test: add test for null byte in filename (#1635)

* fix: add special case for 3.7 ValueError

Author: terriko

test/test_cli.py

@@ -6,6 +6,7 @@
 """
 import logging
 import os
+import sys
 import tempfile
 import unittest
 from test.utils import (
@@ -97,6 +98,33 @@ def test_invalid_file_or_directory(self):
             main(["cve-bin-tool", "non-existant"])
         assert e.value.args[0] == ERROR_CODES[FileNotFoundError]
 
+    def test_null_byte_in_filename(self):
+        """Test behaviour with an invalid file/directory that contains a \0"""
+
+        # Put a null byte into the filename of a real file used in other tests
+        CSV_PATH = os.path.join(os.path.abspath(os.path.dirname(__file__)), "csv")
+        null_byte_file = os.path.join(CSV_PATH, "test_triage\0.csv")
+
+        # for Python 3.8+ this should raise FileNotFound
+        if sys.version_info.major == 3 and sys.version_info.minor > 7:
+            with pytest.raises(SystemExit) as e:
+                main(["cve-bin-tool", null_byte_file])
+            assert e.value.args[0] == ERROR_CODES[FileNotFoundError]
+
+            null_byte_file = os.path.join(CSV_PATH, "test_triage.csv\0something")
+            with pytest.raises(SystemExit) as e:
+                main(["cve-bin-tool", null_byte_file])
+            assert e.value.args[0] == ERROR_CODES[FileNotFoundError]
+
+        # for Python 3.7 it will raise a ValueError (embedded null byte)
+        if sys.version_info.major == 3 and sys.version_info.minor == 7:
+            with pytest.raises(ValueError) as e:
+                main(["cve-bin-tool", null_byte_file])
+
+            null_byte_file = os.path.join(CSV_PATH, "test_triage.csv\0something")
+            with pytest.raises(ValueError) as e:
+                main(["cve-bin-tool", null_byte_file])
+
     def test_invalid_parameter(self):
         """Test that invalid parmeters exit with expected error code.
         ArgParse calls sys.exit(2) for all errors"""