Update test cases with new vulns and exploits

ra1nb0rn · Jan 9, 2024 · 3a75045 · 3a75045
1 parent 01ab225
commit 3a75045
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # Changelog
 This file keeps track of all notable changes between the different versions of search_vulns.
 
+## v0.4.11 - 2024-01-09
+### Fixed
+- Update test cases with new vulns and exploits.
+
+
 ## v0.4.10 - 2023-12-21
 ### Fixed
 - Update test cases with new exploits.

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2023 Dustin Born
+Copyright (c) 2021-2024 Dustin Born
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/cveid_to_edbid.json b/cveid_to_edbid.json
diff --git a/tests/test_cve_attr_completeness.py b/tests/test_cve_attr_completeness.py
@@ -37,7 +37,7 @@ def test_search_apache_2425(self):
     def test_search_proftpd_133c(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*', add_other_exploit_refs=True, is_good_cpe=True)
-        expected_attrs = {'CVE-2011-1137': {'published': '2011-03-11 17:55:03', 'cvss_ver': '2.0', 'cvss': '5.0', 'cvss_vec': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}, 'CVE-2011-4130': {'published': '2011-12-06 11:55:06', 'cvss_ver': '2.0', 'cvss': '9.0', 'cvss_vec': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}, 'CVE-2012-6095': {'published': '2013-01-24 21:55:01', 'cvss_ver': '2.0', 'cvss': '1.2', 'cvss_vec': 'AV:L/AC:H/Au:N/C:N/I:P/A:N'}, 'CVE-2019-19272': {'published': '2019-11-26 04:15:13', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2019-18217': {'published': '2019-10-21 04:15:10', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2020-9272': {'published': '2020-02-20 16:15:11', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}, 'CVE-2021-46854': {'published': '2022-11-23 07:15:09', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}, 'CVE-2019-19269': {'published': '2019-11-30 23:15:18', 'cvss_ver': '3.1', 'cvss': '4.9', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2019-19270': {'published': '2019-11-26 04:15:12', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'CVE-2019-12815': {'published': '2019-07-19 23:15:11', 'cvss_ver': '3.1', 'cvss': '9.8', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'CVE-2010-4652': {'published': '2011-02-02 01:00:04', 'cvss_ver': '2.0', 'cvss': '6.8', 'cvss_vec': 'AV:N/AC:M/Au:N/C:P/I:P/A:P'}, 'CVE-2019-19271': {'published': '2019-11-26 04:15:13', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}}
+        expected_attrs = {'CVE-2011-1137': {'published': '2011-03-11 17:55:03', 'cvss_ver': '2.0', 'cvss': '5.0', 'cvss_vec': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}, 'CVE-2011-4130': {'published': '2011-12-06 11:55:06', 'cvss_ver': '2.0', 'cvss': '9.0', 'cvss_vec': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}, 'CVE-2012-6095': {'published': '2013-01-24 21:55:01', 'cvss_ver': '2.0', 'cvss': '1.2', 'cvss_vec': 'AV:L/AC:H/Au:N/C:N/I:P/A:N'}, 'CVE-2019-19272': {'published': '2019-11-26 04:15:13', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2019-18217': {'published': '2019-10-21 04:15:10', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2020-9272': {'published': '2020-02-20 16:15:11', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}, 'CVE-2021-46854': {'published': '2022-11-23 07:15:09', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}, 'CVE-2019-19269': {'published': '2019-11-30 23:15:18', 'cvss_ver': '3.1', 'cvss': '4.9', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}, 'CVE-2019-19270': {'published': '2019-11-26 04:15:12', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'CVE-2019-12815': {'published': '2019-07-19 23:15:11', 'cvss_ver': '3.1', 'cvss': '9.8', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'CVE-2010-4652': {'published': '2011-02-02 01:00:04', 'cvss_ver': '2.0', 'cvss': '6.8', 'cvss_vec': 'AV:N/AC:M/Au:N/C:P/I:P/A:P'}, 'CVE-2019-19271': {'published': '2019-11-26 04:15:13', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'CVE-2023-48795': { 'published': '2023-12-18 16:15:10', 'cvss_ver': '3.1', 'cvss': '5.9', 'cvss_vec': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'CVE-2023-51713': {'published': '2023-12-22 03:15:09', 'cvss_ver': '3.1', 'cvss': '7.5', 'cvss_vec': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}}
 
         for cve, cve_attrs in result.items():
             self.assertIn(cve, expected_attrs)

diff --git a/tests/test_cve_completeness.py b/tests/test_cve_completeness.py
@@ -25,7 +25,7 @@ def test_search_apache_2425(self):
     def test_search_proftpd_133c(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*', add_other_exploit_refs=True, is_good_cpe=True)
-        expected_cves = ['CVE-2011-1137', 'CVE-2011-4130', 'CVE-2012-6095', 'CVE-2019-19271', 'CVE-2019-19272', 'CVE-2019-19269', 'CVE-2019-12815', 'CVE-2021-46854', 'CVE-2019-19270', 'CVE-2020-9272', 'CVE-2019-18217', 'CVE-2010-4652']
+        expected_cves = ['CVE-2011-1137', 'CVE-2011-4130', 'CVE-2012-6095', 'CVE-2019-19271', 'CVE-2019-19272', 'CVE-2019-19269', 'CVE-2019-12815', 'CVE-2021-46854', 'CVE-2019-19270', 'CVE-2020-9272', 'CVE-2019-18217', 'CVE-2010-4652', 'CVE-2023-51713', 'CVE-2023-48795']
         self.assertEqual(set(expected_cves), set(list(result.keys())))
 
     def test_search_thingsboard_341(self):

diff --git a/tests/test_exploit_completeness.py b/tests/test_exploit_completeness.py
@@ -13,7 +13,7 @@ class TestSearches(unittest.TestCase):
     def test_search_wp_572(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*',add_other_exploit_refs=True,is_good_cpe=True)
-        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/APTIRAN/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661', 'https://github.com/pog007/CVE-2023-5561-PoC']
+        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/APTIRAN/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661', 'https://github.com/pog007/CVE-2023-5561-PoC', 'https://github.com/p4ncontomat3/CVE-2022-21661']
         result_exploits = []
         for cve in result:
             data = result.get(cve)
@@ -37,7 +37,7 @@ def test_search_apache_2425(self):
     def test_search_proftpd_133c(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*',add_other_exploit_refs=True,is_good_cpe=True)
-        expected_exploits = ['https://www.exploit-db.com/exploits/16129', 'http://www.exploit-db.com/exploits/16129/', 'http://www.securityfocus.com/bid/46183', 'https://bugzilla.redhat.com/show_bug.cgi?id=681718', 'http://bugs.proftpd.org/show_bug.cgi?id=3711', 'http://bugs.proftpd.org/show_bug.cgi?id=3536', 'https://bugzilla.redhat.com/show_bug.cgi?id=670170', 'https://github.com/proftpd/proftpd/issues/846', 'https://github.com/proftpd/proftpd/issues/1284', 'http://bugs.proftpd.org/show_bug.cgi?id=4372', 'https://github.com/KTN1990/CVE-2019-12815', 'https://github.com/lcartey/proftpd-cve-2019-12815']
+        expected_exploits = ['https://www.exploit-db.com/exploits/16129', 'http://www.exploit-db.com/exploits/16129/', 'http://www.securityfocus.com/bid/46183', 'https://bugzilla.redhat.com/show_bug.cgi?id=681718', 'http://bugs.proftpd.org/show_bug.cgi?id=3711', 'http://bugs.proftpd.org/show_bug.cgi?id=3536', 'https://bugzilla.redhat.com/show_bug.cgi?id=670170', 'https://github.com/proftpd/proftpd/issues/846', 'https://github.com/proftpd/proftpd/issues/1284', 'http://bugs.proftpd.org/show_bug.cgi?id=4372', 'https://github.com/KTN1990/CVE-2019-12815', 'https://github.com/lcartey/proftpd-cve-2019-12815', 'https://github.com/proftpd/proftpd/issues/1683', 'https://www.terrapin-attack.com', 'https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554']
         result_exploits = []
         for cve in result:
             data = result.get(cve)
@@ -49,7 +49,7 @@ def test_search_proftpd_133c(self):
     def test_search_redis_323(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:redis:redis:3.2.3:*:*:*:*:*:*:*',add_other_exploit_refs=True,is_good_cpe=True)
-        expected_exploits = ['https://github.com/convisolabs/CVE-2022-24834', 'https://github.com/redis/redis/pull/10651', 'https://github.com/redis/redis/issues/8712', 'https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3', 'http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html', 'https://github.com/JacobEbben/CVE-2022-0543', 'https://github.com/SiennaSkies/redisHack', 'https://github.com/aodsec/CVE-2022-0543', 'https://github.com/z92g/CVE-2022-0543', 'https://github.com/redis/redis/pull/10651']
+        expected_exploits = ['https://github.com/convisolabs/CVE-2022-24834', 'https://github.com/redis/redis/pull/10651', 'https://github.com/redis/redis/issues/8712', 'https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3', 'http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html', 'https://github.com/JacobEbben/CVE-2022-0543', 'https://github.com/SiennaSkies/redisHack', 'https://github.com/z92g/CVE-2022-0543', 'https://github.com/redis/redis/pull/10651', 'https://github.com/0x7eTeam/CVE-2022-0543']
         result_exploits = []
         for cve in result:
             data = result.get(cve)

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.4.10
+0.4.11