fix: correct unsaved_tags assertions to expect lists and fix tag ordering

Update tests for dependency_check and jfrog_xray_unified parsers to match
the actual list format returned by unsaved_tags, and fix the expected order
of tags for the suppressed-without-notes case in dependency_check.

Author: valentijnscholten

unittests/tools/test_dependency_check_parser.py

@@ -108,7 +108,7 @@ def test_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self):
                     items[1].mitigation,
                     "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description",
                 )
-                self.assertEqual(items[1].unsaved_tags, "related")
+                self.assertEqual(items[1].unsaved_tags, ["related"])
                 self.assertEqual(1, len(items[1].unsaved_vulnerability_ids))
                 self.assertEqual("CVE-0000-0001", items[1].unsaved_vulnerability_ids[0])
 
@@ -258,7 +258,7 @@ def test_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self):
                     items[9].mitigation,
                     "**This vulnerability is mitigated and/or suppressed:** Document on why we are suppressing this vulnerability is missing!\nUpdate jquery:3.1.1 to at least the version recommended in the description",
                 )
-                self.assertEqual(items[9].unsaved_tags, ["suppressed", "no_suppression_document"])
+                self.assertEqual(items[9].unsaved_tags, ["no_suppression_document", "suppressed"])
                 self.assertEqual(items[9].severity, "Critical")
                 self.assertEqual(items[9].cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
                 self.assertEqual(items[9].cvssv3_score, 9.8)
@@ -270,7 +270,7 @@ def test_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self):
                     items[10].mitigation,
                     "**This vulnerability is mitigated and/or suppressed:** This is our reason for not to upgrade it.\nUpdate jquery:3.1.1 to at least the version recommended in the description",
                 )
-                self.assertEqual(items[10].unsaved_tags, "suppressed")
+                self.assertEqual(items[10].unsaved_tags, ["suppressed"])
                 self.assertEqual(items[10].severity, "Critical")
                 self.assertEqual(items[10].cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
                 self.assertEqual(items[10].cvssv3_score, 9.8)

unittests/tools/test_jfrog_xray_unified_parser.py

@@ -33,7 +33,7 @@ def test_parse_file_with_one_vuln(self):
         self.assertIsNotNone(item.mitigation)
         self.assertGreater(len(item.mitigation), 0)
         self.assertEqual("Jinja2", item.component_name)
-        self.assertEqual('"packagetype_pypi"', item.unsaved_tags)
+        self.assertEqual(["packagetype_pypi"], item.unsaved_tags)
         self.assertEqual("2.11.2", item.component_version)
         self.assertEqual("pypi-remote/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -186,7 +186,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertEqual(" is too late.", item.description[-13:])
         self.assertIsNone(item.mitigation)
         self.assertEqual("3.12:sqlite-libs", item.component_name)
-        self.assertEqual('"packagetype_alpine"', item.unsaved_tags)
+        self.assertEqual(["packagetype_alpine"], item.unsaved_tags)
         self.assertEqual("3.32.1-r0", item.component_version)
         self.assertEqual("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__7cba93c3dde21c78fe07ee3f8ed8d82d05bf00415392606401df8a7d72057b5b/", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -209,7 +209,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertEqual("(Affected 1.0.2-1.0.2w).", item.description[-24:])
         self.assertIsNone(item.mitigation)
         self.assertEqual("ubuntu:bionic:libssl1.1", item.component_name)
-        self.assertEqual('"packagetype_debian"', item.unsaved_tags)
+        self.assertEqual(["packagetype_debian"], item.unsaved_tags)
         self.assertEqual("1.1.1-1ubuntu2.1~18.04.6", item.component_version)
         self.assertEqual("dockerhub-remote/library/mongo/sha256__31f6433f7cfcd2180483e40728cbf97142df1e85de36d80d75c93e5e7fe10405/", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -233,7 +233,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertIsNotNone(item.mitigation)
         self.assertGreater(len(item.mitigation), 0)
         self.assertEqual("github.com/docker/docker", item.component_name)
-        self.assertEqual('"packagetype_go"', item.unsaved_tags)
+        self.assertEqual(["packagetype_go"], item.unsaved_tags)
         self.assertEqual("1.4.2-0.20200203170920-46ec8731fbce", item.component_version)
         self.assertEqual("dockerhub-remote/fluxcd/helm-controller/sha256__27790f965d8965884e8dfc12cba0d1f609794a1abc69bc81a658bd76e463ffce/", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -255,7 +255,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertEqual("sensitive information.", item.description[-22:])
         self.assertIsNone(item.mitigation)
         self.assertEqual("com.fasterxml.jackson.core:jackson-databind", item.component_name)
-        self.assertEqual('"packagetype_maven"', item.unsaved_tags)
+        self.assertEqual(["packagetype_maven"], item.unsaved_tags)
         self.assertEqual("2.10.4", item.component_version)
         self.assertEqual("elastic-docker-remote/elasticsearch/elasticsearch/7.9.1-amd64/", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -279,7 +279,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertIsNotNone(item.mitigation)
         self.assertGreater(len(item.mitigation), 0)
         self.assertEqual("jquery", item.component_name)
-        self.assertEqual('"packagetype_npm"', item.unsaved_tags)
+        self.assertEqual(["packagetype_npm"], item.unsaved_tags)
         self.assertEqual("3.4.1", item.component_version)
         self.assertEqual("pypi-remote/cc/94/5f7079a0e00bd6863ef8f1da638721e9da21e5bacee597595b318f71d62e/Werkzeug-1.0.1-py2.py3-none-any.whl", item.file_path)
         self.assertIsNotNone(item.severity_justification)
@@ -303,7 +303,7 @@ def test_parse_file_with_very_many_vulns(self):
         self.assertIsNotNone(item.mitigation)
         self.assertGreater(len(item.mitigation), 0)
         self.assertEqual("pip", item.component_name)
-        self.assertEqual('"packagetype_pypi"', item.unsaved_tags)
+        self.assertEqual(["packagetype_pypi"], item.unsaved_tags)
         self.assertEqual("20.2.3", item.component_version)
         self.assertEqual("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__4b5a25c8dbac9637f8e680566959fdccd1a98d74ce2f2746f9b0f9ff6b57d03b/", item.file_path)
         self.assertIsNotNone(item.severity_justification)