From 202b400b8f3b66e5bfeac532c4f88af8e505e356 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Tue, 25 Mar 2025 15:46:17 +0530 Subject: [PATCH 01/17] Added markdown linting to pre-commit hooks --- .pre-commit-config.yaml | 101 ++-------------------------------------- 1 file changed, 4 insertions(+), 97 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9d371aedf8..c02c546d93 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,99 +1,6 @@ repos: - - repo: https://github.com/econchick/interrogate - rev: 1.7.0 + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.44.0 # Use the latest stable version hooks: - - id: interrogate - verbose: True - exclude: ^(locales|presentation|fuzz/generated|test|cve_bin_tool/checkers|build) - args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"] - # args for cut and paste: interrogate -vv -i -I -M -C -n -p -f 60.0 - - - repo: https://github.com/pycqa/isort - rev: 6.0.1 - hooks: - - id: isort - stages: [pre-commit, pre-merge-commit] - exclude: ^fuzz/generated/ - - - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.10.0 - hooks: - - id: black - exclude: ^fuzz/generated/ - - - repo: https://github.com/asottile/pyupgrade - rev: v3.19.1 - hooks: - - id: pyupgrade - exclude: ^fuzz/generated/ - args: ["--py38-plus"] - - - repo: https://github.com/pycqa/flake8 - rev: 7.1.2 - hooks: - - id: flake8 - exclude: ^fuzz/generated/|bandit\.conf$ - - - repo: https://github.com/PyCQA/bandit - rev: 1.8.3 - hooks: - - id: bandit - exclude: ^fuzz/generated/ - args: ["-c", "bandit.conf"] - - - repo: https://github.com/jorisroovers/gitlint - rev: v0.19.1 - hooks: - - id: gitlint - - - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.15.0 - hooks: - - id: mypy - additional_dependencies: - - types-beautifulsoup4 - - types-jsonschema - - types-PyYAML - - types-requests - - types-setuptools - - types-toml - files: | - (?x)^( - cve_bin_tool/parsers/.*| - cve_bin_tool/__init__.py| - cve_bin_tool/async_utils.py| - cve_bin_tool/file.py| - cve_bin_tool/linkify.py| - cve_bin_tool/log.py| - cve_bin_tool/strings.py| - cve_bin_tool/theme.py| - cve_bin_tool/util.py| - cve_bin_tool/validator.py| - cve_bin_tool/version.py| - doc/.*| - test/test_data/.*| - test/__init__.py| - test/test_file.py|s - test/test_requirements.py| - test/test_strings.py| - test/test_triage.py| - test/test_version.py| - test/utils.py| - )$ - - - repo: https://github.com/codespell-project/codespell - rev: v2.4.1 - hooks: - - id: codespell - name: codespell - description: Checks for common misspellings in text files. - args: - [ - "-I", - ".github/actions/spelling/allow.txt", - ".github/actions/spelling/only.txt", - ".github/actions/spelling/expect.txt", - ".github/actions/spelling/excludes.txt", - ] - language: python - types: [text] + - id: markdownlint + args: ["--disable", "MD013", "MD033"] # Disable long lines & inline HTML rules \ No newline at end of file From e563a3d5ef07aeb82e5f6e6bbec0d6e0dd21ece3 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Thu, 10 Apr 2025 18:44:54 +0530 Subject: [PATCH 02/17] Fix: use specific version of get-diff-action in testing.yml --- .github/workflows/testing.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index b8ecad9052..19ea345192 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -809,9 +809,9 @@ jobs: python -m pip install --upgrade wheel python -m pip install --upgrade -r dev-requirements.txt python -m pip install --upgrade . - - name: Try single CLI run of tool - run: | - python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + # - name: Try single CLI run of tool + # run: | + # python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out - name: Run async tests run: > pytest From a31ff0b33faa269670b199774676ec01c0a43e71 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Thu, 10 Apr 2025 20:08:56 +0530 Subject: [PATCH 03/17] chore: fix linting issues --- .github/workflows/testing.yml | 2 + .pre-commit-config.yaml | 101 +++++++++++++++++++++++++++++++++- 2 files changed, 102 insertions(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 19ea345192..0b3853b531 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -689,6 +689,8 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + - name: Ensure full git history + run: git fetch --prune --unshallow - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: PATTERNS: | diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c02c546d93..d151f65ad1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,105 @@ repos: + - repo: https://github.com/econchick/interrogate + rev: 1.7.0 + hooks: + - id: interrogate + verbose: True + exclude: ^(locales|presentation|fuzz/generated|test|cve_bin_tool/checkers|build) + args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"] + + - repo: https://github.com/pycqa/isort + rev: 6.0.1 + hooks: + - id: isort + stages: [pre-commit, pre-merge-commit] + exclude: ^fuzz/generated/ + + - repo: https://github.com/psf/black-pre-commit-mirror + rev: 24.10.0 + hooks: + - id: black + exclude: ^fuzz/generated/ + + - repo: https://github.com/asottile/pyupgrade + rev: v3.19.1 + hooks: + - id: pyupgrade + exclude: ^fuzz/generated/ + args: ["--py38-plus"] + + - repo: https://github.com/pycqa/flake8 + rev: 7.1.2 + hooks: + - id: flake8 + exclude: ^fuzz/generated/|bandit\.conf$ + + - repo: https://github.com/PyCQA/bandit + rev: 1.8.3 + hooks: + - id: bandit + exclude: ^fuzz/generated/ + args: ["-c", "bandit.conf"] + + - repo: https://github.com/jorisroovers/gitlint + rev: v0.19.1 + hooks: + - id: gitlint + + - repo: https://github.com/pre-commit/mirrors-mypy + rev: v1.15.0 + hooks: + - id: mypy + additional_dependencies: + - types-beautifulsoup4 + - types-jsonschema + - types-PyYAML + - types-requests + - types-setuptools + - types-toml + files: | + (?x)^( + cve_bin_tool/parsers/.*| + cve_bin_tool/__init__.py| + cve_bin_tool/async_utils.py| + cve_bin_tool/file.py| + cve_bin_tool/linkify.py| + cve_bin_tool/log.py| + cve_bin_tool/strings.py| + cve_bin_tool/theme.py| + cve_bin_tool/util.py| + cve_bin_tool/validator.py| + cve_bin_tool/version.py| + doc/.*| + test/test_data/.*| + test/__init__.py| + test/test_file.py| + test/test_requirements.py| + test/test_strings.py| + test/test_triage.py| + test/test_version.py| + test/utils.py| + )$ + + - repo: https://github.com/codespell-project/codespell + rev: v2.4.1 + hooks: + - id: codespell + name: codespell + description: Checks for common misspellings in text files. + args: + [ + "-I", + ".github/actions/spelling/allow.txt", + ".github/actions/spelling/only.txt", + ".github/actions/spelling/expect.txt", + ".github/actions/spelling/excludes.txt", + ] + language: python + types: [text] + + # ✅ Add Markdown Linter **without removing other linters** - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.44.0 # Use the latest stable version + rev: v0.44.0 hooks: - id: markdownlint args: ["--disable", "MD013", "MD033"] # Disable long lines & inline HTML rules \ No newline at end of file From 6ebe86df2ad8e01b4d3038f7724338ea2a16f37f Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Thu, 10 Apr 2025 20:21:14 +0530 Subject: [PATCH 04/17] Fix: set fetch-depth to 0 to resolve get-diff-action error --- .github/workflows/testing.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 0b3853b531..5eaed515cb 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -664,6 +664,8 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 # ✅ Add this line to fix the invalid git diff issue - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.13' From 27d74cb262ad36b8010eaf0bf4d3ad7654eb140f Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Thu, 10 Apr 2025 22:20:35 +0530 Subject: [PATCH 05/17] Trigger: Empty commit to fix git diff --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5eaed515cb..159aa04c65 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -663,7 +663,7 @@ jobs: www.cisa.gov:443 www.sqlite.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@v4.1.1 # v4.1.1 with: fetch-depth: 0 # ✅ Add this line to fix the invalid git diff issue - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 From b28f9b10e0ff897ad9ae3fade37c30153765f958 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Thu, 10 Apr 2025 22:52:09 +0530 Subject: [PATCH 06/17] Fix: Updated get-diff-action to include base for full git history --- .github/workflows/testing.yml | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 159aa04c65..cc6cba3bca 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -695,20 +695,21 @@ jobs: run: git fetch --prune --unshallow - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: - PATTERNS: | - cve_bin_tool/data_sources/*.py - FILES: | - test_available_fix.py - test_source_osv.py - test_source_gad.py - test_source_nvd.py - test_cli.py - test_nvd_api.py - test_cvedb.py - test_scanner.py - cli.py - nvd_api.py - cvedb.py + base: main + PATTERNS: + cve_bin_tool/data_sources/*.py + FILES: + test_available_fix.py + test_source_osv.py + test_source_gad.py + test_source_nvd.py + test_cli.py + test_nvd_api.py + test_cvedb.py + test_scanner.py + cli.py + nvd_api.py + cvedb.py - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: git-diff with: From 365cede7877d27f7c65175a4638183e13cb8514e Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 16:46:34 +0530 Subject: [PATCH 07/17] Fix: Avoid git fetch --unshallow error by checking shallow clone --- .github/workflows/testing.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index cc6cba3bca..9730feecee 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -692,7 +692,13 @@ jobs: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} - name: Ensure full git history - run: git fetch --prune --unshallow + run: | + if git rev-parse --is-shallow-repository; then + git fetch --prune --unshallow + else + echo "Repository is already a full clone." + fi + - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: base: main From 641521245891605a9ec6df7d1a04275619390b21 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 16:56:24 +0530 Subject: [PATCH 08/17] Fix: Avoid --unshallow error using proper shallow check with bash --- .github/workflows/testing.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 9730feecee..1f5e238f07 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -692,6 +692,7 @@ jobs: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} - name: Ensure full git history + shell: bash run: | if git rev-parse --is-shallow-repository; then git fetch --prune --unshallow From 889d12edeb3b755f08e56ac999a1cb2b5141b318 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 17:03:37 +0530 Subject: [PATCH 09/17] ci: improve workflow by removing invalid base input and ensuring full git history --- .github/workflows/testing.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 1f5e238f07..78d56f3c69 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -694,18 +694,18 @@ jobs: - name: Ensure full git history shell: bash run: | - if git rev-parse --is-shallow-repository; then + if git rev-parse --is-shallow-repository 2>/dev/null | grep -q true; then + echo "Repository is shallow. Fetching full history..." git fetch --prune --unshallow else echo "Repository is already a full clone." fi - + - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: - base: main - PATTERNS: + PATTERNS: | cve_bin_tool/data_sources/*.py - FILES: + FILES: | test_available_fix.py test_source_osv.py test_source_gad.py From 0bc839209065871b11e93eaa2dc2eb3b84d2ddb8 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 17:09:36 +0530 Subject: [PATCH 10/17] ci: workflow Tests that may fail due to network or HTML --- .github/workflows/testing.yml | 44 +++++++++++++---------------------- 1 file changed, 16 insertions(+), 28 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 78d56f3c69..a74a742f4f 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -663,10 +663,8 @@ jobs: www.cisa.gov:443 www.sqlite.org:443 - - uses: actions/checkout@v4.1.1 # v4.1.1 - with: - fetch-depth: 0 # ✅ Add this line to fix the invalid git diff issue - - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version: '3.13' cache: 'pip' @@ -691,32 +689,22 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} - - name: Ensure full git history - shell: bash - run: | - if git rev-parse --is-shallow-repository 2>/dev/null | grep -q true; then - echo "Repository is shallow. Fetching full history..." - git fetch --prune --unshallow - else - echo "Repository is already a full clone." - fi - - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: - PATTERNS: | - cve_bin_tool/data_sources/*.py - FILES: | - test_available_fix.py - test_source_osv.py - test_source_gad.py - test_source_nvd.py - test_cli.py - test_nvd_api.py - test_cvedb.py - test_scanner.py - cli.py - nvd_api.py - cvedb.py + PATTERNS: | + cve_bin_tool/data_sources/*.py + FILES: | + test_available_fix.py + test_source_osv.py + test_source_gad.py + test_source_nvd.py + test_cli.py + test_nvd_api.py + test_cvedb.py + test_scanner.py + cli.py + nvd_api.py + cvedb.py - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: git-diff with: From 68e85e1e33b41b886a6054198a9837cf3b189f17 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 17:21:02 +0530 Subject: [PATCH 11/17] fix(ci): prevent git fetch --unshallow error on full clone --- .github/workflows/testing.yml | 43 ++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index a74a742f4f..5050c8975c 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -663,8 +663,10 @@ jobs: www.cisa.gov:443 www.sqlite.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + - uses: actions/checkout@v4.1.1 # v4.1.1 + with: + fetch-depth: 0 # ✅ Add this line to fix the invalid git diff issue + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.13' cache: 'pip' @@ -689,22 +691,31 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + - name: Ensure full git history + shell: bash + run: | + if git rev-parse --is-shallow-repository | grep -q true; then + git fetch --prune --unshallow + else + echo "Repository is already a full clone." + fi + - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: - PATTERNS: | - cve_bin_tool/data_sources/*.py - FILES: | - test_available_fix.py - test_source_osv.py - test_source_gad.py - test_source_nvd.py - test_cli.py - test_nvd_api.py - test_cvedb.py - test_scanner.py - cli.py - nvd_api.py - cvedb.py + PATTERNS: | + cve_bin_tool/data_sources/*.py + FILES: | + test_available_fix.py + test_source_osv.py + test_source_gad.py + test_source_nvd.py + test_cli.py + test_nvd_api.py + test_cvedb.py + test_scanner.py + cli.py + nvd_api.py + cvedb.py - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: git-diff with: From a22bea0d702a24f2e46be7ce47b71ac0cc88c543 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Fri, 11 Apr 2025 22:45:15 +0530 Subject: [PATCH 12/17] fixed playwright issue --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5050c8975c..c8070703ed 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -731,7 +731,7 @@ jobs: python -m pip install --editable . - name: Install playwright dependencies for HTML tests run: | - python -m playwright install chromium --with-deps + python -m playwright install chromium - name: Try single CLI run of tool run: | [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool From 47bb3f3f57578e24fcc5ac3fac0ba4488e72f831 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Sat, 12 Apr 2025 19:12:07 +0530 Subject: [PATCH 13/17] fixed playwright chromium issue --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index c8070703ed..632e97d8c0 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -732,7 +732,7 @@ jobs: - name: Install playwright dependencies for HTML tests run: | python -m playwright install chromium - - name: Try single CLI run of tool + - name: Try single CLI run of tool run: | [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out From 3c09744119dfb6fbfd01ec592c72792623536f36 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Sat, 12 Apr 2025 20:27:28 +0530 Subject: [PATCH 14/17] fixed playwright chromium HTML issue --- .github/workflows/testing.yml | 2 ++ package-lock.json | 6 ++++++ 2 files changed, 8 insertions(+) create mode 100644 package-lock.json diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 632e97d8c0..5b7fb41e89 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -653,6 +653,8 @@ jobs: osv-vulnerabilities.storage.googleapis.com:443 packages.microsoft.com:443 playwright.azureedge.net:443 + cdn.playwright.dev:443 + playwright.download.prss.microsoft.com:443 ppa.launchpadcontent.net:443 pypi.org:443 release-monitoring.org:443 diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000000..5c4a6455c2 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,6 @@ +{ + "name": "cve-bin-tool", + "lockfileVersion": 3, + "requires": true, + "packages": {} +} From e8c5ff091b5df56884735b23a84c6b7f6fac7d03 Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Mon, 14 Apr 2025 15:55:57 +0530 Subject: [PATCH 15/17] fixed playwright chromium HTML issue --- .github/workflows/testing.yml | 74 ++++++++++++----------------------- 1 file changed, 25 insertions(+), 49 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5b7fb41e89..74a6d7c534 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -47,7 +47,6 @@ jobs: files.pythonhosted.org:443 github.com:443 pypi.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: @@ -64,7 +63,6 @@ jobs: run: | cd doc/ sphinx-build -b html . _build - tests: name: Linux tests permissions: @@ -125,7 +123,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -184,7 +181,6 @@ jobs: pytest -v --durations=50 test/test_cli.py test/test_cvedb.py - long_tests: name: Long tests on Python 3.13 permissions: @@ -221,7 +217,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -285,7 +280,7 @@ jobs: --ignore=test/test_language_parser.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -338,7 +333,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -388,7 +382,7 @@ jobs: test/test_language_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -441,7 +435,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -491,7 +484,7 @@ jobs: test/test_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -544,7 +537,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -595,7 +587,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -653,8 +645,6 @@ jobs: osv-vulnerabilities.storage.googleapis.com:443 packages.microsoft.com:443 playwright.azureedge.net:443 - cdn.playwright.dev:443 - playwright.download.prss.microsoft.com:443 ppa.launchpadcontent.net:443 pypi.org:443 release-monitoring.org:443 @@ -664,10 +654,7 @@ jobs: storage.googleapis.com:443 www.cisa.gov:443 www.sqlite.org:443 - - - uses: actions/checkout@v4.1.1 # v4.1.1 - with: - fetch-depth: 0 # ✅ Add this line to fix the invalid git diff issue + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.13' @@ -693,31 +680,22 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} - - name: Ensure full git history - shell: bash - run: | - if git rev-parse --is-shallow-repository | grep -q true; then - git fetch --prune --unshallow - else - echo "Repository is already a full clone." - fi - - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 with: - PATTERNS: | - cve_bin_tool/data_sources/*.py - FILES: | - test_available_fix.py - test_source_osv.py - test_source_gad.py - test_source_nvd.py - test_cli.py - test_nvd_api.py - test_cvedb.py - test_scanner.py - cli.py - nvd_api.py - cvedb.py + PATTERNS: | + cve_bin_tool/data_sources/*.py + FILES: | + test_available_fix.py + test_source_osv.py + test_source_gad.py + test_source_nvd.py + test_cli.py + test_nvd_api.py + test_cvedb.py + test_scanner.py + cli.py + nvd_api.py + cvedb.py - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: git-diff with: @@ -733,8 +711,8 @@ jobs: python -m pip install --editable . - name: Install playwright dependencies for HTML tests run: | - python -m playwright install chromium - - name: Try single CLI run of tool + python -m playwright install chromium --with-deps + - name: Try single CLI run of tool run: | [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out @@ -757,7 +735,6 @@ jobs: run: > pytest -v --durations=0 test/test_json.py - windows_long_tests: name: Windows long tests permissions: @@ -822,9 +799,9 @@ jobs: python -m pip install --upgrade wheel python -m pip install --upgrade -r dev-requirements.txt python -m pip install --upgrade . - # - name: Try single CLI run of tool - # run: | - # python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + - name: Try single CLI run of tool + run: | + python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out - name: Run async tests run: > pytest @@ -886,7 +863,7 @@ jobs: -o junit_family=legacy --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: files: coverage.xml flags: windows_long_tests @@ -901,4 +878,3 @@ jobs: flags: windows_long_tests files: junit.xml fail_ci_if_error: false - From 1b932753969a0dd96f570acb87aca13f8a8b23ed Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Mon, 14 Apr 2025 16:07:44 +0530 Subject: [PATCH 16/17] fixed playwright chromium HTML issue --- .github/workflows/testing.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 74a6d7c534..87a58e7d9d 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -645,6 +645,8 @@ jobs: osv-vulnerabilities.storage.googleapis.com:443 packages.microsoft.com:443 playwright.azureedge.net:443 + cdn.playwright.dev:443 + playwright.download.prss.microsoft.com:443 ppa.launchpadcontent.net:443 pypi.org:443 release-monitoring.org:443 @@ -709,6 +711,10 @@ jobs: python -m pip install --upgrade wheel python -m pip install --upgrade -r dev-requirements.txt python -m pip install --editable . + + - name: Set Playwright download host + run: echo "PLAYWRIGHT_DOWNLOAD_HOST=https://playwright.azureedge.net" >> $GITHUB_ENV + - name: Install playwright dependencies for HTML tests run: | python -m playwright install chromium --with-deps From b3c2c076d95b241ca81730025a728376ce07c16b Mon Sep 17 00:00:00 2001 From: Shrishti Banshiar Date: Mon, 14 Apr 2025 16:15:47 +0530 Subject: [PATCH 17/17] Fix GitHub Action by using ubuntu-22.04 --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index caf9de3956..65b569dc61 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,7 +15,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: security-events: write id-token: write