test: fix to prevent unknown vendor overwrite

[terriko]

In #3963, @jananir640 has added some code to avoid having data with missing vendors over-ride data we have with vendors included.

I've seen this happen on occasion in CI so I suspect we have at least some tests that will trigger this case if we load bad data in over top of existing data, but it would be nice to have a more explicit test. Because the code is right in generate_sbom writing a test may be a bit complicated and require some mocking of the database to make this work, so this is likely not a beginner-friendly issue.

[inosmeet]

Hey @terriko! I would like to try this one (if doable). Can you help me get started?

[terriko]

Honestly, I'm not sure how to start here myself, but you're trying to trigger this if statement:

            if not (
                (my_package.get_name(), my_package.get_value("version"))
                in sbom_packages
                and product_data.vendor == "unknown"
            ):

So figuring out how to set or mock each of those things would be the first place to start. Back up from there and figure out where each of those comes from and see if you can throw different data into it.

The mock docs will likely help: https://docs.python.org/3/library/unittest.mock-examples.html

[terriko]

Alternative solution: if testing it where the code is now is totally onerous, there's also the option to refactor it into something that's easier to test.