cve-bin-tool
cve-bin-tool copied to clipboard
intel
feat: add windows package scanner (#1271)
Codecov Report
Merging #1957 (b262e2f) into main (054f144) will increase coverage by
9.55%. The diff coverage is34.78%.
@@ Coverage Diff @@
## main #1957 +/- ##
==========================================
+ Coverage 77.86% 87.41% +9.55%
==========================================
Files 327 327
Lines 7549 7566 +17
Branches 1224 1228 +4
==========================================
+ Hits 5878 6614 +736
+ Misses 1410 689 -721
- Partials 261 263 +2
| Flag | Coverage Δ | |
|---|---|---|
| longtests | 77.70% <34.78%> (-0.17%) |
:arrow_down: |
| win-longtests | 86.29% <4.34%> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Impacted Files | Coverage Δ | |
|---|---|---|
| cve_bin_tool/package_list_parser.py | 63.50% <34.78%> (-8.17%) |
:arrow_down: |
| cve_bin_tool/version_scanner.py | 85.13% <0.00%> (+0.67%) |
:arrow_up: |
| cve_bin_tool/merge.py | 80.32% <0.00%> (+0.81%) |
:arrow_up: |
| cve_bin_tool/helper_script.py | 85.58% <0.00%> (+0.90%) |
:arrow_up: |
| cve_bin_tool/parsers/java.py | 74.24% <0.00%> (+1.51%) |
:arrow_up: |
| test/test_checkers.py | 95.16% <0.00%> (+1.61%) |
:arrow_up: |
| test/test_extractor.py | 96.03% <0.00%> (+1.98%) |
:arrow_up: |
| cve_bin_tool/output_engine/util.py | 88.15% <0.00%> (+2.63%) |
:arrow_up: |
| cve_bin_tool/output_engine/__init__.py | 72.61% <0.00%> (+2.77%) |
:arrow_up: |
| ... and 22 more |
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
Hm, interesting, apparently Msys_nt-10.0-20348 is not recognized as "nt" or windows system by python. I'll have to look into this.
@anthonyharrison @terriko thoughts?
I don't really know how to fix this one, and it's been a while. Are you still working on this or should we close it for now and you can re-open if you want to work on it further?
I don't think we should be using os.name (I just tried it on my Mac and I got 'posix' as the response).
As the distro package is only for Linux based sustems (there is an explicit test to show that it doesn't work on Windows!), I think we need a different way of passing the package information.
The current method looks at the distro for the platform which is executing the tool. This is limiting (as we can see). However if we specifiy the distro type in the command line with a file containing the output from the package manager, this will allow the processing of a distribution information from other platforms. We can still use the current method if we want to scan the local distribution (provided it isn't windows!). Thoughts?
@anthonyharrison that sounds like a much better approach than what I initially had in mind, will take a look in that direction.
Hey @XDRAGON2002 -- are you intending to still work on this?
I'm cleaning up some old pull requests in preparation for the hackathon so if you're not going to work on it this week, I'd recommend we close it and you can re-open later.
Since it's been so long that the logs are gone, I'm going to go ahead and update the branch to main and re-run the tests so we can see where it's at which might help you make a decision on what to do with it.
@terriko I would love to get this merged but due to my classes didn't have enough time on my hands to wrap this up, though looking at this again it's nearly close to completion, but some better design choices can be made.
As my summer break is coming up soon, I suppose I'll reopen this then.