Adjust text example

* Use file-based test expectation for sanity. Otherwise updating test
  expectations to match code changes becomes a painful chore.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Author: pombredanne

vulnerabilities/tests/example_importer_improver.py

@@ -54,6 +54,9 @@ def fetch_advisory_data():
 
 
 def parse_advisory_data(raw_data) -> AdvisoryData:
+    """
+    Return AdvisoryData build from a mapping of ``raw_data`` example advisory.
+    """
     purl = PackageURL(type="example", name="dummy_package")
     affected_version_range = NginxVersionRange.from_native(raw_data["vulnerable"])
     fixed_version = SemverVersion(raw_data["fixed"])
@@ -64,6 +67,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
         system=SCORING_SYSTEMS["generic_textual"], value=raw_data["advisory_severity"]
     )
     references = [Reference(url=raw_data["reference"], severities=[severity])]
+    # The original format is "06-10-2021 UTC" and we convert this a
     date_published = datetime.strptime(raw_data["published_on"], "%d-%m-%Y %Z").replace(
         tzinfo=timezone.utc
     )

vulnerabilities/tests/test_data/example/parse_advisory_data-expected.json

@@ -0,0 +1,33 @@
+{
+  "aliases": [
+    "CVE-2021-12341337"
+  ],
+  "summary": "Dummy advisory",
+  "affected_packages": [
+    {
+      "package": {
+        "type": "example",
+        "namespace": null,
+        "name": "dummy_package",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": "vers:nginx/>=0.6.18|<=1.20.0",
+      "fixed_version": "1.20.1"
+    }
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "http://example.com/cve-2021-1234",
+      "severities": [
+        {
+          "system": "generic_textual",
+          "value": "high"
+        }
+      ]
+    }
+  ],
+  "date_published": "2021-10-06T00:00:00+00:00"
+}

vulnerabilities/tests/test_example.py

@@ -1,39 +1,49 @@
-import datetime
-import os
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# http://nexb.com and https://github.com/nexB/vulnerablecode/
+# The VulnerableCode software is licensed under the Apache License version 2.0.
+# Data generated with VulnerableCode require an acknowledgment.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# When you publish or redistribute any data created with VulnerableCode or any VulnerableCode
+# derivative work, you must accompany this data with the following acknowledgment:
+#
+#  Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+#  VulnerableCode should be considered or used as legal advice. Consult an Attorney
+#  for any legal advice.
+#  VulnerableCode is a free software tool from nexB Inc. and others.
+#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
+
+from pathlib import Path
 from unittest.mock import patch
 
-from django.test import TestCase
-from packageurl import PackageURL
-from univers.version_constraint import VersionConstraint
-from univers.version_range import NginxVersionRange
-from univers.versions import SemverVersion
+from commoncode import testcase
 
 from vulnerabilities import models
 from vulnerabilities.import_runner import ImportRunner
-from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import Reference
-from vulnerabilities.importer import ScoringSystem
-from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.improve_runner import ImproveRunner
 from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.tests import util_tests
 from vulnerabilities.tests.example_importer_improver import ExampleAliasImprover
 from vulnerabilities.tests.example_importer_improver import ExampleImporter
 from vulnerabilities.tests.example_importer_improver import parse_advisory_data
 
 
 def mock_fetch_advisory_data():
-    return [
-        {
-            "id": "CVE-2021-12341337",
-            "summary": "Dummy advisory",
-            "advisory_severity": "high",
-            "vulnerable": "0.6.18-1.20.0",
-            "fixed": "1.20.1",
-            "reference": "http://example.com/cve-2021-1234",
-            "published_on": "06-10-2021 UTC",
-        }
-    ]
+    return {
+        "id": "CVE-2021-12341337",
+        "summary": "Dummy advisory",
+        "advisory_severity": "high",
+        "vulnerable": "0.6.18-1.20.0",
+        "fixed": "1.20.1",
+        "reference": "http://example.com/cve-2021-1234",
+        "published_on": "06-10-2021 UTC",
+    }
 
 
 def mock_fetch_additional_aliases(alias):
@@ -50,59 +60,18 @@ def mock_fetch_additional_aliases(alias):
     "vulnerabilities.tests.example_importer_improver.fetch_additional_aliases",
     mock_fetch_additional_aliases,
 )
-class TestExampleImporter(TestCase):
+class TestExampleImporter(testcase.FileBasedTesting):
+
+    test_data_dir = str(Path(__file__).resolve().parent / "test_data" / "example")
+
     def test_parse_advisory_data(self):
-        raw_data = mock_fetch_advisory_data()[0]
-        expected = AdvisoryData(
-            aliases=["CVE-2021-12341337"],
-            summary="Dummy advisory",
-            affected_packages=[
-                AffectedPackage(
-                    package=PackageURL(
-                        type="example",
-                        namespace=None,
-                        name="dummy_package",
-                        version=None,
-                        qualifiers={},
-                        subpath=None,
-                    ),
-                    affected_version_range=NginxVersionRange(
-                        constraints=(
-                            VersionConstraint(
-                                comparator=">=", version=SemverVersion(string="0.6.18")
-                            ),
-                            VersionConstraint(
-                                comparator="<=", version=SemverVersion(string="1.20.0")
-                            ),
-                        )
-                    ),
-                    fixed_version=SemverVersion(string="1.20.1"),
-                )
-            ],
-            references=[
-                Reference(
-                    reference_id="",
-                    url="http://example.com/cve-2021-1234",
-                    severities=[
-                        VulnerabilitySeverity(
-                            system=ScoringSystem(
-                                identifier="generic_textual",
-                                name="Generic textual severity rating",
-                                url="",
-                                notes="Severity for unknown scoring systems. Contains generic textual values like High, Low etc",
-                            ),
-                            value="high",
-                        )
-                    ],
-                )
-            ],
-            date_published=datetime.datetime(2021, 10, 6, 0, 0, tzinfo=datetime.timezone.utc),
-        )
-        actual = parse_advisory_data(raw_data)
-        assert actual == expected
+        raw_data = mock_fetch_advisory_data()
+        expected_file = self.get_test_loc("parse_advisory_data-expected.json", must_exist=False)
+        result = parse_advisory_data(raw_data).to_dict()
+        util_tests.check_results_against_json(result, expected_file)
 
     def test_import_framework_using_example_importer(self):
-        raw_datas = mock_fetch_advisory_data()
+        raw_datas = [mock_fetch_advisory_data()]
         ImportRunner(ExampleImporter).run()
 
         for raw_data in raw_datas:
@@ -112,7 +81,7 @@ def test_improve_framework_using_example_improver(self):
         ImportRunner(ExampleImporter).run()
         ImproveRunner(DefaultImprover).run()
         ImproveRunner(ExampleAliasImprover).run()
-        raw_datas = mock_fetch_advisory_data()
+        raw_datas = [mock_fetch_advisory_data()]
 
         assert models.Package.objects.count() == 3
         assert models.PackageRelatedVulnerability.objects.filter(fix=True).count() == 1