public static void FromVectorString_sets_AvailabilityImpact(NvdData nvdData)
{
// Arrange
CvssV2BaseScore cvssV2BaseScore;
// Act
cvssV2BaseScore = CvssV2BaseScore.FromVectorString(nvdData.CvssV2VectorString);
// Assert
Assert.Equal(nvdData.CvssV2AvailabilityImpact, cvssV2BaseScore.AvailabilityImpact.ToString().ToUpperInvariant());
}
public static void BaseScore_correctly_calculated(NvdData nvdData)
{
// Arrange
CvssV2BaseScore cvssV2BaseScore = CvssV2BaseScore.FromVectorString(nvdData.CvssV2VectorString);
// Act
var score = cvssV2BaseScore.Score;
// Assert
Assert.Equal(double.Parse(nvdData.CvssV2BaseScore), score);
}
public static void FromVectorString_sets_AccessComplexity(NvdData nvdData)
{
// Arrange
CvssV2BaseScore cvssV2BaseScore;
// Act
cvssV2BaseScore = CvssV2BaseScore.FromVectorString(nvdData.CvssV2VectorString);
// Assert
Assert.Equal(nvdData.CvssV2AccessComplexity, cvssV2BaseScore.AccessComplexity.ToString().ToUpperInvariant());
}
public static void FromVectorString_sets_Authentication(NvdData nvdData)
{
// Arrange
CvssV2BaseScore cvssV2BaseScore;
// Act
cvssV2BaseScore = CvssV2BaseScore.FromVectorString(nvdData.CvssV2VectorString);
// Assert
Assert.Equal(nvdData.CvssV2Authentication, cvssV2BaseScore.Authentication.ToString().ToUpperInvariant());
}
public static void FromVectorString_sets_Confidentiality(NvdData nvdData)
{
// Arrange
CvssV3BaseScore cvssV3BaseScore;
// Act
cvssV3BaseScore = CvssV3BaseScore.FromVectorString(nvdData.CvssV3VectorString);
// Assert
Assert.Equal(nvdData.CvssV3ConfidentialityImpact, cvssV3BaseScore.Confidentiality.ToString().ToUpperInvariant());
}
public static void ToVectorString_matches(NvdData nvdData)
{
// Arrange
CvssV2BaseScore cvssV2BaseScore = CvssV2BaseScore.FromVectorString(nvdData.CvssV2VectorString);
// Act
var vectorString = cvssV2BaseScore.ToVectorString();
// Assert
Assert.Equal(nvdData.CvssV2VectorString, vectorString);
}
public static void FromVectorString_sets_AttackVector(NvdData nvdData)
{
// Arrange
CvssV3BaseScore cvssV3BaseScore;
// Act
cvssV3BaseScore = CvssV3BaseScore.FromVectorString(nvdData.CvssV3VectorString);
// Assert
Assert.Equal(nvdData.CvssV3AttackVector, cvssV3BaseScore.AttackVector.ToString().ToUpperInvariant());
}
public static void Severity_correctly_calculated(NvdData nvdData)
{
// Arrange
CvssV3BaseScore cvssV3BaseScore = CvssV3BaseScore.FromVectorString(nvdData.CvssV3VectorString);
// Act
var severity = cvssV3BaseScore.Severity;
// Assert
Assert.Equal(nvdData.CvssV3BaseSeverity, severity.ToString().ToUpperInvariant());
}
public static void FromVectorString_sets_UserInteraction(NvdData nvdData)
{
// Arrange
CvssV3BaseScore cvssV3BaseScore;
// Act
cvssV3BaseScore = CvssV3BaseScore.FromVectorString(nvdData.CvssV3VectorString);
// Assert
Assert.Equal(nvdData.CvssV3UserInteraction, cvssV3BaseScore.UserInteraction.ToString().ToUpperInvariant());
}
public static void FromVectorString_sets_PrivilegesRequired(NvdData nvdData)
{
// Arrange
CvssV3BaseScore cvssV3BaseScore;
// Act
cvssV3BaseScore = CvssV3BaseScore.FromVectorString(nvdData.CvssV3VectorString);
// Assert
Assert.Equal(nvdData.CvssV3PrivilegesRequired, cvssV3BaseScore.PrivilegesRequired.ToString().ToUpperInvariant());
}
protected static List <object[]> CreateData()
{
var data = new List <object[]>();
using (var stream = Assembly.GetExecutingAssembly().GetManifestResourceStream($"{nameof(PentestToolkit)}.{nameof(Cvss)}.{nameof(Tests)}.nvdcve-1.0-recent.json"))
using (var reader = new StreamReader(stream))
using (var jsonReader = new JsonTextReader(reader))
{
var serializer = new JsonSerializer();
dynamic jObject = serializer.Deserialize(jsonReader);
foreach (var cve in jObject.CVE_Items)
{
var nvdData = new NvdData
{
CvssV3VectorString = cve?.impact?.baseMetricV3?.cvssV3?.vectorString,
CvssV3AttackVector = cve?.impact?.baseMetricV3?.cvssV3?.attackVector,
CvssV3AttackComplexity = cve?.impact?.baseMetricV3?.cvssV3?.attackComplexity,
CvssV3PrivilegesRequired = cve?.impact?.baseMetricV3?.cvssV3?.privilegesRequired,
CvssV3UserInteraction = cve?.impact?.baseMetricV3?.cvssV3?.userInteraction,
CvssV3Scope = cve?.impact?.baseMetricV3?.cvssV3?.scope,
CvssV3ConfidentialityImpact = cve?.impact?.baseMetricV3?.cvssV3?.confidentialityImpact,
CvssV3IntegrityImpact = cve?.impact?.baseMetricV3?.cvssV3?.integrityImpact,
CvssV3AvailabilityImpact = cve?.impact?.baseMetricV3?.cvssV3?.availabilityImpact,
CvssV3BaseScore = cve?.impact?.baseMetricV3?.cvssV3?.baseScore,
CvssV3BaseSeverity = cve?.impact?.baseMetricV3?.cvssV3?.baseSeverity,
CvssV2VectorString = cve?.impact?.baseMetricV2?.cvssV2?.vectorString,
CvssV2AccessVector = cve?.impact?.baseMetricV2?.cvssV2?.accessVector,
CvssV2AccessComplexity = cve?.impact?.baseMetricV2?.cvssV2?.accessComplexity,
CvssV2Authentication = cve?.impact?.baseMetricV2?.cvssV2?.authentication,
CvssV2ConfidentialityImpact = cve?.impact?.baseMetricV2?.cvssV2?.confidentialityImpact,
CvssV2IntegrityImpact = cve?.impact?.baseMetricV2?.cvssV2?.integrityImpact,
CvssV2AvailabilityImpact = cve?.impact?.baseMetricV2?.cvssV2?.availabilityImpact,
CvssV2BaseScore = cve?.impact?.baseMetricV2?.cvssV2?.baseScore
};
// Fix strings from JSON that won't match expected values
if (nvdData.CvssV3AttackVector == "ADJACENT_NETWORK")
{
nvdData.CvssV3AttackVector = "ADJACENT";
}
if (nvdData.CvssV2AccessVector == "ADJACENT_NETWORK")
{
nvdData.CvssV2AccessVector = "ADJACENTNETWORK";
}
data.Add(new object[] { nvdData });
}
}
return(data);
}
