diff options
author | Alex Legler <alex@a3li.li> | 2011-02-26 14:47:12 +0100 |
---|---|---|
committer | Alex Legler <alex@a3li.li> | 2011-02-26 14:47:12 +0100 |
commit | 83a43aec01abd249d7c7d22430daeba7e490421b (patch) | |
tree | b7a64a7bac689b6cfec4c3d672b66029e497b961 /test | |
parent | It's 2011 (diff) | |
download | glsamaker-83a43aec01abd249d7c7d22430daeba7e490421b.tar.gz glsamaker-83a43aec01abd249d7c7d22430daeba7e490421b.tar.bz2 glsamaker-83a43aec01abd249d7c7d22430daeba7e490421b.zip |
Add new CVE model tests, fix existing ones.
Diffstat (limited to 'test')
-rw-r--r-- | test/fixtures/cves.yml | 8 | ||||
-rw-r--r-- | test/unit/cve_test.rb | 87 |
2 files changed, 91 insertions, 4 deletions
diff --git a/test/fixtures/cves.yml b/test/fixtures/cves.yml index f098882..50372d2 100644 --- a/test/fixtures/cves.yml +++ b/test/fixtures/cves.yml @@ -4,4 +4,10 @@ cve_one: cvss: 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P state: NFU published_at: 2004-01-01 20:42:00 -
\ No newline at end of file + +cve_two: + cve_id: CVE-2004-1777 + summary: "A 'range check error' in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114." + cvss: 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P + state: NEW + published_at: 2004-01-01 20:42:00
\ No newline at end of file diff --git a/test/unit/cve_test.rb b/test/unit/cve_test.rb index 252c651..303b828 100644 --- a/test/unit/cve_test.rb +++ b/test/unit/cve_test.rb @@ -4,8 +4,89 @@ class CVETest < ActiveSupport::TestCase test "URL generation" do cve = cves(:cve_one) - assert cve.url, 'http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776' - assert cve.url(:nvd), 'http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776' - assert cve.url(:mitre), 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776' + assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url) + assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url(:nvd)) + assert_equal('http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre)) + assert_raise(ArgumentError) { cve.url(:invalid_site) } + end + + test "to_s" do + assert_equal( + "CVE-2004-1776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.", + cves(:cve_one).to_s + ) + end + + test "assigning" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.assign(99999, user) + } + + assert_equal("ASSIGNED", cve.state) + assert_equal(user.id, cve.cve_changes.first.user_id) + assert_equal(99999, cve.assignments.first.bug) + end + + test "nfu" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.nfu(user) + } + + assert_equal("NFU", cve.state) + assert_equal(user.id, cve.cve_changes.first.user_id) + end + + test "invalid" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.invalidate(user) + } + + assert_equal("INVALID", cve.state) + assert_equal(user.id, cve.cve_changes.first.user_id) + end + + test "later" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.later(user) + } + + assert_equal("LATER", cve.state) + assert_equal(user.id, cve.cve_changes.first.user_id) + end + + test "mark as new" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.mark_new(user) + } + + assert_equal("NEW", cve.state) + assert_equal(user.id, cve.cve_changes.first.user_id) + end + + test "add comment" do + cve = cves(:cve_two) + user = users(:test_user) + + assert_nothing_raised(Exception) { + cve.add_comment(user, "Comment Text") + } + + assert_equal("Comment Text", cve.comments.first.comment) + assert_equal(user.id, cve.comments.first.user_id) end end |