-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: basic execution test for EPSS #4484
Comments
I would be happy to work on this issue. |
@weichslgartner Are you still working on this? Did you need some help? |
@terriko sorry for the delay, I will work on the issue this week. |
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report. test: fix Delete epss testfile if exists
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
* test: basic execution test for EPSS #4484 Add a test to the cli tests to check the EPSS functionality: It first tests if the update of EPSS source runs without errors (regression test for #4473). Then checks for an example SBOM if EPSS values are written to csv report. * test: Added sugestion to use -u never instead of -u now * Adds better assert messages on failure and filters out empty lines in windows csv files cause by double newlines in csv file --------- Co-authored-by: Terri Oda <[email protected]>
Hello! I am a new contributor and would like to work on this issue as part of my learning experience. Please let me know if there are any specific guidelines or steps I should follow. Thank you! |
@frangocm Looks like this was already done and we just missed closing the issue. But there's lots of other bugs available! If you're looking for something to do that might be interesting, this person could use some folk to run cve-bin-tool and check on memory usage, which would be a great new contributor task that multiple people could do: #4662 |
EPSS tests are surprisingly hard because the scores change constantly, and we had to disable some of the tests originally written because they were too unstable. But as a result, the bug in #4473 slipped through because we didn't have a check for the most basic of errors.
What I'd like is a test that runs a scan with epss enabled, then checks the logs to make sure no errors appear in the log, I believe this should be pretty easy, since you can use
caplog.set_level(logging.ERROR)
and check that nothing occurs in there. You should be able to look at the existing test in test__source_epss.py to give you a hint on how to call just the epss related code, or you could look at test_cli.py for how to do a full command line run. Remember to strip down what you test as much as possible to make the test run faster: ideally we want to look up as little as possible because this test is mostly about making sure there's no obvious errors we're missing.This may require some reading to make sure you understand how to use pytest and how to call the correct code, but I think it should be beginner-friendly so I'm tagging it as a "good first issue" and will put the new contributor tips below. I'm also tagging it for hacktoberfest. If you're interested in doing this as part of the contest, make sure you do it within their timeframe and follow their rules. (Most notably: don't create the PR before October 1 or it won't count)
Short tips for new contributors:
Claiming issues:
The text was updated successfully, but these errors were encountered: