search

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
https://cve-bin-tool.readthedocs.io/en/latest/
GNU General Public License v3.0
1.19k stars 457 forks source link

test_ouput_cyclonedx is failing #4402

Closed terriko closed 1 month ago

terriko commented 1 month ago

Mostly for @anthonyharrison -- I think maybe you did the lib4vex release and it's causing a minor problem? I'm guessing we should just fix our test.

=========================== short test summary info ============================
FAILED test/test_vex.py::TestVexGeneration::test_output_cyclonedx - AssertionError: assert {'$schema': '...': '1.6', ...} == {'$schema': '...': '1.6', ...}

  Omitting 5 identical items, use -vv to show
  Differing items:
  {'metadata': {'component': {'bom-ref': 'CDXRef-DOCUMENT', 'name': 'dummy-product', 'supplier': {'name': 'dummy-vendor'...alue': 'Initial version'}], 'tools': {'components': [{'name': 'lib4vex', 'type': 'application', 'version': '0.2.0'}]}}} != {'metadata': {'component': {'bom-ref': 'CDXRef-DOCUMENT', 'name': 'dummy-product', 'type': 'application'}, 'properties...alue': 'Initial version'}], 'tools': {'components': [{'name': 'lib4vex', 'type': 'application', 'version': '0.1.0'}]}}}

  Full diff:
    {
        '$schema': 'http://cyclonedx.org/schema/bom-1.6.schema.json',
        'bomFormat': 'CycloneDX',
        'metadata': {
            'component': {
                'bom-ref': 'CDXRef-DOCUMENT',
                'name': 'dummy-product',
  +             'supplier': {
  +                 'name': 'dummy-vendor',
  +             },
                'type': 'application',
  +             'version': '1.0',
            },
            'properties': [
                {
                    'name': 'Revision_1',
                    'value': 'Initial version',
                },
            ],
            'tools': {
                'components': [
                    {
                'description': '',
                'id': 'CVE-1234-1005',
                'source': {
                    'name': 'NVD',
                    'url': 'https://nvd.nist.gov/vuln/detail/CVE-1234-1005',
                },
            },
            {
                'affects': [
                    {
                        'ref': 'urn:cbt:1/vendor0#product0:2.8.6',
                        'versions': {
                            'status': 'affected',
                            'version': '2.8.6',
                        },
                    },
                ],
                'analysis': {
                    'detail': 'Data field populated.',
                    'state': 'resolved',
                },
                'bom-ref': 'product0@2.8.6',
                'description': '',
                'id': 'CVE-1234-1007',
                'source': {
                    'name': 'NVD',
                    'url': 'https://nvd.nist.gov/vuln/detail/CVE-1234-1007',
                },
            },
            {
                'affects': [
                    {
                        'ref': 'urn:cbt:1/vendor0#product0:2.8.6',
                    },
                ],
                'analysis': {
                    'detail': '',
                    'state': 'in_triage',
                },
                'bom-ref': 'product0@2.8.6',
                'description': '',
                'id': 'CVE-1234-1008',
                'source': {
                    'name': 'NVD',
                    'url': 'https://nvd.nist.gov/vuln/detail/CVE-1234-1008',
                },
            },
        ],
    }
===== 1 failed, 246 passed, 1795 skipped, 11 warnings in 143.39s (0:02:23) =====