Skip to content

Commit

Permalink
fix tests
Browse files Browse the repository at this point in the history
  • Loading branch information
ipeleg committed Oct 18, 2023
1 parent 4791e26 commit fb003f8
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 25 deletions.
28 changes: 14 additions & 14 deletions tests/sca_package_2/outputs/results_cyclonedx.xml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1" serialNumber="urn:uuid:f1f51feb-cd88-437a-8304-d03741a95496">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1" serialNumber="urn:uuid:bdc3a4d2-f93d-45a7-b870-778773b28fa8">
<metadata>
<timestamp>2022-09-03T20:46:24.858308+00:00</timestamp>
<timestamp>2023-10-18T09:44:16.243642+00:00</timestamp>
<tools>
<tool>
<vendor>CycloneDX</vendor>
<name>cyclonedx-python-lib</name>
<version>2.7.1</version>
<version>3.1.5</version>
<externalReferences>
<reference type="build-system">
<url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</url>
Expand Down Expand Up @@ -131,25 +131,25 @@
</licenses>
<purl>pkg:golang/bridgecrewio/example/path/to/go.sum/golang.org/x/[email protected]</purl>
</component>
<component type="library" bom-ref="pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]">
<component type="library" bom-ref="pkg:pypi/bridgecrewio/example/requirements.txt/[email protected]">
<name>requests</name>
<version>2.26.0</version>
<licenses>
<license>
<name>OSI_APACHE</name>
</license>
</licenses>
<purl>pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]</purl>
<purl>pkg:pypi/bridgecrewio/example/requirements.txt/[email protected]</purl>
</component>
<component type="library" bom-ref="pkg:pypi/bridgecrewio/example/requirements.txt/[email protected]">
<component type="library" bom-ref="pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]">
<name>requests</name>
<version>2.26.0</version>
<licenses>
<license>
<name>OSI_APACHE</name>
</license>
</licenses>
<purl>pkg:pypi/bridgecrewio/example/requirements.txt/[email protected]</purl>
<purl>pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]</purl>
</component>
</components>
<dependencies>
Expand All @@ -159,11 +159,11 @@
<dependency ref="pkg:golang/bridgecrewio/example/path/to/go.sum/github.com/miekg/[email protected]"/>
<dependency ref="pkg:golang/bridgecrewio/example/path/to/go.sum/github.com/prometheus/[email protected]"/>
<dependency ref="pkg:golang/bridgecrewio/example/path/to/go.sum/golang.org/x/[email protected]"/>
<dependency ref="pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]"/>
<dependency ref="pkg:pypi/bridgecrewio/example/requirements.txt/[email protected]"/>
<dependency ref="pkg:pypi/bridgecrewio/example/path/to/sub/requirements.txt/[email protected]"/>
</dependencies>
<vulnerabilities>
<vulnerability bom-ref="1639877a-5e7f-425e-af0a-93796261f90a">
<vulnerability bom-ref="d572c120-f086-4d62-99e1-15978d879cb2">
<id>CVE-2016-7401</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2016-7401</url>
Expand All @@ -188,7 +188,7 @@
</target>
</affects>
</vulnerability>
<vulnerability bom-ref="333f956a-4811-47ab-b294-42e3adcb33e9">
<vulnerability bom-ref="312b1ad9-b3f7-48e1-90ae-0a4e6963047d">
<id>CVE-2019-19844</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2019-19844</url>
Expand All @@ -213,7 +213,7 @@
</target>
</affects>
</vulnerability>
<vulnerability bom-ref="e3b7a0b0-c656-4e00-9eaf-94733d332e43">
<vulnerability bom-ref="4881c809-536b-4474-9570-64c16c2faf3e">
<id>CVE-2021-33203</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-33203</url>
Expand All @@ -238,7 +238,7 @@
</target>
</affects>
</vulnerability>
<vulnerability bom-ref="55888e48-7eaa-4119-8ee8-e477ba04e5ca">
<vulnerability bom-ref="eab1abbd-ca63-4cdb-a8af-bc635963c7cf">
<id>CVE-2018-1000656</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2018-1000656</url>
Expand All @@ -263,7 +263,7 @@
</target>
</affects>
</vulnerability>
<vulnerability bom-ref="269f2e3c-bbe5-4277-bb23-0bbe8a5d5ce4">
<vulnerability bom-ref="904615aa-9851-4bac-b34b-079e357a6c22">
<id>CVE-2020-26160</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-26160</url>
Expand All @@ -288,7 +288,7 @@
</target>
</affects>
</vulnerability>
<vulnerability bom-ref="f6aab757-a60c-463d-811a-eb61769fcfb8">
<vulnerability bom-ref="23c97d96-7af7-49cc-963a-7a465625c237">
<id>CVE-2020-29652</id>
<source>
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-29652</url>
Expand Down
20 changes: 10 additions & 10 deletions tests/sca_package_2/test_output_reports.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,10 +279,10 @@ def test_get_csv_report(sca_package_2_report, tmp_path: Path):
'github.com/dgrijalva/jwt-go,v3.2.0,/path/to/go.sum,,acme,bridgecrewio/example,CVE-2020-26160,HIGH,"jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[\\""aud\\""] (which is allowed by the specification). Because the type assertion fails, \\""\\"" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.",Unknown,4.0.0rc1,,,',
'django,1.2,/requirements.txt,,acme,bridgecrewio/example,CVE-2016-6186,MEDIUM,"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.",OSI_BDS,1.8.14,https://pypi.python.org/,,',
'flask,0.6,/requirements.txt,,acme,bridgecrewio/example,CVE-2019-1010083,HIGH,The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.,"OSI_APACHE, DUMMY_OTHER_LICENSE",1.0,https://pypi.python.org/,,',
'requests,2.26.0,/requirements.txt,,acme,bridgecrewio/example,,,,OSI_APACHE,N/A,https://pypi.python.org/,,',
'github.com/miekg/dns,v1.1.41,/path/to/go.sum,,acme,bridgecrewio/example,,,,Unknown,N/A,,,',
'github.com/prometheus/client_model,v0.0.0-20190129233127-fd36f4220a90,/path/to/go.sum,,acme,bridgecrewio/example,,,,Unknown,N/A,,,',
'requests,2.26.0,/path/to/sub/requirements.txt,,acme,bridgecrewio/example,,,,OSI_APACHE,N/A,,,',
'requests,2.26.0,/requirements.txt,,acme,bridgecrewio/example,,,,OSI_APACHE,N/A,https://pypi.python.org/,,', '']
'requests,2.26.0,/path/to/sub/requirements.txt,,acme,bridgecrewio/example,,,,OSI_APACHE,N/A,,,', '']
csv_output_as_list = csv_output.split("\n")
assert csv_output_as_list == expected_csv_output

Expand All @@ -296,10 +296,10 @@ def test_get_csv_report(sca_package_2_report, tmp_path: Path):
'"github.com/dgrijalva/jwt-go",v3.2.0,/path/to/go.sum,,acme,bridgecrewio/example,CVE-2020-26160,HIGH,"jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[\\"aud\\"] (which is allowed by the specification). Because the type assertion fails, \\"\\" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.","Unknown",4.0.0rc1,,,',
'"django",1.2,/requirements.txt,,acme,bridgecrewio/example,CVE-2016-6186,MEDIUM,"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.","OSI_BDS",1.8.14,https://pypi.python.org/,,',
'"flask",0.6,/requirements.txt,,acme,bridgecrewio/example,CVE-2019-1010083,HIGH,"The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.","OSI_APACHE, DUMMY_OTHER_LICENSE",1.0,https://pypi.python.org/,,',
'"requests",2.26.0,/requirements.txt,,acme,bridgecrewio/example,,,"","OSI_APACHE",N/A,https://pypi.python.org/,,',
'"github.com/miekg/dns",v1.1.41,/path/to/go.sum,,acme,bridgecrewio/example,,,"","Unknown",N/A,,,',
'"github.com/prometheus/client_model",v0.0.0-20190129233127-fd36f4220a90,/path/to/go.sum,,acme,bridgecrewio/example,,,"","Unknown",N/A,,,',
'"requests",2.26.0,/path/to/sub/requirements.txt,,acme,bridgecrewio/example,,,"","OSI_APACHE",N/A,,,',
'"requests",2.26.0,/requirements.txt,,acme,bridgecrewio/example,,,"","OSI_APACHE",N/A,https://pypi.python.org/,,',
'']
csv_output_str_as_list = csv_output_str.split("\n")
assert csv_output_str_as_list == expected_csv_output_str
Expand Down Expand Up @@ -534,7 +534,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand All @@ -559,7 +559,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand All @@ -584,7 +584,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand All @@ -609,7 +609,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand All @@ -634,7 +634,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand Down Expand Up @@ -684,7 +684,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand Down Expand Up @@ -715,7 +715,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
{
"physicalLocation": {
"artifactLocation": {
"uri": "requirements.txt"
"uri": "tests/sca_package_2/examples/requirements.txt"
},
"region": {
"startLine": 1,
Expand Down
2 changes: 1 addition & 1 deletion tests/sca_package_2/test_runner_dependency_tree.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def test_run(sca_package_report_dt):
assert cve_record.file_abs_path == f"{EXAMPLES_DIR}/package-lock.json"
assert cve_record.file_line_range == [0, 0]
assert cve_record.file_path == "/package-lock.json"
assert cve_record.repo_file_path == "/package-lock.json"
assert cve_record.repo_file_path == "/tests/sca_package_2/test_runner_dependency_tree.py"
assert cve_record.resource == 'package-lock.json.bson'
assert cve_record.severity == Severities[BcSeverities.MEDIUM]
assert cve_record.short_description == 'CVE-2019-2391 - bson: 1.0.9'
Expand Down

0 comments on commit fb003f8

Please sign in to comment.