1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
require 'test_helper'
class CveTest < ActiveSupport::TestCase
test "URL generation" do
cve = cves(:cve_one)
assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url)
assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url(:nvd))
assert_equal('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre))
assert_raise(ArgumentError) { cve.url(:invalid_site) }
end
test "to_s" do
assert_equal(
"CVE-2004-1776 (https://nvd.nist.gov/vuln/detail/CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.",
cves(:cve_one).to_s
)
end
test "assigning" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.assign(99999, user)
}
assert_equal("ASSIGNED", cve.state)
assert_equal(user.id, cve.cve_changes.first.user_id)
assert_equal(99999, cve.assignments.first.bug)
end
test "nfu" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.nfu(user)
}
assert_equal("NFU", cve.state)
assert_equal(user.id, cve.cve_changes.first.user_id)
end
test "invalid" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.invalidate(user)
}
assert_equal("INVALID", cve.state)
assert_equal(user.id, cve.cve_changes.first.user_id)
end
test "later" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.later(user)
}
assert_equal("LATER", cve.state)
assert_equal(user.id, cve.cve_changes.first.user_id)
end
test "mark as new" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.mark_new(user)
}
assert_equal("NEW", cve.state)
assert_equal(user.id, cve.cve_changes.first.user_id)
end
test "add comment" do
cve = cves(:cve_two)
user = users(:test_user)
assert_nothing_raised(Exception) {
cve.add_comment(user, "Comment Text")
}
assert_equal("Comment Text", cve.comments.first.comment)
assert_equal(user.id, cve.comments.first.user_id)
end
end
|