aboutcode-org · sbs2001 · Dec 18, 2020 · Dec 18, 2020 · Dec 18, 2020
diff --git a/vulnerabilities/importers/nginx.py b/vulnerabilities/importers/nginx.py
@@ -51,7 +51,7 @@ def set_api(self):
         self.version_api = GitHubTagsAPI()
         asyncio.run(self.version_api.load_api(["nginx/nginx"]))
 
-        # For some reason nginx tags it's releases in the form of `release-1.2.3`
+        # For some reason nginx tags it's releases are in the form of `release-1.2.3`
         # Chop off the `release-` part here.
         for index, version in enumerate(self.version_api.cache["nginx/nginx"]):
             self.version_api.cache["nginx/nginx"][index] = version.replace("release-", "")

diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories.html b/vulnerabilities/tests/test_data/nginx/security_advisories.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html><head></head>
+</p><p>
+Patches are signed using one of the
+<a href="pgp_keys.html">PGP public keys</a>.
+</p><ul>
+
+
+<li><p>Stack-based buffer overflow with specially crafted request<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028">CVE-2013-2028</a><br>Not vulnerable: 1.5.0+, 1.4.1+<br>Vulnerable: 1.3.9-1.4.0<br><a href="/download/patch.2013.chunked.txt">The patch</a>  <a href="/download/patch.2013.chunked.txt.asc">pgp</a></p></li>
+
+<!-- Use this -->
+<li><p>Vulnerabilities with Windows directory aliases<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963">CVE-2011-4963</a><br>Not vulnerable: 1.3.1+, 1.2.1+<br>Vulnerable: nginx/Windows 0.7.52-1.3.0</p></li>
+
+
+<!-- Use this -->
+<li><p>Vulnerabilities with invalid UTF-8 sequence on Windows<br>Severity: <b>major</b><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2266">CVE-2010-2266</a><br>Not vulnerable: 0.8.41+, 0.7.67+<br>Vulnerable: nginx/Windows 0.7.52-0.8.40</p></li>
+
+
+<!-- Use this -->
+<li><p>An error log data are not sanitized<br>Severity: none<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487">CVE-2009-4487</a><br>Not vulnerable: none<br>Vulnerable: all</p></li>
+
+
+<li><p>The renegotiation vulnerability in SSL protocol<br>Severity: <b>major</b><br><a href="http://www.kb.cert.org/vuls/id/120541">VU#120541</a>  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</a><br>Not vulnerable: 0.8.23+, 0.7.64+<br>Vulnerable: 0.1.0-0.8.22<br><a href="/download/patch.cve-2009-3555.txt">The patch</a>  <a href="/download/patch.cve-2009-3555.txt.asc">pgp</a></p></li>
+
+<li><p>Directory traversal vulnerability<br>Severity: minor<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898">CVE-2009-3898</a><br>Not vulnerable: 0.8.17+, 0.7.63+<br>Vulnerable: 0.1.0-0.8.16</p></li>
+/patch.null.pointer.txt">The patch</a>  <a href="/download/patch.null.pointer.txt.asc">pgp</a></p></li>
+
+</ul></div></div></body></html>
diff --git a/vulnerabilities/tests/test_data/postgresql/advisories.html b/vulnerabilities/tests/test_data/postgresql/advisories.html
@@ -0,0 +1,231 @@
+<!doctype html>
+<html lang="en">
+ <head>
+  <title>PostgreSQL: Security Information</title>
+
+  </head>
+  <body>
+    <div class="container-fluid">
+      <div class="row justify-content-center pg-shout-box">
+        <div class="col text-white text-center">12th November 2020: <a href="https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/">
+  PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, &amp; 9.5.24 Released</a>!
+
+</div>
+      </div>
+    </div>
+
+<div class="container-fluid margin">
+  <div class="row">
+    <div class="col-lg-2">
+      <div id="pgSideWrap">
+
+       <div id="pgSideNav">
+         <h2>Quick Links</h2>
+
+         <ul>
+
+
+           <li><a href="/support/">Support</a>
+
+
+
+           </li>
+           <li><a href="/support/versioning/">Versioning Policy</a>
+
+
+
+           </li>
+           <li><a href="/support/security/">Security</a>
+
+
+
+           </li>
+           <li><a href="/support/professional_support/">Professional Services</a>
+
+
+
+           </li>
+           <li><a href="/support/professional_hosting/">Hosting Solutions</a>
+
+
+
+           </li>
+           <li class="last-child"><a href="/account/submitbug/">Report a Bug</a>
+
+
+           </li>
+
+
+        </ul>
+
+       </div>
+
+      </div> <!-- pgSideWrap -->
+    </div>
+    <div class="col-lg-10">
+      <div id="pgContentWrap">
+
+
+<h1>Security Information <i class="fas fa-lock"></i></h1>
+
+<p>
+If you wish to report a new security vulnerability in PostgreSQL, please
+send an email to
+<a href="mailto:[email protected]">[email protected]</a>.
+For reporting non-security bugs, please see the <a href="/account/submitbug/">Report a Bug</a> page.
+</p>
+
+
+<h2>Known security issues in all supported versions</h2>
+<p>
+You can filter the view of patches to show just patches for version:<br/>
+
+<a href="/support/security/13/">13</a> -
+
+<a href="/support/security/12/">12</a> -
+
+<a href="/support/security/11/">11</a> -
+
+<a href="/support/security/10/">10</a> -
+
+<a href="/support/security/9.6/">9.6</a> -
+
+<a href="/support/security/9.5/">9.5</a>
+
+- <a href="/support/security/">all</a>
+</p>
+
+<table class="table table-striped">
+  <thead class="thead-light">
+    <tr>
+      <th>Reference</th>
+      <th>Affected</th>
+      <th>Fixed</th>
+      <th><a href="#comp">Component</a> & CVSS v3 Base Score</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+
+      <tr>
+        <td>
+          <nobr>CVE-2020-10733</nobr><br/>
+          <a href="/about/news/postgresql-123-118-1013-9618-and-9522-released-2038/">Announcement</a><br/>
+        </td>
+        <td>9.5</td>
+        <td>9.5.22</td>
+        <td>packaging<br/>
+          <a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H">6.7</a><br/><span class="cvssvector">AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H</span>
+    </td>
+        <td>Windows installer runs executables from uncontrolled directories</td>
+      </tr>
+
+      <tr>
+        <td>
+          <nobr><a href="https://access.redhat.com/security/cve/CVE-2020-1720">CVE-2020-1720</a></nobr><br/>
+          <a href="/about/news/postgresql-122-117-1012-9617-9521-and-9426-released-2011/">Announcement</a><br/>
+        </td>
+        <td>11, 12</td>
+        <td></td>
+        <td>core server<br/>
+          <a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N">3.1</a><br/><span class="cvssvector">AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N</span>
+    </td>
+        <td>ALTER ... DEPENDS ON EXTENSION is missing authorization checks.</td>
+      </tr>
+
+  </tbody>
+</table>
+
+<h3>Unsupported versions</h3>
+<p>
+  You can also view archived security patches for unsupported versions. Note that no further
+  security patches are made available for these versions as they are end of life.<br/>
+
+<a href="/support/security/9.4/">9.4</a> -
+
+<a href="/support/security/9.3/">9.3</a> -
+
+<a href="/support/security/9.2/">9.2</a> -
+
+<a href="/support/security/9.1/">9.1</a> -
+
+<a href="/support/security/9.0/">9.0</a> -
+
+<a href="/support/security/8.4/">8.4</a> -
+
+<a href="/support/security/8.3/">8.3</a> -
+
+<a href="/support/security/8.2/">8.2</a> -
+
+<a href="/support/security/8.1/">8.1</a> -
+
+<a href="/support/security/8.0/">8.0</a> -
+
+<a href="/support/security/7.4/">7.4</a> -
+
+<a href="/support/security/7.3/">7.3</a>
+
+</p>
+
+
+<a name="comp"></a>
+<h2>Components</h2>
+<p>
+The following component references are used in the above table:
+</p>
+
+<table class="table table-striped">
+  <thead class="thead-light">
+    <tr>
+      <th>Component</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+      <tr>
+       <td>core server</td>
+       <td>This vulnerability exists in the core server product.</td>
+      </tr>
+
+      <tr>
+       <td>client</td>
+       <td>This vulnerability exists in a client library or client application only.</td>
+      </tr>
+
+      <tr>
+       <td>contrib module</td>
+       <td>This vulnerability exists in a contrib module. Contrib modules are not installed by default when PostgreSQL is installed from source. They may be installed by binary packages.</td>
+      </tr>
+
+      <tr>
+       <td>client contrib module</td>
+       <td>This vulnerability exists in a contrib module used on the client only.</td>
+      </tr>
+
+      <tr>
+       <td>packaging</td>
+       <td>This vulnerability exists in PostgreSQL binary packaging, e.g. an installer or RPM.</td>
+      </tr>
+  </tbody>
+</table>
+
+
+
+      </div> <!-- pgContentWrap -->
+    </div>
+  </div>
+</div>
+
+    <!-- Footer -->
+    <footer id="footer">
+      <!-- Copyright -->
+      <div class="container">
+        <a href="/about/policies/">Policies</a> |
+        <a href="/about/policies/coc/">Code of Conduct</a> |
+        <a href="/about/">About PostgreSQL</a> |
+        <a href="/about/contact/">Contact</a><br/>
+        <p>Copyright &copy; 1996-2020 The PostgreSQL Global Development Group</p>
+      </div>
+    </footer>
+  </body>
+</html>