diff --git a/test/test_source_osv.py b/test/test_source_osv.py index 90cba79889..716023b959 100644 --- a/test/test_source_osv.py +++ b/test/test_source_osv.py @@ -11,6 +11,7 @@ import aiohttp import pytest +import requests from cve_bin_tool.data_sources import osv_source @@ -27,36 +28,7 @@ def teardown_class(cls): shutil.rmtree(cls.osv.cachedir) osv_url = "https://osv-vulnerabilities.storage.googleapis.com/" - - ecosystems = [ - "Android", - "DWF", - "Debian", - "Debian:10", - "Debian:11", - "Debian:3.0", - "Debian:3.1", - "Debian:4.0", - "Debian:5.0", - "Debian:6.0", - "Debian:7", - "Debian:8", - "Debian:9", - "GSD", - "Go", - "Hex", - "JavaScript", - "Linux", - "Maven", - "NuGet", - "OSS-Fuzz", - "Packagist", - "PyPI", - "RubyGems", - "UVI", - "crates.io", - "npm", - ] + ecosystems_url = "https://osv-vulnerabilities.storage.googleapis.com/ecosystems.txt" zip_namelist = [ "GSD-2021-1000000.json", @@ -198,7 +170,18 @@ def teardown_class(cls): async def test_update_ecosystems(self): await self.osv.update_ecosystems() - assert all(x in self.osv.ecosystems for x in self.ecosystems) + ecosystems_txt = requests.get(self.ecosystems_url, timeout=300).text.strip("\n") + expected_ecosystems = set(ecosystems_txt.split("\n")) + + # Because ecosystems.txt does not contain the complete list, this must be + # manually fixed up. + expected_ecosystems.add("DWF") + expected_ecosystems.add("JavaScript") + + # Assert that there are no missing ecosystems + assert all(x in self.osv.ecosystems for x in expected_ecosystems) + # Assert that there are no extra ecosystems + assert all(x in expected_ecosystems for x in self.osv.ecosystems) @pytest.mark.asyncio @pytest.mark.skipif(not EXTERNAL_SYSTEM(), reason="Needs network connection.")