Update test case with a new exploit

usdAG · Dec 21, 2023 · 01ab225 · 01ab225
1 parent 04038ac
commit 01ab225
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Changelog
 This file keeps track of all notable changes between the different versions of search_vulns.
 
+## v0.4.10 - 2023-12-21
+### Fixed
+- Update test cases with new exploits.
+- Strip user queries before macthing them to a CPE.
+
+
 ## v0.4.9 - 2023-12-12
 ### Added
 - Update cpe_search submodule and adapt search_vulns code to it:

diff --git a/tests/test_exploit_completeness.py b/tests/test_exploit_completeness.py
@@ -13,7 +13,7 @@ class TestSearches(unittest.TestCase):
     def test_search_wp_572(self):
         self.maxDiff = None
         result = search_vulns.search_vulns(query='cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*',add_other_exploit_refs=True,is_good_cpe=True)
-        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/APTIRAN/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661']
+        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/APTIRAN/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661', 'https://github.com/pog007/CVE-2023-5561-PoC']
         result_exploits = []
         for cve in result:
             data = result.get(cve)

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.4.9
+0.4.10