test: basic execution test for EPSS intel#4484

Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
weichslgartner · Oct 14, 2024 · 75e6089 · 75e6089
1 parent 1c0864b
commit 75e6089
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/test/test_cli.py b/test/test_cli.py
@@ -506,6 +506,54 @@ def test_CVSS_score(self, capsys, caplog):
             my_test_filename_pathlib.unlink()
         caplog.clear()
 
+    def test_basic_epss(self, caplog):
+        # test EPSS functionality
+        # updates EPSS in db, scans sbom with EPSS enabled and writes EPSS to csv
+        with caplog.at_level(logging.ERROR):
+            epss_filename = "epss_test.csv"
+            epss_filename_pathlib = Path(epss_filename)
+            if epss_filename_pathlib.exists():
+                epss_filename_pathlib.unlink()
+            SBOM_PATH = Path(__file__).parent.resolve() / "sbom"
+            # first let's check that sbom scan with epss enables and update of the epss source runs without error
+            with caplog.at_level(logging.ERROR):
+                main(
+                    [
+                        "cve-bin-tool",
+                        "--metrics",
+                        "-u",
+                        "now",
+                        "--disable-data-source",
+                        "OSV,GAD,REDHAT,PURL2CPE",
+                        "-n",
+                        "json",
+                        "--sbom",
+                        "cyclonedx",
+                        "--sbom-file",
+                        str(SBOM_PATH / "cyclonedx_test.json"),
+                        "-f",
+                        "csv",
+                        "-o",
+                        epss_filename,
+                    ]
+                )
+                assert (
+                    len(caplog.messages) == 0
+                ), f"Error running basic epss with {';'.join(caplog.messages)}"
+            # as a second stept we check if there are EPSS values in the outputfile
+            content = epss_filename_pathlib.open(mode="r").read()
+            csv_rows = list(content.splitlines())
+            assert len(csv_rows) > 0
+            # row 0 is the header, row 1 should contain some EPSS values
+            # epss_percentile is the last value
+            assert csv_rows[0].split(",")[-1] == "epss_percentile"
+            assert 0.0 <= float(csv_rows[1].split(",")[-1]) <= 1.0
+            # epss_probability second last value
+            assert csv_rows[0].split(",")[-2] == "epss_probability"
+            assert 0.0 <= float(csv_rows[1].split(",")[-2]) <= 1.0
+            if epss_filename_pathlib.exists():
+                epss_filename_pathlib.unlink()
+
     def test_EPSS_probability(self, capsys, caplog):
         """scan with EPSS probability to ensure only CVEs above score threshold are reported
         Checks cannot placed on epss probability value as the value changes everyday