Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

advisor:black-duck: Test enhancements #9848

Merged
merged 3 commits into from
Jan 29, 2025
Merged

advisor:black-duck: Test enhancements #9848

merged 3 commits into from
Jan 29, 2025

Conversation

fviernau
Copy link
Member

@fviernau fviernau commented Jan 28, 2025
edited
Loading

See individual commits.

Part of: #8739.

@fviernau fviernau requested a review from a team as a code owner January 28, 2025 08:42
@fviernau fviernau enabled auto-merge (rebase) January 28, 2025 08:43
@codecov Codecov
Copy link

codecov bot commented Jan 28, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.12%. Comparing base (5629cd5) to head (6dad9b2).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #9848   +/-   ##
=========================================
  Coverage     68.12%   68.12%           
  Complexity     1292     1292           
=========================================
  Files           250      250           
  Lines          8840     8840           
  Branches        917      917           
=========================================
  Hits           6022     6022           
  Misses         2431     2431           
  Partials        387      387
Flag Coverage Δ
funTest-docker 65.14% <ø> (ø)
funTest-non-docker 33.37% <ø> (ø)
test-ubuntu-24.04 35.76% <ø> (ø)
test-windows-2022 35.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fviernau fviernau force-pushed the black-duck-fun-test-enhancements branch from 4efa093 to fa21206 Compare January 28, 2025 08:59
sschuberth
sschuberth reviewed Jan 28, 2025
View reviewed changes
Copy link
Member

@sschuberth sschuberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some remarks about faulty data; fixing these can be addressed in a follow-up commit or -PR. But I wanted to make you aware of these as I don't know what your plans are going forward.

plugins/advisors/black-duck/src/funTest/assets/retrieve-package-findings-expected-result.yml Outdated
\ valid certificate."
references:
- url: "https://BLACK_DUCK_SERVER_HOST/api/vulnerabilities/CVE-2015-3996"
scoring_system: "(AV:N"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks wrong, BTW: I'd expect the scoring system to be CVSS 2 here.

plugins/advisors/black-duck/src/funTest/assets/retrieve-package-findings-expected-result.yml Outdated
scoring_system: "(AV:N"
severity: "MEDIUM"
score: 4.3
vector: "(AV:N/AC:M/Au:N/C:N/I:P/A:N)"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also here, the parentheses look wrong. I propose to strip them, and probably add an "artificial" CVSS:2: or CVSS:2.0: prefix for consistency, even though CVSS 2 itself does not use a vector prefix.

@fviernau
Copy link
Member Author

fviernau commented Jan 28, 2025
edited
Loading

Some remarks about faulty data; fixing these can be addressed in a follow-up commit or -PR. But I wanted to make you aware of these as I don't know what your plans are going forward.

Good catch! Can we merge this PR, and I will make a follow-up PR with the fixes?

edit: I changed my mind. I will make a PR which fixes is and rebase this one on top later on.

@fviernau fviernau requested a review from sschuberth January 28, 2025 10:09
@fviernau fviernau disabled auto-merge January 28, 2025 10:41
@fviernau fviernau marked this pull request as draft January 28, 2025 10:42
@fviernau fviernau added the on hold Pull requests that cannot currently be merged label Jan 28, 2025
@fviernau
Copy link
Member Author

edit: I changed my mind. I will make a PR which fixes is and rebase this one on top later on.

here it is @sschuberth : #9855

@fviernau fviernau force-pushed the black-duck-fun-test-enhancements branch from fa21206 to 9fad303 Compare January 29, 2025 08:26
@fviernau fviernau force-pushed the black-duck-fun-test-enhancements branch from 9fad303 to 7b531a7 Compare January 29, 2025 13:26
@fviernau fviernau removed the on hold Pull requests that cannot currently be merged label Jan 29, 2025
@fviernau fviernau marked this pull request as ready for review January 29, 2025 14:20
@fviernau
docs(black-duck): Fix-up a TODO comment
9c2acc1 
The comment intended to list only ecosystem which do work out of the
box, but are not covered by the test, see [1].

[1]: #9638 (comment)

Signed-off-by: Frank Viernau <x9fviern@zeiss.com>
@fviernau
test(black-duck): Make the test cover the cocoapods purl type
87d8e90 
While at it, re-record the responses from scratch, to re-align with what
the knowledge base now returns.

Signed-off-by: Frank Viernau <x9fviern@zeiss.com>
@fviernau
test(black-duck): Test vulnerability parsing from a CVSS 2
6dad9b2 
Signed-off-by: Frank Viernau <x9fviern@zeiss.com>
@fviernau fviernau force-pushed the black-duck-fun-test-enhancements branch from 7b531a7 to 6dad9b2 Compare January 29, 2025 14:20
@fviernau fviernau merged commit 3df50fa into main Jan 29, 2025
26 checks passed
@fviernau fviernau deleted the black-duck-fun-test-enhancements branch January 29, 2025 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sschuberth sschuberth sschuberth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fviernau @sschuberth