Fix tests.

src/skjold/sources/gemnasium.py

@@ -38,7 +38,6 @@ def source(self) -> str:
 
     @property
     def severity(self) -> str:
-
         for field in ["cvss_v3", "cvss_v2"]:
             vector = self._json.get(field, None)
             if vector:
@@ -72,7 +71,7 @@ def vulnerable_version_range(self) -> List[specifiers.SpecifierSet]:
         affected_range = self._json["affected_range"]
 
         # Gemnasium sometimes uses spaces instead of commas for ranges
-        affected_range = affected_range.strip().replace(' ', ',')
+        affected_range = affected_range.strip().replace(" ", ",")
 
         # Gemnasium seems to invalidate/withdraw advisories by marking them this way.
         # See pypi/pyspark/CVE-2020-27218.yml#L11 in gemnasium-db.
@@ -85,6 +84,11 @@ def vulnerable_version_range(self) -> List[specifiers.SpecifierSet]:
         vulnerable_versions = []
 
         for spec in affected_range.split("||"):
+            # Workaround to ensure that we strip any trailing dots from ranges/specs e.g. >=1.2.,<=2.0.
+            spec = spec.replace(".,", ",")
+            if "," in spec and spec.endswith("."):
+                spec = spec[:-1]
+
             vulnerable_versions.append(specifiers.SpecifierSet(spec, prereleases=True))
         return vulnerable_versions
 
@@ -102,7 +106,6 @@ def is_affected(self, version: str) -> bool:
 
 
 class Gemnasium(SecurityAdvisorySource):
-
     _url = "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/archive/master/gemnasium-db-master.tar.gz"
     _name = "gemnasium"
 

tests/fixtures/formats/ignore/all

@@ -23,4 +23,9 @@ ignore:
   - expires: 2100-01-01T00:00:00+0000
     package: urllib3
     reason: No remediation available.
+  PYSEC-2023-212:
+  - expires: 2100-01-01T00:00:00+0000
+    package: urllib3
+    reason: No remediation available.
+
 version: "1.0"

tests/test_cli.py

@@ -78,7 +78,7 @@ def test_vulnerable_package_with_ignore_list_via_env(
 
     result = runner.invoke(cli, args=["audit", "-"], input=input_, obj=config)
 
-    assert "Ignored 6 finding(s)!" in result.stderr
+    assert "Ignored 7 finding(s)!" in result.stderr
     assert "No vulnerable packages found!" in result.stderr
     assert result.exit_code == 0
 
@@ -105,7 +105,7 @@ def test_vulnerable_package_with_ignore_list_via_cli(
         cli, args=["audit", "-i", ignore_path, "-"], input=input_, obj=config
     )
 
-    assert "Ignored 6 finding(s)!" in result.stderr
+    assert "Ignored 7 finding(s)!" in result.stderr
     assert "No vulnerable packages found!" in result.stderr
     assert result.exit_code == 0
 

tests/test_gemnasium.py

@@ -160,4 +160,7 @@ def test_ensure_gemnasium_update(cache_dir: str) -> None:
     assert found and len(findings) > 0
 
     found, findings = source.is_vulnerable_package(Dependency("Django", "2.3.0"))
+    assert found is True and len(findings) > 0
+
+    found, findings = source.is_vulnerable_package(Dependency("Django", "3.2.25"))
     assert found is False and len(findings) == 0

tests/test_pyup.py

@@ -110,7 +110,8 @@ def test_ensure_is_affected_single(
         ("pyup", Dependency("werkzeug", "0.12"), True),
         ("pyup", Dependency("werkzeug", "1.0.0"), True),
         ("pyup", Dependency("werkzeug", "1.0.1"), True),
-        ("pyup", Dependency("werkzeug", "2.2.3"), False),
+        ("pyup", Dependency("werkzeug", "2.2.3"), True),
+        ("pyup", Dependency("werkzeug", "3.0.1"), False),
         ("pyup", Dependency("does-not-exist", "0"), False),
     ],
 )
@@ -120,7 +121,6 @@ def test_ensure_source_is_affected_single(
     is_vulnerable: bool,
     cache_dir: str,
 ) -> None:
-
     from skjold.tasks import _sources
 
     assert source_name in _sources