prowler/tests/lib/utils/test_vulnerability_references.py at 5310b9e4021e385746d512442c0a0c0c5fdc6e0a · prowler-cloud/prowler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
from prowler.lib.utils.vulnerability_references import (
    build_finding_reference_url,
    resolve_vulnerability_reference_urls,
)


class TestBuildFindingReferenceUrl:
    def test_cve_id_returns_cve_org_url(self):
        assert (
            build_finding_reference_url("CVE-2023-1234")
            == "https://www.cve.org/CVERecord?id=CVE-2023-1234"
        )

    def test_lowercase_cve_id_is_normalized(self):
        assert (
            build_finding_reference_url("cve-2024-9999")
            == "https://www.cve.org/CVERecord?id=CVE-2024-9999"
        )

    def test_ghsa_id_returns_github_advisory_url(self):
        assert (
            build_finding_reference_url("GHSA-abcd-1234-efgh")
            == "https://github.com/advisories/GHSA-ABCD-1234-EFGH"
        )

    def test_avd_prefixed_id_strips_prefix_for_hub(self):
        assert (
            build_finding_reference_url("AVD-AWS-0001")
            == "https://hub.prowler.com/check/AWS-0001"
        )

    def test_clean_trivy_id_uses_hub_directly(self):
        assert (
            build_finding_reference_url("AWS-0104")
            == "https://hub.prowler.com/check/AWS-0104"
        )

    def test_kubernetes_id_uses_hub(self):
        assert (
            build_finding_reference_url("AVD-K8S-0001")
            == "https://hub.prowler.com/check/K8S-0001"
        )

    def test_dockerfile_id_uses_hub(self):
        assert (
            build_finding_reference_url("AVD-DOCKER-0001")
            == "https://hub.prowler.com/check/DOCKER-0001"
        )

    def test_whitespace_is_trimmed(self):
        assert (
            build_finding_reference_url("  AZU-0013  ")
            == "https://hub.prowler.com/check/AZU-0013"
        )


class TestResolveVulnerabilityReferenceUrls:
    def test_cve_with_cve_org_reference_uses_it(self):
        recommendation_url, additional_urls = resolve_vulnerability_reference_urls(
            vulnerability_id="CVE-2023-1234",
            references=[
                "https://avd.aquasec.com/nvd/cve-2023-1234",
                "https://www.cve.org/CVERecord?id=CVE-2023-1234",
                "https://nvd.nist.gov/vuln/detail/CVE-2023-1234",
            ],
            primary_url="https://avd.aquasec.com/nvd/cve-2023-1234",
        )

        assert recommendation_url == "https://www.cve.org/CVERecord?id=CVE-2023-1234"
        assert additional_urls == ["https://www.cve.org/CVERecord?id=CVE-2023-1234"]

    def test_cve_without_cve_org_reference_builds_url(self):
        recommendation_url, additional_urls = resolve_vulnerability_reference_urls(
            vulnerability_id="CVE-2023-5678",
            references=["https://nvd.nist.gov/vuln/detail/CVE-2023-5678"],
        )

        assert recommendation_url == "https://www.cve.org/CVERecord?id=CVE-2023-5678"
        assert additional_urls == ["https://www.cve.org/CVERecord?id=CVE-2023-5678"]

    def test_non_cve_id_returns_filtered_references(self):
        recommendation_url, additional_urls = resolve_vulnerability_reference_urls(
            vulnerability_id="GHSA-abcd-1234-efgh",
            references=[
                "https://avd.aquasec.com/nvd/ghsa-abcd-1234-efgh",
                "https://github.com/advisories/GHSA-abcd-1234-efgh",
            ],
        )

        assert recommendation_url == ""
        assert additional_urls == ["https://github.com/advisories/GHSA-abcd-1234-efgh"]