Add nginx tests and other related improvements #691
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also move doctest to tests/ Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
The fact this is a namedtuple is an implementation detail that should not be relied upon. * Add new evolve_purl() helper function to help with this Reference: package-url/packageurl-python#82 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
This makes these easier to reference and reuse in tests Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
There are useful utilities to handle test data. Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Refactor code for testability * Move complex doctest to plain test code * Ensure that there is Reference for a CVE * Use object (NginxAdvisory namedtuple) rather than plain tuple of values when passing results around Reference: #643 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
The fact this is a namedtuple is an implementation detail that should not be relied upon. * Add new evolve_purl() helper function to help with this Reference: package-url/packageurl-python#82 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
By convention we put fields first, meta and then methods. Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Make it easier to test importer with a fetch() method. This way a test mock object can subclass NginxImporter.fetch to avoid making network calls. * Add database test using an isolated transaction that tests a dump of the created advisories against an expected JSON Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
As part of testing nginx, it was easier to complete the migration of all existing package version fetchers. * Rename package_managers_2.py to package_managers.py * Complete migration and add tests for all classes using mocks as needed * Move test files in a common directory. Remove unused ones. * Change semantics to yield PackageVreiosn and never cache by default. In practice for long running operations, caching is a problem and not a solution as it may hold to stale, our of date data. * Create new helper to quety GitHub graphql API Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
avgs is not super meaningful, archlinux is better Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* A logging statement was not formatted correctly. * Also prefix with _ an unused variable Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
As part of the importers migrations, adjust to use new class names for not-yet migrated importers. This is mostly harmless as the code has not been migrated yet, but at least most code now uses the proper new class names where possible. Reference: #597 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Use new helper function for GH graphql API calls * Use lower case logger * Use severity_systems constants rather than a mapping lookup Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Do not use asyncio. Use the new simpler GitHubTagsAPI * Extract fetching tags in a fetch_nginx_version_from_git_tags() method * Add and improve importer and improver tests Reference: #643 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Add AdvisoryData.to_dict() methods as convenience for testing * Split NginxBasicImprover.get_inferences() in tow functions to ease testing Reference: #643 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
To regen expected files, set VULNERABLECODE_REGEN_TEST_FIXTURES to any value Reference: https://github.com/nexB/vulnerablecode/blob/a7545e7e6fa94d3a3f6382bfab42f90a72bce7d7/vulnerabilities/tests/util_tests.py#L36 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Otherwise having a mapping with hardcode keys can drift in the future. Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Use as a license the same as the overall license for the project, as this is the only statement that exists there. Reference: #614 Reported-by: Hritik Vijay <hritikxx8@gmail.com> Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Member
Author
|
We reviewed these changes extensively in weekly call today. I would like to merge this ASAP unless there is an objection |
TG1999
reviewed
Apr 12, 2022
Member
Author
|
Actually the nginx improver is a problem: |
Reported-by: Tushar Goel <tushar.goel.dav@gmail.com> Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
avgs is not super meaningful, archlinux is better Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
isort should not sort migrations Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
* Use file-based test expectation for sanity. Otherwise updating test expectations to match code changes becomes a painful chore. * TODO: the tests and data still need improvements for clarity and documentation Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
force-pushed
the
643-nginx-tests
branch
from
069909e to
d553201
Compare
Member
Author
|
All green now .. merging ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds nginx importer and improver tests
Along the way there are several other adjustments and refinements that have been applied
#643
Signed-off-by: Philippe Ombredanne pombredanne@nexb.com