def test_section_header_unexpected_space_2(): with pytest.raises(RuntimeError): Whitelist.load( io.StringIO(""" ["broken-section 1.2"] comment = "incorrect whitespace between package and version" """))
def test_toml_missing_quote(): t = io.StringIO("""\ [libxslt-2.0.1] comment = "unquoted, triggers TOML's table syntax inadvertently" """) with pytest.raises(RuntimeError): Whitelist.load(t)
def test_merge_into_empty(): wl = Whitelist() new = Whitelist.load(io.StringIO("""\ ["libxslt"] ["audiofile-0.3.6"] """)) wl.merge(new) assert set(wl.entries.keys()) == {'libxslt', 'audiofile-0.3.6'}
def test_section_header_unexpected_space(): with pytest.raises(RuntimeError): Whitelist.load( io.StringIO(""" ["ok-section-1.0"] [ "broken-section-1.1" ] comment = "whitespace confuses TOML parser" """))
def test_until_latest_wins(whitelist): new = Whitelist.load( io.StringIO("""\ ["libxslt-2.0"] until = "2018-03-02" ["audiofile-0.3.2"] until = "2018-04-01" """)) whitelist.merge(new) assert whitelist['libxslt-2.0'].until == datetime.date(2018, 3, 2) assert whitelist['audiofile-0.3.2'].until == datetime.date(2018, 4, 1)
def test_merge(whitelist): new = Whitelist.load( io.StringIO("""\ ["libxslt-2.0"] until = "2018-02-25" comment = "latest date wins" ["audiofile-0.3.6"] cve = ["CVE-2017-6827", "CVE-2017-6839"] comment = "new stuff should be appended" issue_url = "https://github.com/NixOS/nixpkgs/issues/30959" ["libtasn1-4.12"] cve = ["CVE-2017-10790"] """)) whitelist.merge(new) assert len(whitelist) == 7 libxslt = whitelist['libxslt-2.0'] assert libxslt.until == datetime.date(2018, 3, 1) assert libxslt.comment == ['latest date wins'] audiofile = whitelist['audiofile-0.3.6'] assert audiofile.cve == { 'CVE-2017-6827', 'CVE-2017-6834', 'CVE-2017-6828', 'CVE-2017-6839', } assert audiofile.comment == [ 'some issues not fixed upstream', 'new stuff should be appended', ] assert audiofile.issue_url == { 'https://fb.flyingcircus.io/f/cases/26909/', 'https://github.com/NixOS/nixpkgs/issues/30959', } libtasn1 = whitelist['libtasn1-4.12'] assert libtasn1.cve == {'CVE-2017-10790'}
def whitelist(): return Whitelist.load( pkg_resources.resource_stream('vulnix', 'tests/fixtures/whitelist.toml'))
def test_neither_name_nor_cve(): with pytest.raises(RuntimeError): Whitelist.load(io.StringIO('-\n comment: invalid entry\n'))
def test_from_toml(whitelist_toml): check_whitelist_entries(Whitelist.load(whitelist_toml))
def test_section_header_alphanumeric(): Whitelist.load( io.StringIO(""" [systemd-236] comment = "section headers consisting only of alphanum chars are ok" """))
def test_toml_malformed_url(): with pytest.raises(ValueError): Whitelist.load(io.StringIO('["pkg"]\nissue_url = "foobar"'))
def test_load_should_remove_timeed_out_rules(whitelist_toml): wl = Whitelist.load(whitelist_toml) assert 'libxslt-2.0' not in wl.entries
def test_parse_until(): wl = Whitelist.load(io.StringIO('["libarchive"]\nuntil = "2019-03-10"\n')) assert len(wl.entries) == 1 assert wl.entries['libarchive'].until == datetime.date(2019, 3, 10)
def whitelist(): return Whitelist.load(pkg_resources.resource_stream( 'vulnix', 'tests/fixtures/whitelist.toml'))