vulnerability_test.go

// Copyright 2020 Joakim Kennedy. All rights reserved. Use of
// this source code is governed by the included BSD license.

package stix2

import (
	"encoding/json"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
)

func TestVulnerability(t *testing.T) {
	assert := assert.New(t)

	ts := &Timestamp{time.Now()}
	desc := "Vulnerability content"
	name := "CVE-2015-12345"

	t.Run("missing_property", func(t *testing.T) {
		obj, err := NewVulnerability("", nil)
		assert.Nil(obj)
		assert.Equal(ErrPropertyMissing, err)
	})

	t.Run("no_optional", func(t *testing.T) {
		obj, err := NewVulnerability(name, nil)
		assert.NotNil(obj)
		assert.NoError(err)
	})

	t.Run("with_options", func(t *testing.T) {
		conf := 50
		createdBy := NewIdentifier(TypeIdentity)
		ref := &ExternalReference{}
		marking := make([]*GranularMarking, 0)
		labels := []string{"tag1", "tag2"}
		lang := "en"
		objmark := []Identifier{Identifier("id")}
		specVer := "2.0"

		opts := []STIXOption{
			OptionConfidence(conf),
			OptionCreated(ts),
			OptionModified(ts),
			OptionCreatedBy(createdBy),
			OptionExternalReferences([]*ExternalReference{ref}),
			OptionGranularMarking(marking),
			OptionLabels(labels),
			OptionLang(lang),
			OptionObjectMarking(objmark),
			OptionRevoked(true),
			OptionSpecVersion(specVer),
			//
			OptionDescription(desc),
		}
		obj, err := NewVulnerability(name, opts...)
		assert.NotNil(obj)
		assert.NoError(err)
		assert.Equal(conf, obj.Confidence)
		assert.Equal(ts, obj.Created)
		assert.Equal(ts, obj.Modified)
		assert.Equal(createdBy, obj.CreatedBy)
		assert.Contains(obj.ExternalReferences, ref)
		assert.Equal(marking, obj.GranularMarking)
		assert.Equal(labels, obj.Labels)
		assert.Equal(lang, obj.Lang)
		assert.Equal(objmark, obj.ObjectMarking)
		assert.True(obj.Revoked)
		assert.Equal(specVer, obj.SpecVersion)

		assert.Equal(desc, obj.Description)
		assert.Equal(name, obj.Name)
	})

	t.Run("parse_json", func(t *testing.T) {
		data := []byte(`{
  "type": "vulnerability",
  "spec_version": "2.1",
  "id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
  "created": "2016-05-12T08:17:27.000Z",
  "modified": "2016-05-12T08:17:27.000Z",
  "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
  "name": "CVE-2016-1234",
  "external_references": [
    {
      "source_name": "cve",
      "external_id": "CVE-2016-1234"
    }
  ]
}`)
		ts, err := time.Parse(time.RFC3339Nano, "2016-05-12T08:17:27.000Z")
		assert.NoError(err)
		var obj *Vulnerability
		err = json.Unmarshal(data, &obj)
		assert.NoError(err)
		assert.Equal(Identifier("vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"), obj.ID)
		assert.Equal("2.1", obj.SpecVersion)
		assert.Equal(TypeVulnerability, obj.Type)
		assert.Equal(ts, obj.Created.Time)
		assert.Equal(ts, obj.Modified.Time)
		assert.Equal("CVE-2016-1234", obj.Name)
		assert.Len(obj.ExternalReferences, 1)
		assert.Equal("cve", obj.ExternalReferences[0].Name)
		assert.Equal("CVE-2016-1234", obj.ExternalReferences[0].ExternalID)
	})
}