.pre-commit-config.yaml

Shrishti Banshiar · Shrishti Banshiar · commit 027654b2f70f · 2025-03-22T16:07:30.000+05:30
diff --git a/test/test_cli.py b/test/test_cli.py
@@ -236,6 +236,10 @@ def test_runs(self, caplog):
             main(["cve-bin-tool", test_path, "-r", ",".join(runs)])
         self.check_checkers_log(caplog, skip_checkers, runs)
 
+    import pytest
+    import logging
+
+    @pytest.mark.timeout(60)  # Test fails if it runs longer than 60 seconds
     @pytest.mark.skipif(not LONG_TESTS(), reason="Update flag tests are long tests")
     def test_update(self, caplog):
         test_path = str(Path(__file__).parent.resolve() / "csv")
@@ -275,6 +279,17 @@ def test_update(self, caplog):
         ) in caplog.record_tuples
         caplog.clear()
 
+        with caplog.at_level(logging.DEBUG):
+            main(
+                ["cve-bin-tool", "-l", "debug", "-u", "latest", "-n", "json", test_path]
+            )
+        assert (
+            "cve_bin_tool.CVEDB",
+            logging.DEBUG,
+            "Updating CVE data. This will take a few minutes.",
+        ) in caplog.record_tuples
+        caplog.clear()
+
     def test_unknown_warning(self, caplog):
         """Test that an "UNKNOWN" file generates a log (only in debug mode)"""
 
@@ -376,45 +391,93 @@ def check_string_in_file(filename, string_to_find):
             if string_to_find in line:
                 return True
         return False
+    
+import pytest
+import requests
+import logging
+import time
+from pathlib import Path
+from cve_bin_tool.cli import main  # Ensure this import matches your project structure
+
+
+def is_nvd_reachable(retries=3, delay=5):
+    """Check if the NVD API is reachable, with retries in case of errors."""
+    url = "https://services.nvd.nist.gov/rest/json/cves/1.0"
+    for attempt in range(retries):
+        try:
+            response = requests.get(url, timeout=10)
+            response.raise_for_status()
+            return True
+        except requests.exceptions.ChunkedEncodingError:
+            if attempt < retries - 1:
+                print(f"⚠️ NVD API response broken. Retrying in {delay} seconds...")
+                time.sleep(delay)
+            else:
+                print("🚨 NVD API is unreachable after multiple attempts.")
+                return False
+        except requests.RequestException:
+            return False
+    return False
+
+
+def check_string_in_file(file_path, search_string):
+    """Check if a specific string is present in a file."""
+    with open(file_path, "r") as f:
+        return search_string in f.read()
+
+
+def test_severity(capsys, caplog, tmp_path):
+    if not is_nvd_reachable():
+        pytest.skip("Skipping test_severity because the NVD API is unreachable.")
+
+    tempdir = tmp_path / "test_dir"
+    tempdir.mkdir()
+
+    # Check command line parameters - wrong case
+    with pytest.raises(SystemExit) as e:
+        main(["cve-bin-tool", "-S", "HIGH", str(tempdir)])
+    assert e.value.args[0] == 2
+
+    # Check command line parameters - wrong option
+    with pytest.raises(SystemExit) as e:
+        main(["cve-bin-tool", "-S", "ALL", str(tempdir)])
+    assert e.value.args[0] == 2
+
+    my_test_filename = "sevtest.csv"
+    my_test_filename_path = Path(my_test_filename)
+
+    # Remove the file if it already exists
+    if my_test_filename_path.exists():
+        my_test_filename_path.unlink()
+
+    # Run the scan and capture logs
+    with caplog.at_level(logging.DEBUG):
+        main(
+            [
+                "cve-bin-tool",
+                "-x",
+                "-f",
+                "csv",
+                "-o",
+                my_test_filename,
+                "-S",
+                "high",
+                str(tempdir),  # Removed `self.tempdir`, now using `tempdir`
+            ]
+        )
 
-    def test_severity(self, capsys, caplog):
-        # scan with severity setting to ensure only CVEs above severity threshold are reported
+    # Verify that no CVEs with a severity of Medium are reported
+    assert not check_string_in_file(my_test_filename, "MEDIUM"), "❌ MEDIUM severity CVEs should not be present!"
 
-        # Check command line parameters - wrong case
-        with pytest.raises(SystemExit) as e:
-            main(["cve-bin-tool", "-S", "HIGH", self.tempdir])
-        assert e.value.args[0] == 2
-        # Check command line parameters - wrong option
-        with pytest.raises(SystemExit) as e:
-            main(["cve-bin-tool", "-S", "ALL", self.tempdir])
-        assert e.value.args[0] == 2
+    # Verify that CVEs with a higher severity are reported
+    assert check_string_in_file(my_test_filename, "HIGH"), "❌ HIGH severity CVEs not found!"
 
-        my_test_filename = "sevtest.csv"
-        my_test_filename_pathlib = Path(my_test_filename)
+    caplog.clear()
+
+    # Clean up after test
+    if my_test_filename_path.exists():
+        my_test_filename_path.unlink()
 
-        if my_test_filename_pathlib.exists():
-            my_test_filename_pathlib.unlink()
-        with caplog.at_level(logging.DEBUG):
-            main(
-                [
-                    "cve-bin-tool",
-                    "-x",
-                    "-f",
-                    "csv",
-                    "-o",
-                    my_test_filename,
-                    "-S",
-                    "high",
-                    str(Path(self.tempdir) / CURL_7_20_0_RPM),
-                ]
-            )
-        # Verify that no CVEs with a severity of Medium are reported
-        assert not self.check_string_in_file(my_test_filename, "MEDIUM")
-        # Verify that CVEs with a higher severity are reported
-        assert self.check_string_in_file(my_test_filename, "HIGH")
-        caplog.clear()
-        if my_test_filename_pathlib.exists():
-            my_test_filename_pathlib.unlink()
 
     def test_CVSS_score(self, capsys, caplog):
         # scan with severity score to ensure only CVEs above score threshold are reported
