def test_update_bucket(self): """Test bucket entries.""" self.source_repo.type = osv.SourceRepositoryType.BUCKET self.source_repo.bucket = TEST_BUCKET self.source_repo.editable = False self.source_repo.put() task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'a/b/test.json', 'original_sha256': ('b2b37bde8f39256239419078de672ce7' 'a408735f1c2502ee8fa08745096e1971'), 'deleted': 'false', } task_runner._source_update(message) self.expect_dict_equal('update_bucket_0', osv.Bug.get_by_id('GO-2021-0085')._to_dict()) self.expect_dict_equal('update_bucket_1', osv.Bug.get_by_id('GO-2021-0087')._to_dict())
def test_update_new(self): """Test update with new vulnerability added.""" self.mock_repo.add_file( 'BLAH-126.yaml', self._load_test_data(os.path.join(TEST_DATA_DIR, 'BLAH-126.yaml'))) self.mock_repo.commit('User', 'user@email') task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-126.yaml', 'original_sha256': ('5e1c2f30f6312cb16f5eedac88f92992' 'dd015e2891d17e84ee2ab8af78b801b9'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-126', commit.message) self.expect_dict_equal('update_new', osv.Bug.get_by_id('BLAH-126')._to_dict())
def test_update_conflict_while_pushing(self): """Test basic update with a conflict while pushing.""" original_push_source_changes = osv.push_source_changes def mock_push_source_changes(*args, **kwargs): self.mock_repo.add_file('BLAH-123.yaml', 'changed') self.mock_repo.commit('Another user', 'user@email') original_push_source_changes(*args, **kwargs) patcher = mock.patch('osv.push_source_changes') self.addCleanup(patcher.stop) patcher.start().side_effect = mock_push_source_changes task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('b149accd3dd3e66f882de2201481d9fa' 'd25324916501a9a0f7b1ae1afe256f0b'), } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() # Latest commit is still the user commit. self.assertEqual('user@email', commit.author.email) self.assertEqual('Another user', commit.author.name)
def test_update_conflict_while_pushing(self): """Test basic update with a conflict while pushing.""" original_push_source_changes = osv.push_source_changes def mock_push_source_changes(*args, **kwargs): self.mock_repo.add_file('BLAH-123.yaml', 'changed') self.mock_repo.commit('Another user', 'user@email') original_push_source_changes(*args, **kwargs) patcher = mock.patch('osv.push_source_changes') self.addCleanup(patcher.stop) patcher.start().side_effect = mock_push_source_changes task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('4ff2c39882e21b963f6d716f318f07c2' '9434baef91eb339aefa9840fadb12084'), } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() # Latest commit is still the user commit. self.assertEqual('user@email', commit.author.email) self.assertEqual('Another user', commit.author.name)
def test_update_conflict_while_pushing(self): """Test basic update with a conflict while pushing.""" original_push_source_changes = osv.push_source_changes def mock_push_source_changes(*args, **kwargs): self.mock_repo.add_file('BLAH-123.yaml', 'changed') self.mock_repo.commit('Another user', 'user@email') original_push_source_changes(*args, **kwargs) patcher = mock.patch('osv.push_source_changes') self.addCleanup(patcher.stop) patcher.start().side_effect = mock_push_source_changes task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('d35b787ba467d6d45c2046c0c5a9c237' 'ab4b7d9942cc9ad25f2bc27a2ffa7859'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() # Latest commit is still the user commit. self.assertEqual('user@email', commit.author.email) self.assertEqual('Another user', commit.author.name)
def test_update_new(self): """Test update with new vulnerability added.""" self.mock_repo.add_file( 'BLAH-126.yaml', self._load_test_data(os.path.join(TEST_DATA_DIR, 'BLAH-126.yaml'))) self.mock_repo.commit('User', 'user@email') task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-126.yaml', 'original_sha256': ('bfbbcdaa2d90d39e1086933b8f69ca8e' 'ae35c9d093ec9b4a37d7c01851da7b2a'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-126', commit.message) self.assertDictEqual( { 'additional_commit_ranges': [{ 'fixed_in': 'b9b3fd4732695b83c3068b7b6a14bb372ec31f98', 'introduced_in': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd' }, { 'fixed_in': '', 'introduced_in': 'febfac1940086bc1f6d3dc33fda0a1d1ba336209' }], 'affected': ['branch-v0.1.1', 'branch_1_cherrypick_regress', 'v0.1.1'], 'affected_fuzzy': ['0-1-1', '1', '0-1-1'], 'details': 'Blah blah blah\nBlah\n', 'ecosystem': 'golang', 'fixed': '8d8242f545e9cec3e6d0d2e3f5bde8be1c659735', 'has_affected': True, 'issue_id': None, 'last_modified': datetime.datetime(2021, 1, 1, 0, 0), 'project': 'blah.com/package', 'public': None, 'reference_urls': ['https://ref.com/ref'], 'regressed': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'repo_url': 'https://osv-test/repo/url', 'search_indices': ['blah.com/package', 'BLAH-126', 'BLAH', '126'], 'severity': 'HIGH', 'sort_key': 'BLAH-0000126', 'source_id': 'source:BLAH-126.yaml', 'source_of_truth': osv.SourceOfTruth.SOURCE_REPO, 'status': osv.BugStatus.PROCESSED, 'summary': 'A vulnerability', 'timestamp': datetime.datetime(2021, 1, 1, 0, 0), }, osv.Bug.get_by_id('BLAH-126')._to_dict())
def test_update_no_introduced(self): """Test update vulnerability with no introduced commit.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-127.yaml', 'original_sha256': ('41ba4799f09d73ab41d60f8fbeaa83a7' '9f6d8a301330c5c1061cf113ff96a8a3'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-127', commit.message) diff = repo.diff(commit.parents[0], commit) self.expect_dict_equal('update_no_introduced', osv.Bug.get_by_id('BLAH-127')._to_dict()) self.expect_equal('diff_update_no_introduced', diff.patch) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'a2ba949290915d445d34d0e8e9de2e7ce38198fc', 'e1b045257bc5ca2a11d0476474f45ef77a0366c7', '00514d6f244f696e750a37083163992c6a50cfd3', '25147a74d8aeb27b43665530ee121a2a1b19dc58', '3c5dcf6a5bec14baab3b247d369a7270232e1b83', '4c155795426727ea05575bd5904321def23c03f4', '57e58a5d7c2bb3ce0f04f17ec0648b92ee82531f', '90aa4127295b2c37b5f7fcf6a9772b12c99a5212', '949f182716f037e25394bbb98d39b3295d230a29', 'b1fa81a5d59e9b4d6e276d82fc17058f3cf139d9', 'f0cc40d8c3dabb27c2cfe26f1764305abc91a0b9', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])
def test_update_pypi(self): """Test a PyPI entry.""" self.source_repo.ignore_git = False self.source_repo.versions_from_repo = False self.source_repo.detect_cherrypicks = False self.source_repo.put() self.mock_repo.add_file( 'PYSEC-123.yaml', self._load_test_data(os.path.join(TEST_DATA_DIR, 'PYSEC-123.yaml'))) self.mock_repo.commit('User', 'user@email') task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'PYSEC-123.yaml', 'original_sha256': ('f664bd547299c003e658feb81d4e3b36' '17c1433e301037a5a825a615581fc6ee'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update PYSEC-123', commit.message) diff = repo.diff(commit.parents[0], commit) self.expect_equal('diff_pypi', diff.patch) self.expect_dict_equal( 'update_pypi', ndb.Key(osv.Bug, 'source:PYSEC-123').get()._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', ], [a.commit for a in affected_commits])
def test_update_delete(self): """Test deletion.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) self.mock_repo.delete_file('BLAH-123.yaml') self.mock_repo.commit('User', 'user@email') message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('b149accd3dd3e66f882de2201481d9fa' 'd25324916501a9a0f7b1ae1afe256f0b'), 'deleted': 'true', } task_runner._source_update(message) bug = osv.Bug.get_by_id('BLAH-123') self.assertEqual(osv.BugStatus.INVALID, bug.status)
def test_update_conflict(self): """Test basic update with a conflict.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': 'invalid', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() # Latest commit is still the user commit. self.assertEqual('user@email', commit.author.email) self.assertEqual('User', commit.author.name)
def test_update_no_changes(self): """Test basic update (with no changes).""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-125.yaml', 'original_sha256': ('b5ecb05106faef7fc5bd07f86e089783' '4354608c5bb59d3b6317491874198a3a'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('user@email', commit.author.email) self.assertEqual('User', commit.author.name)
def test_update_no_changes(self): """Test basic update (with no changes).""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-125.yaml', 'original_sha256': ('e405bf50fe67dc09217eb898b1321a4c' 'b7a0bfb71de68910240ff804e45e7ff5'), } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('user@email', commit.author.email) self.assertEqual('User', commit.author.name)
def test_update_add_fix(self): """Test basic update adding a fix.""" fix_result = osv.FixResult( id='source:BLAH-124.yaml', commit='8d8242f545e9cec3e6d0d2e3f5bde8be1c659735') fix_result.put() task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-124.yaml', 'original_sha256': ('5d6224b81fb100d51bf61c2568b1c75f' '1df355ace1872af1b7eb0b1b5d93f477'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-124', commit.message) diff = repo.diff(commit.parents[0], commit) self.expect_equal('diff_update_add_fix', diff.patch) self.expect_dict_equal('update_add_fix', osv.Bug.get_by_id('BLAH-124')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ '4c155795426727ea05575bd5904321def23c03f4', 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])
def test_update_delete(self): """Test deletion.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) self.mock_repo.delete_file('BLAH-123.yaml') self.mock_repo.commit('User', 'user@email') message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('d35b787ba467d6d45c2046c0c5a9c237' 'ab4b7d9942cc9ad25f2bc27a2ffa7859'), 'deleted': 'true', } task_runner._source_update(message) bug = osv.Bug.get_by_id('BLAH-123') self.assertEqual(osv.BugStatus.INVALID, bug.status)
def test_update_no_changes(self): """Test basic update (with no changes).""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-125.yaml', 'original_sha256': ('f3914d12891a3a441cb19cfe5c11f9b6' 'b5cd0c87c3c14c40d54559dad4bb813a'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('user@email', commit.author.email) self.assertEqual('User', commit.author.name)
def test_update(self): """Test basic update.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('d35b787ba467d6d45c2046c0c5a9c237' 'ab4b7d9942cc9ad25f2bc27a2ffa7859'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-123', commit.message) diff = repo.diff(commit.parents[0], commit) self.expect_equal('diff_update', diff.patch) self.expect_dict_equal('update', osv.Bug.get_by_id('BLAH-123')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ '4c155795426727ea05575bd5904321def23c03f4', 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])
def test_update_limit(self): """Test basic update with limit events.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-128.yaml', 'original_sha256': ('54683c1611241e58bfe7489df6d5431fa' '476ff15eaf7511e2800246733ff3975'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-128', commit.message) diff = repo.diff(commit.parents[0], commit) self.expect_equal('diff_update_limit', diff.patch) self.expect_dict_equal('update_limit', osv.Bug.get_by_id('BLAH-128')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ 'a2ba949290915d445d34d0e8e9de2e7ce38198fc', 'e1b045257bc5ca2a11d0476474f45ef77a0366c7', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', ], [commit.commit for commit in affected_commits])
def test_update(self): """Test basic update.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('4ff2c39882e21b963f6d716f318f07c2' '9434baef91eb339aefa9840fadb12084'), } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-123', commit.message) diff = repo.diff(commit.parents[0], commit) self.assertEqual(self._load_test_data('expected.diff'), diff.patch) self.assertDictEqual( { 'additional_commit_ranges': [{ 'fixed_in': 'b9b3fd4732695b83c3068b7b6a14bb372ec31f98', 'introduced_in': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd' }, { 'fixed_in': '', 'introduced_in': 'febfac1940086bc1f6d3dc33fda0a1d1ba336209' }], 'affected': [], 'affected_fuzzy': [], 'confidence': None, 'details': 'Blah blah blah\nBlah\n', 'ecosystem': 'golang', 'fixed': '8d8242f545e9cec3e6d0d2e3f5bde8be1c659735', 'has_affected': False, 'issue_id': None, 'last_modified': datetime.datetime(2021, 1, 1, 0, 0), 'project': 'blah.com/package', 'public': None, 'reference_urls': ['https://ref.com/ref'], 'regressed': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'repo_url': None, 'search_indices': ['blah.com/package', 'BLAH-123', 'BLAH', '123'], 'severity': 'HIGH', 'sort_key': 'BLAH-0000123', 'source_id': 'source:BLAH-123.yaml', 'source_of_truth': osv.SourceOfTruth.SOURCE_REPO, 'status': None, 'summary': 'A vulnerability', 'timestamp': None }, osv.Bug.get_by_id('BLAH-123')._to_dict())
def test_update(self): """Test basic update.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-123.yaml', 'original_sha256': ('b149accd3dd3e66f882de2201481d9fa' 'd25324916501a9a0f7b1ae1afe256f0b'), } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-123', commit.message) diff = repo.diff(commit.parents[0], commit) self.assertEqual(self._load_test_data('expected.diff'), diff.patch) self.assertDictEqual( { 'additional_commit_ranges': [{ 'fixed_in': 'b9b3fd4732695b83c3068b7b6a14bb372ec31f98', 'introduced_in': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd' }, { 'fixed_in': '', 'introduced_in': 'febfac1940086bc1f6d3dc33fda0a1d1ba336209' }], 'affected': [], 'affected_fuzzy': [], 'confidence': None, 'details': 'Blah blah blah\nBlah\n', 'ecosystem': 'golang', 'fixed': '8d8242f545e9cec3e6d0d2e3f5bde8be1c659735', 'has_affected': False, 'issue_id': None, 'last_modified': datetime.datetime(2021, 1, 1, 0, 0), 'project': 'blah.com/package', 'public': None, 'reference_urls': ['https://ref.com/ref'], 'regressed': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'repo_url': None, 'search_indices': ['blah.com/package', 'BLAH-123', 'BLAH', '123'], 'severity': 'HIGH', 'sort_key': 'BLAH-0000123', 'source_id': 'source:BLAH-123.yaml', 'source_of_truth': osv.SourceOfTruth.SOURCE_REPO, 'status': None, 'summary': 'A vulnerability', 'timestamp': None }, osv.Bug.get_by_id('BLAH-123')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ '4c155795426727ea05575bd5904321def23c03f4', 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])
def test_update_no_introduced(self): """Test update vulnerability with no introduced commit.""" task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-127.yaml', 'original_sha256': ('484f6d8659f0c01e2f08a6fba9791fb2' '9b5df09530e5d8307fc1f368b01d7dcb'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-127', commit.message) diff = repo.diff(commit.parents[0], commit) self.assertEqual(self._load_test_data('expected_127.diff'), diff.patch) self.assertDictEqual( { 'additional_commit_ranges': [{ 'fixed_in': 'b9b3fd4732695b83c3068b7b6a14bb372ec31f98', 'introduced_in': '' },], 'affected': [ 'branch-v0.1.1', 'branch_1_cherrypick_regress', 'v0.1', 'v0.1.1' ], 'affected_fuzzy': ['0-1-1', '1', '0-1', '0-1-1'], 'details': 'Blah blah blah\nBlah\n', 'ecosystem': 'golang', 'fixed': '8d8242f545e9cec3e6d0d2e3f5bde8be1c659735', 'has_affected': True, 'issue_id': None, 'last_modified': datetime.datetime(2021, 1, 1, 0, 0), 'project': 'blah.com/package', 'public': None, 'reference_urls': ['https://ref.com/ref'], 'regressed': '', 'repo_url': 'https://osv-test/repo/url', 'search_indices': ['blah.com/package', 'BLAH-127', 'BLAH', '127'], 'severity': 'HIGH', 'sort_key': 'BLAH-0000127', 'source_id': 'source:BLAH-127.yaml', 'source_of_truth': osv.SourceOfTruth.SOURCE_REPO, 'status': None, 'summary': 'A vulnerability', 'timestamp': None }, osv.Bug.get_by_id('BLAH-127')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'a2ba949290915d445d34d0e8e9de2e7ce38198fc', 'e1b045257bc5ca2a11d0476474f45ef77a0366c7', '00514d6f244f696e750a37083163992c6a50cfd3', '25147a74d8aeb27b43665530ee121a2a1b19dc58', '3c5dcf6a5bec14baab3b247d369a7270232e1b83', '4c155795426727ea05575bd5904321def23c03f4', '57e58a5d7c2bb3ce0f04f17ec0648b92ee82531f', '90aa4127295b2c37b5f7fcf6a9772b12c99a5212', '949f182716f037e25394bbb98d39b3295d230a29', 'b1fa81a5d59e9b4d6e276d82fc17058f3cf139d9', 'f0cc40d8c3dabb27c2cfe26f1764305abc91a0b9', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])
def test_update_add_fix(self): """Test basic update adding a fix.""" fix_result = osv.FixResult( id='source:BLAH-124.yaml', commit='8d8242f545e9cec3e6d0d2e3f5bde8be1c659735') fix_result.put() task_runner = worker.TaskRunner(ndb_client, None, self.tmp_dir.name, None, None) message = mock.Mock() message.attributes = { 'source': 'source', 'path': 'BLAH-124.yaml', 'original_sha256': ('df9b0207ff2aa433d71869fa206b4884' '071807d5dfddf8626b93da210b6572ef'), 'deleted': 'false', } task_runner._source_update(message) repo = pygit2.Repository(self.remote_source_repo_path) commit = repo.head.peel() self.assertEqual('*****@*****.**', commit.author.email) self.assertEqual('OSV', commit.author.name) self.assertEqual('Update BLAH-124', commit.message) diff = repo.diff(commit.parents[0], commit) self.assertEqual(self._load_test_data('expected_add_fix.diff'), diff.patch) self.assertDictEqual( { 'additional_commit_ranges': [{ 'fixed_in': 'b9b3fd4732695b83c3068b7b6a14bb372ec31f98', 'introduced_in': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd' }, { 'fixed_in': '', 'introduced_in': 'febfac1940086bc1f6d3dc33fda0a1d1ba336209' }], 'affected': ['branch-v0.1.1', 'branch_1_cherrypick_regress', 'v0.1.1'], 'affected_fuzzy': ['0-1-1', '1', '0-1-1'], 'details': 'Blah blah blah\nBlah\n', 'ecosystem': 'golang', 'fixed': '8d8242f545e9cec3e6d0d2e3f5bde8be1c659735', 'has_affected': True, 'issue_id': None, 'last_modified': datetime.datetime(2021, 1, 1, 0, 0), 'project': 'blah.com/package', 'public': None, 'reference_urls': ['https://ref.com/ref'], 'regressed': 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'repo_url': 'https://osv-test/repo/url', 'search_indices': ['blah.com/package', 'BLAH-124', 'BLAH', '124'], 'severity': 'HIGH', 'sort_key': 'BLAH-0000124', 'source_id': 'source:BLAH-124.yaml', 'source_of_truth': osv.SourceOfTruth.SOURCE_REPO, 'status': None, 'summary': 'A vulnerability', 'timestamp': None }, osv.Bug.get_by_id('BLAH-124')._to_dict()) affected_commits = list(osv.AffectedCommit.query()) self.assertCountEqual([ '4c155795426727ea05575bd5904321def23c03f4', 'b1c95a196f22d06fcf80df8c6691cd113d8fefff', 'eefe8ec3f1f90d0e684890e810f3f21e8500a4cd', 'febfac1940086bc1f6d3dc33fda0a1d1ba336209', 'ff8cc32ba60ad9cbb3b23f0a82aad96ebe9ff76b', ], [commit.commit for commit in affected_commits])