In [1]:
import commons


# this is a list of features which are used in the Project Security Testing Score
features = [
    'Security reviews for an open-source project',
    'If an open-source project is regularly scanned for vulnerable dependencies'
]

class TestVector(commons.BaseTestVector):
        
    def __init__(self, alias = ''):
        super().__init__(features, alias)

    def security_reviews(self, value):
        return self.set('Security reviews for an open-source project', value)

    def scans_for_vulnerable_dependencies(self, value):
        return self.set('If an open-source project is regularly scanned for vulnerable dependencies', value)


test_vector_list = commons.TestVectorList(features)

In [2]:
# common constants
from datetime import datetime
from datetime import timedelta

today = datetime.today()
one_year_ago = today - timedelta(days = 365)
five_years_ago = today - timedelta(days = 5 * 365)

def security_review(when, link = '', who = ''):
    if isinstance(when, datetime):
        when = when.strftime('%Y-%m-%d')
    return {
        'when': when,
        'who': who,
        'link': link
    }

def security_reviews(entries):
    result = { 'reviews': [] }
    for entry in entries:
        result['reviews'].append(entry)
    return result

no_security_reviews = security_reviews([])

one_security_review = security_reviews([
    security_review(when = one_year_ago, link = 'https://site/proof', who = 'Wolfgang Amadeus Mozart')
])

In [3]:
all_unknown_values = TestVector().score_from(0.0).score_to(0.1)
test_vector_list.register(all_unknown_values)

test_vector_list.register(
    TestVector()
        .security_reviews(no_security_reviews)
        .scans_for_vulnerable_dependencies(False)
        .score_from(0.0)
        .score_to(1.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews('unknown')
        .scans_for_vulnerable_dependencies(False)
        .score_from(0.0)
        .score_to(1.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews(one_security_review)
        .scans_for_vulnerable_dependencies(False)
        .score_from(4.0)
        .score_to(7.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews(one_security_review)
        .scans_for_vulnerable_dependencies('unknown')
        .score_from(4.0)
        .score_to(7.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews(no_security_reviews)
        .scans_for_vulnerable_dependencies(True)
        .score_from(3.0)
        .score_to(6.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews('unknown')
        .scans_for_vulnerable_dependencies(True)
        .score_from(3.0)
        .score_to(6.0)
)

test_vector_list.register(
    TestVector()
        .security_reviews(one_security_review)
        .scans_for_vulnerable_dependencies(True)
        .score_from(7.0)
        .score_to(10.0)
)

registered: test_vector_0
registered: test_vector_1
registered: test_vector_2
registered: test_vector_3
registered: test_vector_4
registered: test_vector_5
registered: test_vector_6
registered: test_vector_7


In [4]:
test_vector_list.check()

In [5]:
# define test vectors
test_vectors = test_vector_list.make_data_frame()

# store the test vectors to a CSV file
filename = '../../../resources/com/sap/sgs/phosphor/fosstars/model/score/oss/ProjectSecurityTestingScoreTestVectors.csv'
test_vectors.to_csv(filename)

# print out the test vectors
test_vectors

Unnamed: 0,alias,score_from,score_to,label,Security reviews for an open-source project,If an open-source project is regularly scanned for vulnerable dependencies
0,test_vector_0,0.0,0.1,,unknown,unknown
1,test_vector_1,0.0,1.0,,{'reviews': []},False
2,test_vector_2,0.0,1.0,,unknown,False
3,test_vector_3,4.0,7.0,,"{'reviews': [{'when': '2019-02-13', 'who': 'Wo...",False
4,test_vector_4,4.0,7.0,,"{'reviews': [{'when': '2019-02-13', 'who': 'Wo...",unknown
5,test_vector_5,3.0,6.0,,{'reviews': []},True
6,test_vector_6,3.0,6.0,,unknown,True
7,test_vector_7,7.0,10.0,,"{'reviews': [{'when': '2019-02-13', 'who': 'Wo...",True
