-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: basic execution test for EPSS #4484
Labels
Comments
terriko
added
good first issue
Good for newcomers
hacktoberfest
good issue for hacktoberfest participation
labels
Sep 30, 2024
I would be happy to work on this issue. |
@weichslgartner Are you still working on this? Did you need some help? |
@terriko sorry for the delay, I will work on the issue this week. |
weichslgartner
added a commit
to weichslgartner/cve-bin-tool
that referenced
this issue
Oct 14, 2024
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report. test: fix Delete epss testfile if exists
weichslgartner
added a commit
to weichslgartner/cve-bin-tool
that referenced
this issue
Oct 14, 2024
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
weichslgartner
added a commit
to weichslgartner/cve-bin-tool
that referenced
this issue
Oct 14, 2024
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
weichslgartner
added a commit
to weichslgartner/cve-bin-tool
that referenced
this issue
Oct 14, 2024
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
weichslgartner
added a commit
to weichslgartner/cve-bin-tool
that referenced
this issue
Oct 14, 2024
Add a test to the cli tests to check the EPSS functionality: It first tests if the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
EPSS tests are surprisingly hard because the scores change constantly, and we had to disable some of the tests originally written because they were too unstable. But as a result, the bug in #4473 slipped through because we didn't have a check for the most basic of errors.
What I'd like is a test that runs a scan with epss enabled, then checks the logs to make sure no errors appear in the log, I believe this should be pretty easy, since you can use
caplog.set_level(logging.ERROR)
and check that nothing occurs in there. You should be able to look at the existing test in test__source_epss.py to give you a hint on how to call just the epss related code, or you could look at test_cli.py for how to do a full command line run. Remember to strip down what you test as much as possible to make the test run faster: ideally we want to look up as little as possible because this test is mostly about making sure there's no obvious errors we're missing.This may require some reading to make sure you understand how to use pytest and how to call the correct code, but I think it should be beginner-friendly so I'm tagging it as a "good first issue" and will put the new contributor tips below. I'm also tagging it for hacktoberfest. If you're interested in doing this as part of the contest, make sure you do it within their timeframe and follow their rules. (Most notably: don't create the PR before October 1 or it won't count)
Short tips for new contributors:
Claiming issues:
The text was updated successfully, but these errors were encountered: