cve-bin-tool
cve-bin-tool copied to clipboard
intel
feat(checker): add apache http support
This PR adds the checker for Apache HTTP server, which was requested in issue #1384. This is my first contribution to this project, and I have tried to adhere to the guidelines outlined. Hope the code is satisfactory and would like some feedback on how to improve the checker.
I have added the tests and changed the copyright header as well now. Running pytest test/test_checkers.py seems to work fine.
@gotlougit you need to run LONG_TESTS=1 pytest -k <checker-name> to properly test the checker and to generate the condensed test files. You also need to commit those files too.
Also we follow Conventional Commits for PR titles too.
@BreadGenie I ran the command you told, but I didn't see any condensed test files generated anywhere. The checker seems to pass the test by the way, and I'll keep the PR title in mind from now on. Thanks!
@BreadGenie I ran the command you told, but I didn't see any condensed test files generated anywhere. The checker seems to pass the test by the way, and I'll keep the PR title in mind from now on. Thanks!
@gotlougit What he was referring to is the addition of the binary files in to the PR, see #1076 for reference about how the binary files have been committed as well.
Also I guess you'll have to add the checker to the init.py in checkers as well as test_data (again refer to the linked PR).
now if you run LONG_TESTS=1 pytest -k apache_http_server the condensed test files will be produced.
edit: you should also change the file name
It seems like the commit messages of some commits don't follow Conventional Commits. You might want to squash all the commits into one with proper commit message after the PR is complete.
I ran the checker test now and it seems to work, so the tests should pass to the best of my knowledge.
Thanks for being patient with this PR, it was certainly a learning experience for me!
Updating branch and running CI. I expect gitlint won't like the PR title though, "checker: " isn't a conventional commits prefix.
Codecov Report
Merging #1589 (b2e591c) into main (c22936a) will increase coverage by
6.41%. The diff coverage is100.00%.
@@ Coverage Diff @@
## main #1589 +/- ##
==========================================
+ Coverage 81.41% 87.82% +6.41%
==========================================
Files 290 318 +28
Lines 5923 7278 +1355
Branches 974 1185 +211
==========================================
+ Hits 4822 6392 +1570
+ Misses 876 614 -262
- Partials 225 272 +47
| Flag | Coverage Δ | |
|---|---|---|
| longtests | 49.88% <100.00%> (-31.53%) |
:arrow_down: |
| win-longtests | 87.57% <100.00%> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Impacted Files | Coverage Δ | |
|---|---|---|
| cve_bin_tool/checkers/__init__.py | 95.45% <ø> (ø) |
|
| test/test_checkers.py | 90.32% <ø> (-3.23%) |
:arrow_down: |
| cve_bin_tool/checkers/apache_http_server.py | 100.00% <100.00%> (ø) |
|
| test/test_data/apache_http_server.py | 100.00% <100.00%> (ø) |
|
| cve_bin_tool/nvd_api.py | 24.00% <0.00%> (-60.49%) |
:arrow_down: |
| test/test_nvd_api.py | 50.87% <0.00%> (-38.92%) |
:arrow_down: |
| cve_bin_tool/egg_updater.py | 78.57% <0.00%> (-17.43%) |
:arrow_down: |
| cve_bin_tool/package_list_parser.py | 57.50% <0.00%> (-14.17%) |
:arrow_down: |
| test/test_package_list_parser.py | 86.66% <0.00%> (-13.34%) |
:arrow_down: |
| test/test_extractor.py | 89.72% <0.00%> (-10.28%) |
:arrow_down: |
| ... and 91 more |
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
broken url
I'm still looking for a bit more research on this one to make sure there won't be false positives before I can merge it. I opened up an issue describing more precisely what I think we still need to do:
- #1701
Thanks to @Will-Bo's research here:
- #1701
I'm feeling more like this might be safe to merge. There's still a non-zero chance of a false positive, but it doesn't look like it's a common pattern in the most popular apache projects so hopefully false positives will be rare (and if people report them we can always back this checker out or disable it by default).
I'm going to update the PR to main for tests and we'll discuss during our regular meeting.
I'm going to update to main and run the tests one more time for safety before merging, but I do intend to get this merged when they pass.
Looks like we may need a new condensed download before this will merge cleanly.
I think the problem here is that the condensed download is being saved as "http_server-2.4.51-2.fc35.x86_64.rpm.tar.gz" but we need the file "httpd-2.4.51-2.fc35.x86_64.rpm.tar.gz" from the server.
I am a bit confused on how to solve for this. Any ideas?
@gotlougit first delete test/condensed-downloads/http_server-2.4.51-2.fc35.x86_64.rpm.tar.gz this file, then run LONG_TESTS=1 pytest -k http_server, it'll generate a new .tar.gz file. then push the changes.
@gotlougit can you please delete this file test/condensed-downloads/http_server-2.4.51-2.fc35.x86_64.rpm.tar.gz (the old file)? i don't think this file is needed