fix: improve language test output, fix failing tests (#2422)

terriko · web-flow · commit 43ca5a1990d6 · 2022-12-06T19:02:50.000-08:00
* fix: improve language test output,

* fix: adjust language parser tests to reflect current reality

* fix: add triage for bootstrap issues being mis-reported
diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py
@@ -19,7 +19,6 @@ class TestLanguageScanner:
         "http-client",
         "generator",
         "expect",
-        "yargs-parser",
     ]
 
     RUST_PRODUCTS = [
@@ -39,7 +38,6 @@ class TestLanguageScanner:
         "paste",
         "phf",
         "quote",
-        "rand",
         "rand_core",
         "regex",
         "serde_cbor",
@@ -110,7 +108,6 @@ class TestLanguageScanner:
         "digest",
         "evaluate",
         "glue",
-        "ini",
         "lattice",
         "lifecycle",
         "mime",
@@ -220,7 +217,10 @@ def test_language_package(self, filename: str, products) -> None:
                 product_info, file_path = product
                 if product_info.product not in found_product:
                     found_product.append(product_info.product)
-        assert all(x in products for x in found_product)
+        # assert all(x in products for x in found_product)
+        # expanded out to make missing products easier to spot
+        for p in products:
+            assert p in found_product
         assert file_path == filename
 
     @pytest.mark.parametrize("filename", ((str(TEST_FILE_PATH / "PKG-INFO")),))
diff --git a/triage.json b/triage.json
@@ -76,6 +76,150 @@
                "ref": "urn:cdx:NOTKNOWN/1#plotly.js-2.13.2"
             }
          ]
-      }
+      },
+      {
+         "id": "CVE-2016-10735",
+         "source": {
+            "name": "GAD"
+         },
+         "analysis": {
+            "state": "not_affected",
+            "response": [ "code_not_reachable" ],
+            "justification": "Bad version detection with GAD",
+            "detail": ""
+         },
+         "affects": [
+            {
+               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
+            }
+         ],
+         "vendor": "getbootstrap",
+         "product": "bootstrap",
+         "version": "5.2.0",
+         "cve_number": "CVE-2016-10735",
+         "severity": "MEDIUM",
+         "score": "6.1",
+         "source": "GAD",
+         "cvss_version": "3",
+         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+         "paths": "",
+         "remarks": "Mitigated",
+         "comments": ""
+      },
+      {
+         "id": "CVE-2018-14040",
+         "source": {
+            "name": "GAD"
+         },
+         "analysis": {
+            "state": "not_affected",
+            "response": [ "code_not_reachable" ],
+            "justification": "Bad version detection with GAD",
+            "detail": ""
+         },
+         "affects": [
+            {
+               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
+            }
+         ],
+         "vendor": "getbootstrap",
+         "product": "bootstrap",
+         "version": "5.2.0",
+         "cve_number": "CVE-2018-14040",
+         "severity": "MEDIUM",
+         "score": "6.1",
+         "source": "GAD",
+         "cvss_version": "3",
+         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+         "paths": "",
+         "remarks": "Mitigated",
+         "comments": ""
+    },
+    {
+         "id": "CVE-2018-14041",
+         "source": {
+            "name": "GAD"
+         },
+         "analysis": {
+            "state": "not_affected",
+            "response": [ "code_not_reachable" ],
+            "justification": "Bad version detection with GAD",
+            "detail": ""
+         },
+         "affects": [
+            {
+               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
+            }
+         ],
+         "vendor": "getbootstrap",
+         "product": "bootstrap",
+         "version": "5.2.0",
+         "cve_number": "CVE-2018-14041",
+         "severity": "MEDIUM",
+         "score": "6.1",
+         "source": "GAD",
+         "cvss_version": "3",
+         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+         "paths": "",
+         "remarks": "Mitigated",
+         "comments": ""
+    },
+    {
+         "id": "CVE-2018-14042",
+         "source": {
+            "name": "GAD"
+         },
+         "analysis": {
+            "state": "not_affected",
+            "response": [ "code_not_reachable" ],
+            "justification": "Bad version detection with GAD",
+            "detail": ""
+         },
+         "affects": [
+            {
+               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
+            }
+         ],
+         "vendor": "getbootstrap",
+         "product": "bootstrap",
+         "version": "5.2.0",
+         "cve_number": "CVE-2018-14042",
+         "severity": "MEDIUM",
+         "score": "6.1",
+         "source": "GAD",
+         "cvss_version": "3",
+         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+         "paths": "",
+         "remarks": "Mitigated",
+         "comments": ""
+    },
+    {
+         "id": "CVE-2019-8331",
+         "source": {
+            "name": "GAD"
+         },
+         "analysis": {
+            "state": "not_affected",
+            "response": [ "code_not_reachable" ],
+            "justification": "Bad version detection with GAD",
+            "detail": ""
+         },
+         "affects": [
+            {
+               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
+            }
+         ],
+         "vendor": "getbootstrap",
+         "product": "bootstrap",
+         "version": "5.2.0",
+         "cve_number": "CVE-2019-8331",
+         "severity": "MEDIUM",
+         "score": "6.1",
+         "source": "GAD",
+         "cvss_version": "3",
+         "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+         "paths": "",
+         "comments": ""
+   }
    ]
 }
