Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: test_source_osv.py::TestSourceOSV::test_update_ecosystems fails because ecosystems.txt and self.osv.update_ecosystems mismatch #4633

Open
weichslgartner opened this issue Dec 18, 2024 · 3 comments
Open

fix: test_source_osv.py::TestSourceOSV::test_update_ecosystems fails because ecosystems.txt and self.osv.update_ecosystems mismatch #4633

weichslgartner opened this issue Dec 18, 2024 · 3 comments
Labels
bug Something isn't working
Milestone
3.4.1

Comments

@weichslgartner
Copy link
Contributor

weichslgartner commented Dec 18, 2024
edited
Loading

Description

As https://github.com/intel/cve-bin-tool/actions/runs/12399617734/job/34614942113 failed, I looked if I could reproduce this locally and I had the same failure. The test which fails is

cve-bin-tool/test/test_source_osv.py

Line 170 in 707d110

async def test_update_ecosystems(self):

The issue is that the unit tests compares the content of https://osv-vulnerabilities.storage.googleapis.com/ecosystems.txt against the ecosystems provided via the gsutil which is used as data source by cve-bin-tool.
The ecosystems.txt contains the entry [EMPTY] which is not in expected_ecosystems. On the other side gsutil has values like AlmaLinux:8, AlmaLinux:9 while the txt file only contains AlmaLinux.

From the debugger I got the following values:

self_ecosystems = ['AlmaLinux', 'AlmaLinux:8', 'AlmaLinux:9', 'Alpine', 'Alpine:v3.10', 'Alpine:v3.11', 'Alpine:v3.12', 'Alpine:v3.13', 'Alpine:v3.14', 'Alpine:v3.15', 'Alpine:v3.16', 'Alpine:v3.17', 'Alpine:v3.18', 'Alpine:v3.19', 'Alpine:v3.2', 'Alpine:v3.20', 'Alpine:v3.3', 'Alpine:v3.4', 'Alpine:v3.5', 'Alpine:v3.6', 'Alpine:v3.7', 'Alpine:v3.8', 'Alpine:v3.9', 'Android', 'Bitnami', 'CRAN', 'Chainguard', 'DWF', 'Debian', 'Debian:10', 'Debian:11', 'Debian:12', 'Debian:13', 'Debian:3.0', 'Debian:3.1', 'Debian:4.0', 'Debian:5.0', 'Debian:6.0', 'Debian:7', 'Debian:8', 'Debian:9', 'GIT', 'GSD', 'GitHub Actions', 'Go', 'Hackage', 'Hex', 'JavaScript', 'Linux', 'Maven', 'NuGet', 'OSS-Fuzz', 'Packagist', 'Pub', 'PyPI', 'Red Hat', 'Rocky Linux', 'Rocky Linux:8', 'Rocky Linux:9', 'RubyGems', 'SUSE', 'SUSE:Cloud Compute Node for SUSE Linux Enterprise 12 5', 'SUSE:EL-9:Update:Products:ManagerTools:Update', 'SUSE:EL-9:Update:Products:SaltBundle:Update', 'SUSE:Enterprise Storage 1.0', 'SUSE:Enterprise Storage 2.1', 'SUSE:Enterprise Storage 2', 'SUSE:Enterprise Storage 3', 'SUSE:Enterprise Storage 4', 'SUSE:Enterprise Storage 5', 'SUSE:Enterprise Storage 6', 'SUSE:Enterprise Storage 7.1', 'SUSE:Enterprise Storage 7', 'SUSE:HPE Helion OpenStack 8', 'SUSE:Lifecycle Management Server 1.3', 'SUSE:Linux Enterprise Desktop 11 SP3', 'SUSE:Linux Enterprise Desktop 11 SP4', 'SUSE:Linux Enterprise Desktop 12 SP1', 'SUSE:Linux Enterprise Desktop 12 SP2', 'SUSE:Linux Enterprise Desktop 12 SP3', 'SUSE:Linux Enterprise Desktop 12 SP4', 'SUSE:Linux Enterprise Desktop 12', 'SUSE:Linux Enterprise High Availability Extension 11 SP3', 'SUSE:Linux Enterprise High Availability Extension 11 SP4', 'SUSE:Linux Enterprise High Availability Extension 12 SP1', 'SUSE:Linux Enterprise High Availability Extension 12 SP2', 'SUSE:Linux Enterprise High Availability Extension 12 SP3', 'SUSE:Linux Enterprise High Availability Extension 12 SP4', 'SUSE:Linux Enterprise High Availability Extension 12 SP5', 'SUSE:Linux Enterprise High Availability Extension 12', 'SUSE:Linux Enterprise High Availability Extension 15 SP1', 'SUSE:Linux Enterprise High Availability Extension 15 SP2', 'SUSE:Linux Enterprise High Availability Extension 15 SP3', 'SUSE:Linux Enterprise High Availability Extension 15 SP4', 'SUSE:Linux Enterprise High Availability Extension 15 SP5', 'SUSE:Linux Enterprise High Availability Extension 15 SP6', 'SUSE:Linux Enterprise High Availability Extension 15', 'SUSE:Linux Enterprise High Availability GEO Extension 12 SP4', 'SUSE:Linux Enterprise High Availability GEO Extension 12 SP5', 'SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS', 'SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS', 'SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS', 'SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS', 'SUSE:Linux Enterprise High Performance Computing 15 SP2', 'SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS', 'SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS', 'SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS', 'SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS', 'SUSE:Linux Enterprise High Performance Computing 15-ESPOS', 'SUSE:Linux Enterprise High Performance Computing 15-LTSS', 'SUSE:Linux Enterprise Installer Updates 15 SP1', 'SUSE:Linux Enterprise Installer Updates 15 SP2', 'SUSE:Linux Enterprise Installer Updates 15 SP3', 'SUSE:Linux Enterprise Installer Updates 15 SP4', 'SUSE:Linux Enterprise Installer Updates 15 SP5', 'SUSE:Linux Enterprise Installer Updates 15', 'SUSE:Linux Enterprise Live Patching 12 SP3', 'SUSE:Linux Enterprise Live Patching 12 SP4', 'SUSE:Linux Enterprise Live Patching 12 SP5', 'SUSE:Linux Enterprise Live Patching 12', 'SUSE:Linux Enterprise Live Patching 15 SP1', 'SUSE:Linux Enterprise Live Patching 15 SP2', 'SUSE:Linux Enterprise Live Patching 15 SP3', 'SUSE:Linux Enterprise Live Patching 15 SP4', 'SUSE:Linux Enterprise Live Patching 15 SP5', 'SUSE:Linux Enterprise Live Patching 15 SP6', 'SUSE:Linux Enterprise Live Patching 15', 'SUSE:Linux Enterprise Micro 5.0', 'SUSE:Linux Enterprise Micro 5.1', 'SUSE:Linux Enterprise Micro 5.2', 'SUSE:Linux Enterprise Micro 5.3', 'SUSE:Linux Enterprise Micro 5.4', 'SUSE:Linux Enterprise Micro 5.5', 'SUSE:Linux Enterprise Module for Advanced Systems Management 12', 'SUSE:Linux Enterprise Module for Basesystem 15 SP1', 'SUSE:Linux Enterprise Module for Basesystem 15 SP2', 'SUSE:Linux Enterprise Module for Basesystem 15 SP3', 'SUSE:Linux Enterprise Module for Basesystem 15 SP4', 'SUSE:Linux Enterprise Module for Basesystem 15 SP5', 'SUSE:Linux Enterprise Module for Basesystem 15 SP6', 'SUSE:Linux Enterprise Module for Basesystem 15', 'SUSE:Linux Enterprise Module for CAP 15 SP1', 'SUSE:Linux Enterprise Module for CAP 15', 'SUSE:Linux Enterprise Module for Certifications 15 SP3', 'SUSE:Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6', 'SUSE:Linux Enterprise Module for Containers 12', 'SUSE:Linux Enterprise Module for Containers 15 SP1', 'SUSE:Linux Enterprise Module for Containers 15 SP2', 'SUSE:Linux Enterprise Module for Containers 15 SP3', 'SUSE:Linux Enterprise Module for Containers 15 SP4', 'SUSE:Linux Enterprise Module for Containers 15 SP5', 'SUSE:Linux Enterprise Module for Containers 15 SP6', 'SUSE:Linux Enterprise Module for Containers 15', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP1', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP2', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP3', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP4', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP5', 'SUSE:Linux Enterprise Module for Desktop Applications 15 SP6', 'SUSE:Linux Enterprise Module for Desktop Applications 15', 'SUSE:Linux Enterprise Module for Development Tools 15 SP1', 'SUSE:Linux Enterprise Module for Development Tools 15 SP2', 'SUSE:Linux Enterprise Module for Development Tools 15 SP3', 'SUSE:Linux Enterprise Module for Development Tools 15 SP4', 'SUSE:Linux Enterprise Module for Development Tools 15 SP5', 'SUSE:Linux Enterprise Module for Development Tools 15 SP6', 'SUSE:Linux Enterprise Module for Development Tools 15', 'SUSE:Linux Enterprise Module for HPC 12', 'SUSE:Linux Enterprise Module for HPC 15 SP1', 'SUSE:Linux Enterprise Module for HPC 15 SP2', 'SUSE:Linux Enterprise Module for HPC 15 SP3', 'SUSE:Linux Enterprise Module for HPC 15 SP4', 'SUSE:Linux Enterprise Module for HPC 15 SP5', 'SUSE:Linux Enterprise Module for HPC 15 SP6', 'SUSE:Linux Enterprise Module for HPC 15', 'SUSE:Linux Enterprise Module for Legacy 12', 'SUSE:Linux Enterprise Module for Legacy 15 SP1', 'SUSE:Linux Enterprise Module for Legacy 15 SP2', 'SUSE:Linux Enterprise Module for Legacy 15 SP3', 'SUSE:Linux Enterprise Module for Legacy 15 SP4', 'SUSE:Linux Enterprise Module for Legacy 15 SP5', 'SUSE:Linux Enterprise Module for Legacy 15 SP6', 'SUSE:Linux Enterprise Module for Legacy 15', 'SUSE:Linux Enterprise Module for Package Hub 15 SP1', 'SUSE:Linux Enterprise Module for Package Hub 15 SP2', 'SUSE:Linux Enterprise Module for Package Hub 15 SP3', 'SUSE:Linux Enterprise Module for Package Hub 15 SP4', 'SUSE:Linux Enterprise Module for Package Hub 15 SP5', 'SUSE:Linux Enterprise Module for Package Hub 15 SP6', 'SUSE:Linux Enterprise Module for Package Hub 15', 'SUSE:Linux Enterprise Module for Public Cloud 12', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP1', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP2', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP3', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP4', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP5', 'SUSE:Linux Enterprise Module for Public Cloud 15 SP6', 'SUSE:Linux Enterprise Module for Public Cloud 15', 'SUSE:Linux Enterprise Module for Python 2 15 SP1', 'SUSE:Linux Enterprise Module for Python 2 15 SP2', 'SUSE:Linux Enterprise Module for Python 2 15 SP3', 'SUSE:Linux Enterprise Module for Python 3 15 SP4', 'SUSE:Linux Enterprise Module for Python 3 15 SP5', 'SUSE:Linux Enterprise Module for Python 3 15 SP6', 'SUSE:Linux Enterprise Module for SAP Applications 15 SP1', 'SUSE:Linux Enterprise Module for SAP Applications 15 SP2', 'SUSE:Linux Enterprise Module for SAP Applications 15 SP3', 'SUSE:Linux Enterprise Module for SAP Applications 15 SP4', 'SUSE:Linux Enterprise Module for SAP Applications 15 SP5', 'SUSE:Linux Enterprise Module for SAP Applications 15', 'SUSE:Linux Enterprise Module for Server Applications 15 SP1', 'SUSE:Linux Enterprise Module for Server Applications 15 SP2', 'SUSE:Linux Enterprise Module for Server Applications 15 SP3', 'SUSE:Linux Enterprise Module for Server Applications 15 SP4', 'SUSE:Linux Enterprise Module for Server Applications 15 SP5', 'SUSE:Linux Enterprise Module for Server Applications 15 SP6', 'SUSE:Linux Enterprise Module for Server Applications 15', 'SUSE:Linux Enterprise Module for Toolchain 12', 'SUSE:Linux Enterprise Module for Transactional Server 15 SP2', 'SUSE:Linux Enterprise Module for Transactional Server 15 SP3', 'SUSE:Linux Enterprise Module for Transactional Server 15 SP4', 'SUSE:Linux Enterprise Module for Transactional Server 15 SP5', 'SUSE:Linux Enterprise Module for Web and Scripting 12', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP1', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP2', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP3', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP4', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP5', 'SUSE:Linux Enterprise Module for Web and Scripting 15 SP6', 'SUSE:Linux Enterprise Module for Web and Scripting 15', 'SUSE:Linux Enterprise Point of Sale 11 SP3', 'SUSE:Linux Enterprise Point of Sale 12 SP2', 'SUSE:Linux Enterprise Real Time 11 SP3', 'SUSE:Linux Enterprise Real Time 11 SP4', 'SUSE:Linux Enterprise Real Time 12 SP1', 'SUSE:Linux Enterprise Real Time 12 SP2', 'SUSE:Linux Enterprise Real Time 12 SP3', 'SUSE:Linux Enterprise Real Time 12 SP4', 'SUSE:Linux Enterprise Real Time 12 SP5', 'SUSE:Linux Enterprise Real Time 15 SP2', 'SUSE:Linux Enterprise Real Time 15 SP3', 'SUSE:Linux Enterprise Real Time 15 SP4', 'SUSE:Linux Enterprise Server 11 SP1-LTSS', 'SUSE:Linux Enterprise Server 11 SP1-TERADATA', 'SUSE:Linux Enterprise Server 11 SP2-LTSS', 'SUSE:Linux Enterprise Server 11 SP3-CLIENT-TOOLS', 'SUSE:Linux Enterprise Server 11 SP3-LTSS', 'SUSE:Linux Enterprise Server 11 SP3-TERADATA', 'SUSE:Linux Enterprise Server 11 SP3', 'SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE', 'SUSE:Linux Enterprise Server 11 SP4-CLIENT-TOOLS', 'SUSE:Linux Enterprise Server 11 SP4-LTSS', 'SUSE:Linux Enterprise Server 11 SP4', 'SUSE:Linux Enterprise Server 11-PUBCLOUD', 'SUSE:Linux Enterprise Server 11-SECURITY', 'SUSE:Linux Enterprise Server 12 SP1-LTSS', 'SUSE:Linux Enterprise Server 12 SP1', 'SUSE:Linux Enterprise Server 12 SP2-BCL', 'SUSE:Linux Enterprise Server 12 SP2-LTSS', 'SUSE:Linux Enterprise Server 12 SP2', 'SUSE:Linux Enterprise Server 12 SP3-BCL', 'SUSE:Linux Enterprise Server 12 SP3-LTSS', 'SUSE:Linux Enterprise Server 12 SP3', 'SUSE:Linux Enterprise Server 12 SP4-ESPOS', 'SUSE:Linux Enterprise Server 12 SP4-LTSS', 'SUSE:Linux Enterprise Server 12 SP4', 'SUSE:Linux Enterprise Server 12 SP5', 'SUSE:Linux Enterprise Server 12-LTSS', 'SUSE:Linux Enterprise Server 12', 'SUSE:Linux Enterprise Server 15 SP1-BCL', 'SUSE:Linux Enterprise Server 15 SP1-LTSS', 'SUSE:Linux Enterprise Server 15 SP2-BCL', 'SUSE:Linux Enterprise Server 15 SP2-LTSS', 'SUSE:Linux Enterprise Server 15 SP3-BCL', 'SUSE:Linux Enterprise Server 15 SP3-LTSS', 'SUSE:Linux Enterprise Server 15 SP4-LTSS', 'SUSE:Linux Enterprise Server 15-LTSS', 'SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2', 'SUSE:Linux Enterprise Server for SAP Applications 11 SP2', 'SUSE:Linux Enterprise Server for SAP Applications 11 SP3', 'SUSE:Linux Enterprise Server for SAP Applications 11 SP4', 'SUSE:Linux Enterprise Server for SAP Applications 12 SP1', 'SUSE:Linux Enterprise Server for SAP Applications 12 SP2', 'SUSE:Linux Enterprise Server for SAP Applications 12 SP3', 'SUSE:Linux Enterprise Server for SAP Applications 12 SP4', 'SUSE:Linux Enterprise Server for SAP Applications 12 SP5', 'SUSE:Linux Enterprise Server for SAP Applications 12', 'SUSE:Linux Enterprise Server for SAP Applications 15 SP1', 'SUSE:Linux Enterprise Server for SAP Applications 15 SP2', 'SUSE:Linux Enterprise Server for SAP Applications 15 SP3', 'SUSE:Linux Enterprise Server for SAP Applications 15 SP4', 'SUSE:Linux Enterprise Server for SAP Applications 15', 'SUSE:Linux Enterprise Software Development Kit 11 SP3', 'SUSE:Linux Enterprise Software Development Kit 11 SP4', 'SUSE:Linux Enterprise Software Development Kit 12 SP1', 'SUSE:Linux Enterprise Software Development Kit 12 SP2', 'SUSE:Linux Enterprise Software Development Kit 12 SP3', 'SUSE:Linux Enterprise Software Development Kit 12 SP4', 'SUSE:Linux Enterprise Software Development Kit 12 SP5', 'SUSE:Linux Enterprise Software Development Kit 12', 'SUSE:Linux Enterprise Workstation Extension 12 SP1', 'SUSE:Linux Enterprise Workstation Extension 12 SP2', 'SUSE:Linux Enterprise Workstation Extension 12 SP3', 'SUSE:Linux Enterprise Workstation Extension 12 SP4', 'SUSE:Linux Enterprise Workstation Extension 12 SP5', 'SUSE:Linux Enterprise Workstation Extension 12', 'SUSE:Linux Enterprise Workstation Extension 15 SP1', 'SUSE:Linux Enterprise Workstation Extension 15 SP2', 'SUSE:Linux Enterprise Workstation Extension 15 SP3', 'SUSE:Linux Enterprise Workstation Extension 15 SP4', 'SUSE:Linux Enterprise Workstation Extension 15 SP5', 'SUSE:Linux Enterprise Workstation Extension 15 SP6', 'SUSE:Linux Enterprise Workstation Extension 15', 'SUSE:Manager 2.1', 'SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS', 'SUSE:Manager Proxy 2.1', 'SUSE:Manager Proxy 3.0', 'SUSE:Manager Proxy 3.1', 'SUSE:Manager Proxy 3.2', 'SUSE:Manager Proxy 4.0', 'SUSE:Manager Proxy 4.1', 'SUSE:Manager Proxy 4.2', 'SUSE:Manager Proxy 4.3', 'SUSE:Manager Proxy Module 4.0', 'SUSE:Manager Proxy Module 4.1', 'SUSE:Manager Proxy Module 4.2', 'SUSE:Manager Proxy Module 4.3', 'SUSE:Manager Retail Branch Server 4.0', 'SUSE:Manager Retail Branch Server 4.1', 'SUSE:Manager Retail Branch Server 4.2', 'SUSE:Manager Retail Branch Server 4.3', 'SUSE:Manager Server 3.0', 'SUSE:Manager Server 3.1', 'SUSE:Manager Server 3.2', 'SUSE:Manager Server 4.0', 'SUSE:Manager Server 4.1', 'SUSE:Manager Server 4.2', 'SUSE:Manager Server 4.3', 'SUSE:Manager Server Module 4.0', 'SUSE:Manager Server Module 4.1', 'SUSE:Manager Server Module 4.2', 'SUSE:Manager Server Module 4.3', 'SUSE:Manager Tools 12-BETA', 'SUSE:Manager Tools 12', 'SUSE:Manager Tools 15-BETA', 'SUSE:Manager Tools 15', 'SUSE:Manager Tools Beta for SLE Micro 5', 'SUSE:Manager Tools for SLE Micro 5', 'SUSE:OpenStack Cloud 5', 'SUSE:OpenStack Cloud 6-LTSS', 'SUSE:OpenStack Cloud 6', 'SUSE:OpenStack Cloud 7', 'SUSE:OpenStack Cloud 8', 'SUSE:OpenStack Cloud 9', 'SUSE:OpenStack Cloud Crowbar 8', 'SUSE:OpenStack Cloud Crowbar 9', 'SUSE:Package Hub 12 SP1', 'SUSE:Package Hub 12 SP2', 'SUSE:Package Hub 12 SP3', 'SUSE:Package Hub 12', 'SUSE:Package Hub 15 SP1', 'SUSE:Package Hub 15 SP2', 'SUSE:Package Hub 15 SP3', 'SUSE:Package Hub 15 SP4', 'SUSE:Package Hub 15 SP5', 'SUSE:Package Hub 15 SP6', 'SUSE:Package Hub 15', 'SUSE:Real Time Module 15 SP1', 'SUSE:Real Time Module 15 SP2', 'SUSE:Real Time Module 15 SP3', 'SUSE:Real Time Module 15 SP4', 'SUSE:Real Time Module 15 SP5', 'SUSE:Real Time Module 15 SP6', 'SUSE:Studio Onsite 1.3', 'SUSE:Studio Onsite Runner 1.3', 'SUSE:Subscription Management Tool 11 SP3', 'SUSE:WebYast 1.3', 'SwiftURL', 'UVI', 'Ubuntu', 'Ubuntu:14.04:LTS', 'Ubuntu:16.04:LTS', 'Ubuntu:18.04:LTS', 'Ubuntu:20.04:LTS', 'Ubuntu:22.04:LTS', 'Ubuntu:22.04:LTS:for:NVIDIA:BlueField', 'Ubuntu:23.10', 'Ubuntu:24.04:LTS', 'Ubuntu:Pro:14.04:LTS', 'Ubuntu:Pro:16.04:LTS', 'Ubuntu:Pro:18.04:LTS', 'Ubuntu:Pro:20.04:LTS', 'Ubuntu:Pro:22.04:LTS', 'Ubuntu:Pro:24.04:LTS', 'Ubuntu:Pro:FIPS-preview:22.04:LTS', 'Ubuntu:Pro:FIPS-updates:18.04:LTS', 'Ubuntu:Pro:FIPS-updates:20.04:LTS', 'Ubuntu:Pro:FIPS-updates:22.04:LTS', 'Ubuntu:Pro:FIPS:16.04:LTS', 'Ubuntu:Pro:FIPS:18.04:LTS', 'Ubuntu:Pro:FIPS:20.04:LTS', 'Wolfi', 'crates.io', 'npm', 'openSUSE', 'openSUSE:Leap 15.0 NonFree', 'openSUSE:Leap 15.0', 'openSUSE:Leap 15.1 NonFree', 'openSUSE:Leap 15.1', 'openSUSE:Leap 15.2 NonFree', 'openSUSE:Leap 15.2', 'openSUSE:Leap 15.3 NonFree', 'openSUSE:Leap 15.3', 'openSUSE:Leap 15.4 NonFree', 'openSUSE:Leap 15.4', 'openSUSE:Leap 15.5 NonFree', 'openSUSE:Leap 15.5', 'openSUSE:Leap 15.6 NonFree', 'openSUSE:Leap 15.6', 'openSUSE:Leap Micro 5.2', 'openSUSE:Leap Micro 5.3', 'openSUSE:Leap Micro 5.4', 'openSUSE:Leap Micro 5.5', 'openSUSE:Tumbleweed']

expected_ecosystems = ['GitHub Actions', 'SwiftURL', 'Rocky Linux', 'Pub', 'Go', 'DWF', 'Hackage', 'Wolfi', 'Android', 'Alpine', 'NuGet', 'Hex', 'JavaScript', 'openSUSE', 'Debian', 'Red Hat', 'crates.io', 'CRAN', 'RubyGems', 'SUSE', 'AlmaLinux', 'PyPI', '[EMPTY]', 'Packagist', 'GSD', 'GIT', 'Chainguard', 'Maven', 'UVI', 'Linux', 'OSS-Fuzz', 'npm', 'Bitnami', 'Ubuntu']

for e in expected_ecosystems:
    if e not in self_ecosystems:
        print(e)
# output: [EMPTY]

# this works:
assert all(x in self_ecosystems for x in expected_ecosystems if x!= "[EMPTY]")
assert all(x in expected_ecosystems or c.split(":")[0] in expected_ecosystems  for x in self_ecosystems)

To reproduce

Steps to reproduce the behaviour (in the test folder):

  1. EXTERNAL_SYSTEM=1 pytest test_source_osv.py::TestSourceOSV::test_update_ecosystems
>       assert all(x in self.osv.ecosystems for x in expected_ecosystems)
E       assert False
E        +  where False = all(<generator object TestSourceOSV.test_update_ecosystems.<locals>.<genexpr> at 0x7f99d6d32f20>)

test_source_osv.py:184: AssertionError
============================================================================= short test summary info =============================================================================
FAILED test_source_osv.py::TestSourceOSV::test_update_ecosystems - assert False
========================================================================== 1 failed in 345.05s (0:05:45)

Expected behaviour: Test passes
Actual behaviour: Test fails

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4 (main branch)
Installed from pypi or github? github
Operating system: Linux/Windows (other platforms are unsupported but feel free to report issues anyhow)
5.4.0-200-generic #220-Ubuntu
Python version (e.g. python3 --version): Python 3.9.18
Running in any particular CI environment we should know about? (e.g. Github Actions)

Anything else?

If fixing the unit test is enough then I can provide this (local fix works). If it has other implications and needed changes in the implementation (should all the zip files of the dedicated version be downloaded or not? etc.) I need advice here.
@weichslgartner weichslgartner added the bug Something isn't working label Dec 18, 2024
@terriko
Copy link
Contributor

terriko commented Dec 18, 2024

Ugh, thanks for investigating. Looks like we need an update.

@terriko terriko added this to the 3.4.1 milestone Dec 18, 2024
weichslgartner added a commit to weichslgartner/cve-bin-tool that referenced this issue Dec 19, 2024
@weichslgartner
fix: broken test intel#4633
c2dc295 
Signed-off-by: weichslgartner <[email protected]>
@weichslgartner
Copy link
Contributor Author

@terriko
I did some digging and it seems that the ecosystems with versions contain the subset of vulnerabilities for a specific version, while the ecosytem without version contains all vulns. So downloading the general ecosystem vulns should be enough and a lot faster than download everything gsutil can find and remove duplicate json files later. But maybe someone familiar with OSV can also confirm this.
According to the docs https://google.github.io/osv-scanner/experimental/offline-mode/#manual-database-download the https://osv-vulnerabilities.storage.googleapis.com/ecosystems.txt list could directly used for ecosystem selection without enumerating all the gsutil folders.

from pathlib import Path
# gsutil ls  gs://osv-vulnerabilities/Alpine > alpine.txt  
alpine = Path("/tmp/osv/alpine.txt").open().readlines()
# gsutil ls  gs://osv-vulnerabilities/Alpine:v3.10/ > alpine3_10.txt
alpine_3_10 = Path("/tmp/osv/alpine3_10.txt").open().readlines()
alpine_3_10_set = set(map(lambda x: x.split("/")[-1].strip(),alpine_3_10))
alpine_set = set(map(lambda x: x.split("/")[-1].strip(),alpine))
print(alpine_3_10_set.issubset(alpine_set)) # prints True
print(alpine_set.issubset(alpine_3_10_set)) # prints False

@joydeep049
Copy link
Contributor

Looking into this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
3 participants
@terriko @weichslgartner @joydeep049