, matchingCve2, notMatchingCve2 }; var repository = GetMock <IEntityRepository <Cve> >(); repository .Setup(x => x.GetAll()) .Returns(cves.AsQueryable()) .Verifiable(); var service = Get <PackageDeprecationService>(); var missingCveId = "cve-5"; var queriedCveIds = new[] { matchingCve1.CveId, matchingCve2.CveId, missingCveId }; // Act var result = await service.GetOrCreateCvesByIdAsync(queriedCveIds, commitChanges); // Assert Assert.Equal(3, result.Count); Assert.Contains(matchingCve1, result); Assert.Contains(matchingCve2, result); var createdCve = result.Last(); Assert.Equal(missingCveId, createdCve.CveId); Assert.False(createdCve.Listed); Assert.Equal(CveStatus.Unknown, createdCve.Status); Assert.Null(createdCve.Description); Assert.Null(createdCve.CvssRating); Assert.Null(createdCve.LastModifiedDate); Assert.Null(createdCve.PublishedDate); }
public void ItImplementsIEquatable() { List <Cve> cves = new List <Cve>(); var cve1 = new Cve("cve-1", "https://cve.com"); var cve2 = new Cve("cve-1", "https://cve.com"); cves.Add(new Cve("cve-2", "https://cve.com")); cves.Add(cve1); cves.Add(cve2); Assert.Equal(cve1, cve2); Assert.Equal(2, cves.Distinct().Count()); }
public IActionResult Details(int id) { // Get related CVE's Cve cve = _context.Cves .Where(c => c.CveID == id) .Include(c => c.References) .Include(c => c.CveConfigurations) .ThenInclude(cc => cc.Product) .FirstOrDefault(); if (cve == null) { TempData["Param"] = "Vulnerability"; TempData["Error"] = "Vulnerability does not exist"; return(RedirectToAction("Error", "Home")); } return(View(cve)); }
public async Task <IReadOnlyCollection <Cve> > GetOrCreateCvesByIdAsync(IEnumerable <string> ids, bool commitChanges) { if (ids == null) { throw new ArgumentNullException(nameof(ids)); } var details = _cveRepository.GetAll() .Where(c => ids.Contains(c.CveId)) .ToList(); var addedDetails = new List <Cve>(); foreach (var missingId in ids.Where(i => !details.Any(c => c.CveId == i))) { var detail = new Cve { CveId = missingId, Listed = false, Status = CveStatus.Unknown }; addedDetails.Add(detail); details.Add(detail); } if (addedDetails.Any()) { _cveRepository.InsertOnCommit(addedDetails); if (commitChanges) { await _cveRepository.CommitChangesAsync(); } } return(details); }
public void DeprecationFieldsAreSetAsExpected( PackageDeprecationStatus status, SeverityString_State severity, bool hasCves, bool hasCwes, bool hasAlternateRegistration, bool hasAlternatePackage) { // Arrange decimal?cvss; switch (severity) { case SeverityString_State.Critical: cvss = (decimal)9.5; break; case SeverityString_State.High: cvss = (decimal)7.5; break; case SeverityString_State.Medium: cvss = (decimal)5; break; case SeverityString_State.Low: cvss = (decimal)2; break; case SeverityString_State.None: cvss = null; break; default: throw new ArgumentOutOfRangeException(nameof(severity)); } var deprecation = new PackageDeprecation { CvssRating = cvss, CustomMessage = "hello" }; var cveIds = new[] { "CVE-2019-1111", "CVE-2019-2222" }; if (hasCves) { foreach (var cveId in cveIds) { var cve = new Cve { CveId = cveId }; deprecation.Cves.Add(cve); } } var cweIds = new[] { "CWE-1", "CWE-2" }; if (hasCwes) { foreach (var cweId in cweIds) { var cwe = new Cwe { CweId = cweId }; deprecation.Cwes.Add(cwe); } } var alternateRegistrationId = "alternateRegistrationId"; if (hasAlternateRegistration) { var registration = new PackageRegistration { Id = alternateRegistrationId }; deprecation.AlternatePackageRegistration = registration; } var alternatePackageRegistrationId = "alternatePackageRegistration"; var alternatePackageVersion = "1.0.0-alt"; if (hasAlternatePackage) { var alternatePackageRegistration = new PackageRegistration { Id = alternatePackageRegistrationId }; var alternatePackage = new Package { Version = alternatePackageVersion, PackageRegistration = alternatePackageRegistration }; deprecation.AlternatePackage = alternatePackage; } var package = CreateTestPackage("1.0.0"); var linkedDeprecation = new PackageDeprecation { Status = status }; package.Deprecations.Add(linkedDeprecation); // Act var model = new DisplayPackageViewModel(package, null, deprecation); // Assert Assert.Equal(status, model.DeprecationStatus); Assert.Equal(deprecation.CustomMessage, model.CustomMessage); string expectedString; switch (severity) { case SeverityString_State.Critical: expectedString = "Critical"; break; case SeverityString_State.High: expectedString = "High"; break; case SeverityString_State.Medium: expectedString = "Medium"; break; case SeverityString_State.Low: expectedString = "Low"; break; case SeverityString_State.None: expectedString = null; break; default: throw new ArgumentOutOfRangeException(nameof(severity)); } Assert.Equal(expectedString, model.Severity); if (hasCves) { Assert.Equal(cveIds, model.CveIds); } else { Assert.Empty(model.CveIds); } if (hasCwes) { Assert.Equal(cweIds, model.CweIds); } else { Assert.Empty(model.CweIds); } if (hasAlternatePackage) { Assert.Equal(alternatePackageRegistrationId, model.AlternatePackageId); Assert.Equal(alternatePackageVersion, model.AlternatePackageVersion); } else if (hasAlternateRegistration) { Assert.Equal(alternateRegistrationId, model.AlternatePackageId); Assert.Null(model.AlternatePackageVersion); } else { Assert.Null(model.AlternatePackageId); Assert.Null(model.AlternatePackageVersion); } var versionModel = model.PackageVersions.Single(); Assert.Equal(status, versionModel.DeprecationStatus); Assert.Null(versionModel.Severity); Assert.Null(versionModel.CveIds); Assert.Null(versionModel.CweIds); Assert.Null(versionModel.AlternatePackageId); Assert.Null(versionModel.AlternatePackageVersion); Assert.Null(versionModel.CustomMessage); }
public VulnerabilityDetailState(Cve cve) : this(cve.CveId, cve.Description) { cvss = cve.CvssRating; }
public IActionResult InitialDataImport() { // Get all file paths IList <string> pathList = new List <string>(); // Foreach file foreach (string currFile in Directory.EnumerateFiles( "wwwroot\\CVE Data", "*", SearchOption.AllDirectories)) { string jsonString = System.IO.File.ReadAllText(currFile); JObject jsonObject = JObject.Parse(jsonString); IList <JToken> jsonCveList = jsonObject["CVE_Items"].ToList(); //Collect values from each Cve and create Cve object IList <Cve> newCveList = new List <Cve>(); foreach (JToken currCve in jsonCveList) { // Only accept if CVE description does not contain ** REJECT ** and has a score if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; // Detect errornous score information and restart JToken cvss; try { cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; } catch (Exception e) { continue; } // Create new CveObject Cve newCve = new Cve { PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()), LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()), GivenID = cveMeta["ID"].ToString(), Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(), VectorString = cvss["vectorString"].ToString(), AccessVector = cvss["accessVector"].ToString(), AccessComplexity = cvss["accessComplexity"].ToString(), Authentication = cvss["authentication"].ToString(), ConfidentialityImpact = cvss["confidentialityImpact"].ToString(), IntegrityImpact = cvss["availabilityImpact"].ToString(), AvailabilityImpact = cvss["availabilityImpact"].ToString(), BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()), References = new List <Reference>(), CveConfigurations = new List <CveConfiguration>() }; // Get references JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; newCve.References.Add(newReference); } // Get products from CVE JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); // Foreach product foreach (JToken currJsonProduct in jsonProductList) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; newCve.CveConfigurations.Add(newConfiguration); } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8], Added = DateTime.Now }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve newCve.CveConfigurations.Add(newCveConfiguration); } } // Add new CVE to database try { _context.Cves.Add(newCve); _context.SaveChanges(); } catch (Exception e) { TempData["Param"] = "newCve"; TempData["Error"] = e.Message; throw e; } } } } StatusMessage = "Successfully Seeded Database."; return(RedirectToAction(nameof(Index))); }
private void AddNewCve(JToken currCve) { // Only accept if CVE description does not contain ** REJECT ** and build data if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; if (currCve["impact"].Children().Count() == 0) { return; } cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; // Create new CveObject Cve newCve = new Cve { PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()), LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()), GivenID = cveMeta["ID"].ToString(), Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(), VectorString = cvss["vectorString"].ToString(), AccessVector = cvss["accessVector"].ToString(), AccessComplexity = cvss["accessComplexity"].ToString(), Authentication = cvss["authentication"].ToString(), ConfidentialityImpact = cvss["confidentialityImpact"].ToString(), IntegrityImpact = cvss["availabilityImpact"].ToString(), AvailabilityImpact = cvss["availabilityImpact"].ToString(), BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()), References = new List <Reference>(), CveConfigurations = new List <CveConfiguration>(), UserCveConfigurations = new List <UserCveConfiguration>() }; // Get references JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; newCve.References.Add(newReference); } // Get products from CVE JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); // Foreach product foreach (JToken currJsonProduct in jsonProductList) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; newCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(g => g.ConfigurationID).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, ConfigurationID = item.Key, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, Cve = newCve, New = 'Y'.ToString() }; // Add email notification if not already added var existingConfiguration = _context.Configurations .Where(c => c.ConfigurationID == item.Key) .FirstOrDefault(); var userToEmail = _context.Users .Where(u => u.Id == existingConfiguration.AspNetUserID) .FirstOrDefault(); // Check if an email already exists bool emailAlreadyExists = emailRecipientList .Where(erl => erl.EmailAddress == userToEmail.Email).Count() > 0; // If the email does exist if (emailAlreadyExists == true) { // Add configuration Name if (!emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Contains(existingConfiguration.ConfigurationID)) { emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Add(existingConfiguration.ConfigurationID); } } else // If the email does not exist { // Create new email and add it to the recipient list Email newEmail = new Email() { EmailAddress = userToEmail.Email, RecipientName = userToEmail.FirstName, }; newEmail.ConfigurationIdList.Add(existingConfiguration.ConfigurationID); emailRecipientList.Add(newEmail); } newCve.UserCveConfigurations.Add(newUserCveConfiguration); } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8], Added = DateTime.Now }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve newCve.CveConfigurations.Add(newCveConfiguration); } } // Add new CVE to database try { _context.Cves.Add(newCve); _context.SaveChanges(); } catch (Exception e) { System.Diagnostics.Debug.WriteLine("Error: " + e.Message); } } }
private void UpdateExistingCve(Cve existingCve, JToken currCve) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; // Detect errornous score information and restart try { cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; } catch (Exception) { return; } // Update the CVE itself existingCve.PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()); existingCve.LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()); existingCve.GivenID = cveMeta["ID"].ToString(); existingCve.Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(); existingCve.VectorString = cvss["vectorString"].ToString(); existingCve.AccessVector = cvss["accessVector"].ToString(); existingCve.AccessComplexity = cvss["accessComplexity"].ToString(); existingCve.Authentication = cvss["authentication"].ToString(); existingCve.ConfidentialityImpact = cvss["confidentialityImpact"].ToString(); existingCve.IntegrityImpact = cvss["availabilityImpact"].ToString(); existingCve.AvailabilityImpact = cvss["availabilityImpact"].ToString(); existingCve.BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()); existingCve.References.Clear(); JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; existingCve.References.Add(newReference); } // Add any new products JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); bool alreadyContained = false; foreach (JToken currJsonProduct in jsonProductList) { // Check for existing product foreach (CveConfiguration currCveConfiguration in existingCve.CveConfigurations) { if (currCveConfiguration.Product.Concatenated == currJsonProduct.ToString()) { alreadyContained = true; break; } } // If not already contained add the new product if (alreadyContained == false) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .Include(p => p.CveConfigurations) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; existingCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(ucc => ucc.ProductID) .Select(g => g.First()).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, CveID = existingCve.CveID, ConfigurationID = item.CveID, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now }; try { if (ModelState.IsValid) { _context.UserCveConfigurations.Add(newUserCveConfiguration); _context.SaveChanges(); } } catch (Exception) { return; } } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8] }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve existingCve.CveConfigurations.Add(newCveConfiguration); } } } // save updated existingCve try { if (ModelState.IsValid) { _context.Entry(existingCve).State = EntityState.Modified; _context.SaveChanges(); } } catch (Exception) { return; } }
public IActionResult ImportModifiedCveData(string guid) { // Only run if URL calls with the below GUID for security if (guid == "3777706d-0db3-4a6c-9f34-2cbd672fbd89") { // Clear directories https://stackoverflow.com/questions/1288718/how-to-delete-all-files-and-folders-in-a-directory Uri uri = new Uri("https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.json.zip"); string zipPath = "wwwroot\\CVE Data\\recent.zip"; string extractPath = "wwwroot\\CVE Data\\"; string filePath; // Download the file using (var client = new WebClient()) { try { client.DownloadFile(uri, zipPath); } catch (Exception) { return(StatusCode(500)); } } // Extract the file using (ZipArchive archive = ZipFile.OpenRead(zipPath)) { ZipArchiveEntry entry = archive.Entries.Where(e => e.FullName.EndsWith(".json")).FirstOrDefault(); filePath = Path.Combine(extractPath, entry.FullName); entry.ExtractToFile(filePath, true); } // Get the CVE items string jsonString = System.IO.File.ReadAllText(filePath); JObject jsonObject = JObject.Parse(jsonString); IList <JToken> jsonCveList = jsonObject["CVE_Items"].ToList(); // Foreach CVE foreach (JToken currCve in jsonCveList) { // Ignore rejected CVE's if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; // Get existing cve string existingCveGivenId = cveMeta["ID"].ToString(); Cve existingCve = _context.Cves .Where(c => c.GivenID == existingCveGivenId) .Include(c => c.CveConfigurations) .ThenInclude(cc => cc.Product) .Include(c => c.References) .FirstOrDefault(); // If the CVE already exists if (existingCve != null) { // Update existing CVE //UpdateExistingCve(existingCve, currCve); } else // If the CVE doesn't exist { // Add new CVE AddNewCve(currCve); } } } // Send emails SendEmails(); // Return success code return(StatusCode(200)); } else { return(StatusCode(401)); } }
public async Task ReturnsNotFoundIfGetCwesByIdThrowsArgumentException(User currentUser, User owner) { // Arrange var id = "id"; var featureFlagService = GetMock <IFeatureFlagService>(); featureFlagService .Setup(x => x.IsManageDeprecationEnabled(currentUser)) .Returns(true) .Verifiable(); var registration = new PackageRegistration { Id = id }; registration.Owners.Add(owner); var package = new Package { NormalizedVersion = "2.3.4", PackageRegistration = registration }; var packageService = GetMock <IPackageService>(); packageService .Setup(x => x.FindPackagesById(id, PackageDeprecationFieldsToInclude.DeprecationAndRelationships)) .Returns(new[] { package }) .Verifiable(); var deprecationService = GetMock <IPackageDeprecationService>(); var cves = new Cve[0]; deprecationService .Setup(x => x.GetOrCreateCvesByIdAsync(Enumerable.Empty <string>(), false)) .CompletesWith(cves) .Verifiable(); deprecationService .Setup(x => x.GetCwesById(Enumerable.Empty <string>())) .Throws(new ArgumentException()) .Verifiable(); var controller = GetController <ManageDeprecationJsonApiController>(); controller.SetCurrentUser(currentUser); // Act var result = await controller.Deprecate( id, new[] { package.NormalizedVersion }, false, false, false, null, null, null, null, null, null); // Assert AssertErrorResponse( controller, result, HttpStatusCode.NotFound, Strings.DeprecatePackage_CweMissing); featureFlagService.Verify(); packageService.Verify(); }