crawler test fixes

SoftwareDesignLab · Nov 28, 2023 · 7d7c92f · 7d7c92f
1 parent 704e7bd
commit 7d7c92f
Show file tree

Hide file tree

Showing 57 changed files with 220 additions and 203 deletions.
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/github/PyPAGithubScraperTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/github/PyPAGithubScraperTest.java
@@ -22,7 +22,7 @@ public void testPyPA() {
 
         assertEquals(vuln.getCveId(), "CVE-2017-16763");
         assertTrue(vuln.getDescription().contains("An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0"));
-        assertEquals(vuln.getPublishDate(), "2017-11-10 09:29:00");
-        assertEquals(vuln.getLastModifiedDate(), "2021-08-25 04:29:57");
+        assertEquals("2017-11-10 09:29:00", vuln.getPublishDateString());
+        assertEquals("2021-08-25 04:29:57", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/github/PyPaYamlFileTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/github/PyPaYamlFileTest.java
@@ -29,8 +29,8 @@ public void test_from_pysec_2023_173(){
                         " The likelihood of this vulnerability is possible as it requires minimal skills to" +
                         " pull off, especially given the underlying login functionality for Piccolo based" +
                         " sites is open source. This issue has been patched in version 0.121.0.",
-                "Tue Sep 12 21:15:00 UTC 2023",
-                "Tue Sep 19 05:26:00 UTC 2023",
+                "Tue Sep 12 17:15:00 EDT 2023",
+                "Tue Sep 19 01:26:00 EDT 2023",
                 List.of("CVE-2023-41885", "GHSA-h7cm-mrvq-wcfr")
         );
 
@@ -48,7 +48,7 @@ public void test_from_pysec_2023_174(){
                         " that are vulnerable to CVE-2023-4863. imagecodecs v2023.9.18 upgrades the bundled" +
                         " libwebp binary to v1.3.2.",
                 "",
-                "Wed Sep 20 05:12:42 UTC 2023",
+                "Wed Sep 20 01:12:42 EDT 2023",
                 List.of()
         );
 

diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/ABBParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/ABBParserTest.java
@@ -23,7 +23,7 @@ public void testABBDownloadAndParse() {
         RawVulnerability vuln = list.get(0);
         assertEquals("CVE-2023-0580", vuln.getCveId());
         assertTrue(vuln.getDescription().contains("An attacker who successfully exploited this vulnerability could gain access to the protected application"));
-        assertEquals("2023-03-27 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-27 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-03-27 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-27 00:00:00", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AcronisParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AcronisParserTest.java
@@ -47,8 +47,8 @@ public void testAcronisSingle() {
         RawVulnerability vuln = list.get(0);
         assertEquals("CVE-2022-3405", vuln.getCveId());
         assertTrue(vuln.getDescription().contains("Code execution and sensitive information disclosure due"));
-        assertEquals("2022-11-17 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-09 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-11-17 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-09 00:00:00", vuln.getLastModifiedDateString());
     }
 
     // Multiple CVE, nothing above title, located in description
@@ -63,8 +63,8 @@ public void testAcronisMultiple() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2022-3602");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("OpenSSL project team released a security advisory"));
-        assertEquals("2022-11-01 00:00:00", vuln.getPublishDate());
-        assertEquals("2022-11-01 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-11-01 00:00:00", vuln.getPublishDateString());
+        assertEquals("2022-11-01 00:00:00", vuln.getLastModifiedDateString());
     }
 
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AdobeParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AdobeParserTest.java
@@ -47,8 +47,8 @@ public void testAdobe() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2023-22247");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("Adobe has released a security update for Adobe Commerce and Magento Open Source."));
-        assertEquals("2023-03-14 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-14 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-03-14 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-14 00:00:00", vuln.getLastModifiedDateString());
 
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AliasRoboParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AliasRoboParserTest.java
@@ -48,8 +48,8 @@ public void testAliasObj() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2023-24012");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("Attacker can arbitrarily craft malicious DDS Participants"));
-        assertEquals("2023-02-25 04:55:00", vuln.getPublishDate());
-        assertEquals("2023-02-25 04:55:00", vuln.getLastModifiedDate());
+        assertEquals("2023-02-25 04:55:00", vuln.getPublishDateString());
+        assertEquals("2023-02-25 04:55:00", vuln.getLastModifiedDateString());
 
     }
 
@@ -65,8 +65,8 @@ public void testAlias() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2020-10292");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("Visual Components (owned by KUKA) is a robotic simulator that allows"));
-        assertEquals("2020-11-06 04:26:00", vuln.getPublishDate());
-        assertEquals("2020-11-06 04:26:00", vuln.getLastModifiedDate());
+        assertEquals("2020-11-06 04:26:00", vuln.getPublishDateString());
+        assertEquals("2020-11-06 04:26:00", vuln.getLastModifiedDateString());
 
     }
 

diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AmpereParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AmpereParserTest.java
@@ -45,7 +45,7 @@ public void testAmpere() {
         assertEquals(6, list.size());
         RawVulnerability vuln = getVulnerability(list, "CVE-2022-46892");
         assertTrue(vuln.getDescription().contains("A Root complex is typically disabled during boot via the BIOS"));
-        assertEquals("2023-02-14 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-02-14 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-02-14 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-02-14 00:00:00", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AndroidParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AndroidParserTest.java
@@ -49,8 +49,8 @@ public void testAndroidBulletin() {
         assertEquals("CVE-2023-20933", vuln.getCveId());
         assertTrue(vuln.getDescription().contains("local escalation of privilege with no additional execution privileges needed"));
         assertFalse(vuln.getDescription().contains("lead to remote code execution with no additional"));
-        assertEquals("2023-02-06 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-02-08 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-02-06 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-02-08 00:00:00", vuln.getLastModifiedDateString());
     }
 
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AnquankeParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AnquankeParserTest.java
@@ -24,7 +24,7 @@ public void testAnquankeParser() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2020-5764");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("安卓MX Player播放器路径穿越和代码执行漏洞"));
-        assertEquals("2020-07-10 16:30:16", vuln.getPublishDate());
-        assertEquals("2020-07-10 16:30:16", vuln.getLastModifiedDate());
+        assertEquals("2020-07-10 16:30:16", vuln.getPublishDateString());
+        assertEquals("2020-07-10 16:30:16", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AristaParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AristaParserTest.java
@@ -24,8 +24,8 @@ public void testAristaSingle() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2023-24546");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("This advisory impacts the Arista CloudVision Portal products when run on-premise"));
-        assertEquals("2023-03-07 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-07 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-03-07 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-07 00:00:00", vuln.getLastModifiedDateString());
     }
 
 
@@ -40,7 +40,7 @@ public void testAristaMultiple() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2021-28509");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols."));
-        assertEquals("2022-05-25 00:00:00", vuln.getPublishDate());
-        assertEquals("2022-05-27 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-05-25 00:00:00", vuln.getPublishDateString());
+        assertEquals("2022-05-27 00:00:00", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/ArubaParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/ArubaParserTest.java
@@ -46,8 +46,8 @@ public void testArubaSingle() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2022-23678");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("A vulnerability exists in the Aruba VIA client for Microsoft"));
-        assertEquals("2022-07-26 00:00:00", vuln.getPublishDate());
-        assertEquals("2022-08-19 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-07-26 00:00:00", vuln.getPublishDateString());
+        assertEquals("2022-08-19 00:00:00", vuln.getLastModifiedDateString());
     }
 
 
@@ -63,8 +63,8 @@ public void testArubaMultiple() {
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("further privileges on the ClearPass instance"));
         assertFalse(vuln.getDescription().contains("execute arbitrary script code in a victim's"));
-        assertEquals("2023-03-14 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-14 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-03-14 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-14 00:00:00", vuln.getLastModifiedDateString());
     }
 
     @Test

diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AsustorParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AsustorParserTest.java
@@ -33,8 +33,8 @@ public void testAsustorParserSingle() {
         RawVulnerability vuln = getVulnerability(list, "CVE-2022-0847");
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking prope"));
-        assertEquals("2022-03-11 00:00:00", vuln.getPublishDate());
-        assertEquals("2022-07-07 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-03-11 00:00:00", vuln.getPublishDateString());
+        assertEquals("2022-07-07 00:00:00", vuln.getLastModifiedDateString());
     }
 
     @Test
@@ -49,8 +49,8 @@ public void testAsustorParserMultiple() {
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE."));
         assertFalse(vuln.getDescription().contains("This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack."));
-        assertEquals("2023-03-31 00:00:00", vuln.getPublishDate());
-        assertEquals("2023-03-31 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2023-03-31 00:00:00", vuln.getPublishDateString());
+        assertEquals("2023-03-31 00:00:00", vuln.getLastModifiedDateString());
     }
 
 

diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AtlassianParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AtlassianParserTest.java
@@ -46,8 +46,8 @@ public void testAtlassianSingleNoDesc() {
         assertEquals("CVE-2022-36804", vuln.getCveId());
         assertTrue(vuln.getDescription().contains("command injection vulnerability in multiple API endpoints"));
         assertFalse(vuln.getDescription().contains("evaluate its applicability to your own IT environment"));
-        assertEquals("2022-08-24 10:00:00", vuln.getPublishDate());
-        assertEquals("2022-08-24 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-08-24 10:00:00", vuln.getPublishDateString());
+        assertEquals("2022-08-24 00:00:00", vuln.getLastModifiedDateString());
 
     }
 
@@ -69,8 +69,8 @@ public void testAtlassianMultipleNoDesc() {
         assertFalse(vuln1.getDescription().contains(desc2));
         assertTrue(vuln2.getDescription().contains(desc2));
         assertFalse(vuln2.getDescription().contains(desc1));
-        assertEquals("2023-02-15 10:00:00", vuln1.getPublishDate());
-        assertEquals("2023-02-17 00:00:00", vuln2.getLastModifiedDate());
+        assertEquals("2023-02-15 10:00:00", vuln1.getPublishDateString());
+        assertEquals("2023-02-17 00:00:00", vuln2.getLastModifiedDateString());
     }
 
     @Test
@@ -84,8 +84,8 @@ public void testAtlassianSingleWithDesc() {
         RawVulnerability vuln = list.get(0);
         assertEquals("CVE-2019-15006", vuln.getCveId());
         assertTrue(vuln.getDescription().contains("An attacker could perform the described attack by denying their victim access"));
-        assertEquals("2019-12-18 10:00:00", vuln.getPublishDate());
-        assertEquals("2020-01-08 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2019-12-18 10:00:00", vuln.getPublishDateString());
+        assertEquals("2020-01-08 00:00:00", vuln.getLastModifiedDateString());
     }
 
     @Test
@@ -115,7 +115,7 @@ public void testAtlassianMultipleWithDesc() {
         assertTrue(vuln3.getDescription().contains(desc3));
         assertFalse(vuln3.getDescription().contains(desc1));
         assertFalse(vuln3.getDescription().contains(desc2));
-        assertEquals("2020-01-15 10:00:00", vuln1.getPublishDate());
-        assertEquals("2020-01-28 00:00:00", vuln2.getLastModifiedDate());
+        assertEquals("2020-01-15 10:00:00", vuln1.getPublishDateString());
+        assertEquals("2020-01-28 00:00:00", vuln2.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AutodeskParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/AutodeskParserTest.java
@@ -52,8 +52,8 @@ public void testAutodesk() {
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("Expat"));
         assertTrue(vuln.getDescription().contains("Autodesk products leveraging internal components"));
-        assertEquals("2022-07-28 00:00:00", vuln.getLastModifiedDate());
-        assertEquals("2022-10-12 00:00:00", vuln.getPublishDate());
+        assertEquals("2022-07-28 00:00:00", vuln.getLastModifiedDateString());
+        assertEquals("2022-10-12 00:00:00", vuln.getPublishDateString());
 
         vuln = getVulnerability(list, "CVE-2021-22947");
         assertNotNull(vuln);
@@ -69,7 +69,7 @@ public void testAutodeskMulti() {
         assertNotNull(vuln);
         assertTrue(vuln.getDescription().contains("A maliciously crafted PCT"));
         assertFalse(vuln.getDescription().contains("Applications and services that utilize"));
-        assertEquals("2022-12-14 00:00:00", vuln.getPublishDate());
-        assertEquals("2022-12-14 00:00:00", vuln.getLastModifiedDate());
+        assertEquals("2022-12-14 00:00:00", vuln.getPublishDateString());
+        assertEquals("2022-12-14 00:00:00", vuln.getLastModifiedDateString());
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BoschSecurityParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BoschSecurityParserTest.java
@@ -59,8 +59,8 @@ public void testBoschSecurityParser() throws IOException {
                 vuln1.getDescription());
         assertEquals("Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.",
                 vuln2.getDescription());
-        assertEquals("2022-11-23 00:00:00", vuln1.getPublishDate());
-        assertEquals("2022-11-23 00:00:00", vuln1.getLastModifiedDate());
+        assertEquals("2022-11-23 00:00:00", vuln1.getPublishDateString());
+        assertEquals("2022-11-23 00:00:00", vuln1.getLastModifiedDateString());
 
     }
 }
diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BugsGentooParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BugsGentooParserTest.java
@@ -60,8 +60,8 @@ public void testBugsGentooParserSingleCVE() throws IOException {
 
         assertEquals("A TOCTOU (time-of-check time-of-use) race condition was found in the way systemd, a system and service manager, used to update file permissions and SELinux security contexts. A local attacker could use this flaw to conduct symbolic link attacks possibly leading to their ability to modify permissions / security context of a path different than originally intended / requested. Issue found by Florian Weimer, Red Hat Product Security Team",
                 vuln1.getDescription());
-        assertEquals("2016-11-23 20:58:00", vuln1.getPublishDate());
-        assertEquals("2019-04-02 05:19:00", vuln1.getLastModifiedDate());
+        assertEquals("2016-11-23 20:58:00", vuln1.getPublishDateString());
+        assertEquals("2019-04-02 05:19:00", vuln1.getLastModifiedDateString());
 
     }
 
@@ -87,8 +87,8 @@ public void testBugsGentooParserMultiCVE() throws IOException {
                 vuln1.getDescription());
         assertEquals("Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.",
                 vuln2.getDescription());
-        assertEquals("2023-01-15 04:09:00", vuln1.getPublishDate());
-        assertEquals("2023-01-15 04:09:00", vuln1.getLastModifiedDate());
+        assertEquals("2023-01-15 04:09:00", vuln1.getPublishDateString());
+        assertEquals("2023-01-15 04:09:00", vuln1.getLastModifiedDateString());
     }
 
 

diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BugzillaParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/BugzillaParserTest.java
@@ -42,8 +42,8 @@ public void testBugzillaOldPage() {
 		assertEquals(1, list.size());
 		RawVulnerability vuln = list.get(0);
 		assertEquals("CVE-2013-1747", vuln.getCveId());
-		assertEquals("2013-03-29 00:00:00", vuln.getPublishDate());
-		assertEquals("2020-10-31 00:00:00", vuln.getLastModifiedDate());
+		assertEquals("2013-03-29 00:00:00", vuln.getPublishDateString());
+		assertEquals("2020-10-31 00:00:00", vuln.getLastModifiedDateString());
 		assertTrue(vuln.getDescription().contains("DoS (assertion failure, crash) via a KICK command"));
 	}
 
@@ -54,7 +54,7 @@ public void testBugzillaNewPage() {
 		assertEquals(1, list.size());
 		RawVulnerability vuln = list.get(0);
 		assertEquals("CVE-2018-3736", vuln.getCveId());
-		assertEquals("2018-05-10 00:00:00", vuln.getPublishDate());
+		assertEquals("2018-05-10 00:00:00", vuln.getPublishDateString());
 		assertTrue(vuln.getDescription().contains("nodejs-https-proxy-agent: Unsanitized options passed to Buffer()"));
 	}
 }