cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard
verified publisher icon intel

perf(scanner,test): speed up language tests (lazy DB, short-circuit, smaller fixtures)

Open gheyderov opened this issue 3 months ago • 2 comments

What’s in this PR

  • Lazy CVE DB: Initialize CVEDB only when binary checkers are used (language-only scans don’t create a DB).
  • Language short-circuit: If the filename is a known language fixture (e.g., pom.xml, package-lock.json, PKG-INFO), skip the expensive file-type subprocess checks and call parse(...) directly.
  • Smaller fixtures: Shrink test/language_data/fail_pom.xml and fail-package-lock.json to minimal valid samples; behaviour unchanged (these are none_found tests).

Before vs After (on my machine)

  • test_language_package_none_found (fail_pom.xml): 0.18s → 0.13s

Notes

  • No functional changes; assertions remain identical.
  • Checker loading is cached; DB is now lazy; language path avoids subprocess calls.
  • Closes #4321

gheyderov avatar Oct 10 '25 08:10 gheyderov

Hi 👋, this PR is part of Hacktoberfest. If it looks good, could you please add the hacktoberfest-accepted label or review it? 🙏 Thanks!

gheyderov avatar Oct 10 '25 08:10 gheyderov

I don't think this PR actually does what your comment above says, but it looks harmless so I've set the tests to run anyhow.

terriko avatar Oct 13 '25 15:10 terriko