Add tests for OSS-FUZZ

TG1999 · TG1999 · commit 715bf8291d74 · 2025-07-16T19:20:57.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/tests/pipelines/test_curl_importer_v2.py b/vulnerabilities/tests/pipelines/test_curl_importer_v2.py
@@ -1,6 +1,10 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
 
 from datetime import datetime
diff --git a/vulnerabilities/tests/pipelines/test_istio_importer_v2.py b/vulnerabilities/tests/pipelines/test_istio_importer_v2.py
@@ -1,3 +1,12 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
 import tempfile
 from pathlib import Path
 from textwrap import dedent
diff --git a/vulnerabilities/tests/pipelines/test_oss_fuzz_v2.py b/vulnerabilities/tests/pipelines/test_oss_fuzz_v2.py
@@ -0,0 +1,55 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import pytest
+from unittest import mock
+
+import yaml
+from vulnerabilities.pipelines.v2_importers.oss_fuzz import OSSFuzzImporterPipeline
+from vulnerabilities.importer import AdvisoryData
+
+
+@pytest.mark.django_db
+def test_collect_advisories_parses_yaml_correctly(tmp_path):
+    advisory_path = tmp_path / "vulns" / "dummy_project"
+    advisory_path.mkdir(parents=True)
+    yaml_file = advisory_path / "CVE-2024-1234.yaml"
+
+    advisory_dict = {
+        "id": "CVE-2024-1234",
+        "summary": "Some summary here",
+        "affected": [
+            {
+                "package": {"name": "some-lib"},
+                "versions": ["1.0.0"]
+            }
+        ]
+    }
+    yaml_file.write_text(yaml.dump(advisory_dict), encoding="utf-8")
+
+    pipeline = OSSFuzzImporterPipeline()
+    pipeline.vcs_response = mock.Mock()
+    pipeline.vcs_response.dest_dir = tmp_path
+
+    advisories = list(pipeline.collect_advisories())
+    assert len(advisories) == 1
+    assert advisories[0].advisory_id == "CVE-2024-1234"
+    assert advisories[0].summary == "Some summary here"
+
+
+@pytest.mark.django_db
+def test_advisories_count(tmp_path):
+    (tmp_path / "vulns" / "project").mkdir(parents=True)
+    (tmp_path / "vulns" / "project" / "CVE-2023-0001.yaml").write_text("id: CVE-2023-0001")
+    (tmp_path / "vulns" / "project" / "CVE-2023-0002.yaml").write_text("id: CVE-2023-0002")
+
+    pipeline = OSSFuzzImporterPipeline()
+    pipeline.vcs_response = mock.Mock()
+    pipeline.vcs_response.dest_dir = tmp_path
+
+    assert pipeline.advisories_count() == 2

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,10 @@`
`1`	`1`	`#`
`2`	`2`	`# Copyright (c) nexB Inc. and others. All rights reserved.`
	`3`	`+# VulnerableCode is a trademark of nexB Inc.`
`3`	`4`	`# SPDX-License-Identifier: Apache-2.0`
	`5`	`+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.`
	`6`	`+# See https://github.com/aboutcode-org/vulnerablecode for support or download.`
	`7`	`+# See https://aboutcode.org for more information about nexB OSS projects.`
`4`	`8`	`#`
`5`	`9`
`6`	`10`	`from datetime import datetime`