Skip to content

Commit 8791957

Browse files
weichslgartnerterriko
weichslgartner
and
terriko
authored
test: basic execution test for EPSS #4484 (#4510)
* test: basic execution test for EPSS #4484 Add a test to the cli tests to check the EPSS functionality: It first tests if the update of EPSS source runs without errors (regression test for #4473). Then checks for an example SBOM if EPSS values are written to csv report. * test: Added sugestion to use -u never instead of -u now * Adds better assert messages on failure and filters out empty lines in windows csv files cause by double newlines in csv file --------- Co-authored-by: Terri Oda <[email protected]>
1 parent 707d110 commit 8791957

File tree

1 file changed

+66
-0
lines changed

1 file changed

+66
-0
lines changed

test/test_cli.py

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -506,6 +506,72 @@ def test_CVSS_score(self, capsys, caplog):
506506
my_test_filename_pathlib.unlink()
507507
caplog.clear()
508508

509+
def test_basic_epss(self, caplog):
510+
# test EPSS functionality
511+
# updates EPSS in db, scans sbom with EPSS enabled and writes EPSS to csv
512+
with caplog.at_level(logging.ERROR):
513+
epss_filename = "epss_test.csv"
514+
epss_filename_pathlib = Path(epss_filename)
515+
if epss_filename_pathlib.exists():
516+
epss_filename_pathlib.unlink()
517+
SBOM_PATH = Path(__file__).parent.resolve() / "sbom"
518+
# first let's check that sbom scan with epss enables and update of the epss source runs without error
519+
with caplog.at_level(logging.ERROR):
520+
main(
521+
[
522+
"cve-bin-tool",
523+
"--metrics",
524+
"-u",
525+
"never",
526+
"--disable-data-source",
527+
"OSV,GAD,REDHAT,PURL2CPE",
528+
"-n",
529+
"json",
530+
"--sbom",
531+
"cyclonedx",
532+
"--sbom-file",
533+
str(SBOM_PATH / "cyclonedx_test.json"),
534+
"-f",
535+
"csv",
536+
"-o",
537+
epss_filename,
538+
]
539+
)
540+
assert (
541+
len(caplog.messages) == 0
542+
), f"Error running basic epss with {';'.join(caplog.messages)}"
543+
# as a second stept we check if there are EPSS values in the outputfile
544+
content = epss_filename_pathlib.open(mode="r", newline="").read()
545+
# filter out empty lines under windows
546+
csv_rows = content.splitlines()
547+
assert len(csv_rows) > 0
548+
# row 0 is the header,
549+
# vendor,product,version,location,cve_number,severity,score,source,cvss_version,cvss_vector,paths,
550+
# remarks,comments,epss_probability,epss_percentile
551+
row_zero = csv_rows[0].split(",")
552+
# row 1 should contain some EPSS values
553+
# gnu,glibc,2.11.1,NotFound,CVE-2009-5029,MEDIUM,6.8,NVD,2,AV:N/AC:M/Au:N/C:P/I:P/A:P,,
554+
# NewFound,,0.00801,0.82134
555+
row_one = csv_rows[1].split(",")
556+
# epss_percentile is the last value
557+
assert row_zero[-1] == "epss_percentile", (
558+
"last header value in produced csv file must be " "'epss_percentile'"
559+
)
560+
561+
assert len(row_one) == 15, "one csv row should have 15 values"
562+
assert (
563+
0.0 <= float(row_one[-1]) <= 1.0
564+
), "last value in the row must be the epss percentile value, i.e., a floating point between 0.0 and 1.0"
565+
# epss_probability second last value
566+
assert (
567+
row_zero[-2] == "epss_probability"
568+
), "second last header value in produced csv file must be 'epss_probability'"
569+
assert (
570+
0.0 <= float(row_one[-2]) <= 1.0
571+
), "last value in the row must be the epss probability value, i.e., a floating point between 0.0 and 1.0"
572+
if epss_filename_pathlib.exists():
573+
epss_filename_pathlib.unlink()
574+
509575
def test_EPSS_probability(self, capsys, caplog):
510576
"""scan with EPSS probability to ensure only CVEs above score threshold are reported
511577
Checks cannot placed on epss probability value as the value changes everyday

0 commit comments

Comments
 (0)