Test OSV update ecosystems (#4100) #5069
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terriko
requested changes
May 5, 2025
|
Sorry, I mistakenly left the test block in data_sources/osv_source.py while experimenting. I've cleaned it up and moved all testing code to the test file. I'll create a new PR and address the CI feedback shortly. |
|
Looks like this has been replaced by #5073 so I'll close this one now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a mock-based unit test for the update_ecosystems method in OSV_Source, ensuring it correctly detects valid ecosystems when gsutil responses are mocked. This improves test coverage for the OSV data source and verifies ecosystem parsing logic in isolation from the actual network.
This contributes to the broader effort discussed in [Issue #4100]: Adding alternative vulnerability data sources. While this test doesn't implement new sources, it lays groundwork for robust testing around OSV integration and will help validate any future improvements to its logic.
My earlier PR accidentally showed "0 lines changed" because I forgot to properly stage and commit the updated test file before pushing. This PR fixes that (I hope).