-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated cli.py file #326
Updated cli.py file #326
Conversation
uptodate with intel cve-bin-tool
These are the following errors on long tests. I don't know why the list didn't contained that version. ======================================================================
FAIL: test_jpeg_rpm_2_0_0 (test.test_scanner.TestScanner)
Test detection of libjpeg-turbo 2.0.0 fedora rpm
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 315, in test_jpeg_rpm_2_0_0
self._file_test(
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 117, in _file_test
self.assertIn(version, cves[package])
AssertionError: '2.0.0' not found in {'2.0.1': {'CVE-2018-19664': 'MEDIUM', 'CVE-2018-20330': 'HIGH'}}
======================================================================
FAIL: test_libgcrypt_rpm_1_8_3 (test.test_scanner.TestScanner)
Test detection of libgcrypt 1.8.3 fedora rpm
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 378, in test_libgcrypt_rpm_1_8_3
self._file_test(
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 117, in _file_test
self.assertIn(version, cves[package])
AssertionError: '1.8.3' not found in {'1.7.6': {'CVE-2017-0379': 'HIGH', 'CVE-2017-7526': 'MEDIUM', 'CVE-2017-9526': 'MEDIUM', 'CVE-2018-0495': 'MEDIUM', 'CVE-2018-6829': 'HIGH'}}
======================================================================
FAIL: test_zlib_rpm_1_2_11 (test.test_scanner.TestScanner)
Test detection on zlib 1.2.11 fedora rpm
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 832, in test_zlib_rpm_1_2_11
self._file_test(
File "/home/runner/work/cve-bin-tool/cve-bin-tool/test/test_scanner.py", line 117, in _file_test
self.assertIn(version, cves[package])
AssertionError: '1.2.11' not found in {'1.2.8': {'CVE-2016-9840': 'HIGH', 'CVE-2016-9841': 'CRITICAL', 'CVE-2016-9842': 'HIGH', 'CVE-2016-9843': 'CRITICAL'}}
----------------------------------------------------------------------
Ran 85 tests in 437.821s
FAILED (failures=3, skipped=2)
Test failed: <unittest.runner.TextTestResult run=85 errors=0 failures=3>
error: Test failed: <unittest.runner.TextTestResult run=85 errors=0 failures=3>
##[error]Process completed with exit code 1. |
Hm. That is weird. It's definitely causing something to go wrong in the version detection, but I'm not sure why at a glance. |
@terriko I don't think so I've messed anything with the version detection. I'm only checking if the version is non-empty string then include that else discard that. But there might be something that I'm not able to see I'll definately look into that. Thanks. |
currently in the cli.py when we find that version is an empty string the result of get_version does not drop that result. This update will check and will only show those results which have a valid version and not an empty string.
This is the output after updating the cli.py. You can see that from the below output where it also recognised some false positive with empty version string.