From af94a5df2c23f6ef2b72970941c3404ac4753088 Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Thu, 26 Jan 2023 23:35:10 +0530
Subject: [PATCH] Add tests for apache httpd improver

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 vulnerabilities/tests/test_apache_httpd.py    |  25 +++++
 .../apache-httpd-improver-expected.json       | 106 ++++++++++++++++++
 2 files changed, 131 insertions(+)
 create mode 100644 vulnerabilities/tests/test_data/apache_httpd/apache-httpd-improver-expected.json

diff --git a/vulnerabilities/tests/test_apache_httpd.py b/vulnerabilities/tests/test_apache_httpd.py
index 9ff6bd5b6..48d0a028e 100644
--- a/vulnerabilities/tests/test_apache_httpd.py
+++ b/vulnerabilities/tests/test_apache_httpd.py
@@ -9,13 +9,17 @@
 
 import json
 import os
+from unittest import mock
 
 import pytest
 from univers.version_constraint import VersionConstraint
 from univers.version_range import ApacheVersionRange
 from univers.versions import SemverVersion
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.apache_httpd import ApacheHTTPDImporter
+from vulnerabilities.importers.apache_httpd import ApacheHTTPDImprover
+from vulnerabilities.improvers.default import DefaultImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -116,3 +120,24 @@ def test_to_advisory_CVE_2022_28614():
     result = advisories.to_dict()
     expected_file = os.path.join(TEST_DATA, f"CVE-2022-28614-apache-httpd-expected.json")
     util_tests.check_results_against_json(result, expected_file)
+
+
+@mock.patch("vulnerabilities.importers.apache_httpd.ApacheHTTPDImprover.get_package_versions")
+def test_apache_httpd_improver(mock_response):
+    advisory_file = os.path.join(TEST_DATA, f"CVE-2021-44224-apache-httpd-expected.json")
+    expected_file = os.path.join(TEST_DATA, f"apache-httpd-improver-expected.json")
+    with open(advisory_file) as exp:
+        advisory = AdvisoryData.from_dict(json.load(exp))
+    mock_response.return_value = [
+        "2.4.8",
+        "2.4.9",
+        "2.4.10",
+        "2.4.53",
+        "2.4.54",
+    ]
+    improvers = [ApacheHTTPDImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+        result.extend(inference)
+    util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_data/apache_httpd/apache-httpd-improver-expected.json b/vulnerabilities/tests/test_data/apache_httpd/apache-httpd-improver-expected.json
new file mode 100644
index 000000000..4cffb6aac
--- /dev/null
+++ b/vulnerabilities/tests/test_data/apache_httpd/apache-httpd-improver-expected.json
@@ -0,0 +1,106 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-44224"
+    ],
+    "confidence": 100,
+    "summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nThis issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "httpd",
+        "version": "2.4.8",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "httpd",
+        "version": "2.4.9",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "httpd",
+        "version": "2.4.10",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "httpd",
+      "version": "2.4.53",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-44224",
+        "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json",
+        "severities": [
+          {
+            "system": "apache_httpd",
+            "value": "moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-44224"
+    ],
+    "confidence": 100,
+    "summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nThis issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "httpd",
+        "version": "2.4.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "httpd",
+        "version": "2.4.51",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "httpd",
+      "version": "2.4.52",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-44224",
+        "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json",
+        "severities": [
+          {
+            "system": "apache_httpd",
+            "value": "moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file