Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: Improve Tests for nvd_api.py file #4877

Open
JigyasuRajput opened this issue Mar 2, 2025 · 2 comments · May be fixed by #4934
Open

test: Improve Tests for nvd_api.py file #4877

JigyasuRajput opened this issue Mar 2, 2025 · 2 comments · May be fixed by #4934

Comments

@JigyasuRajput
Copy link
Contributor

Description

Several functions in cve_bin_tool/nvd_api.py lack proper test coverage.
~~ report

Affected Functions

  • nvd_count_metadata (async, staticmethod)
  • convert_date_to_nvd_date_api2 (staticmethod)
  • get_reject_count_api2 (staticmethod)
  • get_nvd_params (async)
  • validate_nvd_api (async)
  • load_nvd_request (async)
  • get (async)

Steps to Reproduce

Currently, there are no proper tests ensuring the correctness of these functions.

Expected Behavior

  • Unit tests should be written for each function.
  • Mock API calls where necessary to simulate different scenarios.

Suggested Approach

  • Use pytest and unittest.mock for mocking API responses.
  • For async functions, use pytest-asyncio.
  • Ensure coverage for both success and failure cases.
@terriko
Copy link
Contributor

terriko commented Mar 3, 2025

You're not wrong about these, but I just want to note that we need to be extra careful about not abusing the NVD api here, since it's a shared resource under a lot of very big load. Mocked tests are fine, but we should not have any more network tests to any NVD code unless there's a clear benefit.

Note that while we don't have these as part of the coverage numbers, some of these functions are running daily as part of our cache updates, so they're not really going totally untested, they're just not counted by codecov. There's maybe a project to figure out what parts are running daily so we don't have to add additional tests on them, but I'd venture that this is pretty low priority for us. I'd much rather people work on other issues over this one.

@22f1001635
Copy link
Contributor

22f1001635 commented Mar 10, 2025
edited
Loading

Hi @terriko ,
I’m preparing a PR to improve test coverage for nvd_api.py by adding mocked unit tests for key functions (nvd_count_metadata, convert_date_to_nvd_date_api2, get_reject_count_api2, etc.). The changes:

🛠️ Add new tests using AsyncMock/FakeResponse to avoid real NVD API calls.
✅ Validate edge cases (invalid API keys, rejected CVEs, pagination).
🔄 Preserve existing integration tests (skipped by default to avoid API strain).
🚫 Zero breaking changes—existing logic remains untouched.

This aligns with project guidelines to minimize external API usage while ensuring critical paths are tested. However, if I have missed something, Feedback is welcome!

22f1001635 added a commit to 22f1001635/cve-bin-tool that referenced this issue Mar 10, 2025
@22f1001635
fix: improve test_nvd_api intel#4877
0eb1a0a
@22f1001635 22f1001635 linked a pull request Mar 10, 2025 that will close this issue
Open
22f1001635 added a commit to 22f1001635/cve-bin-tool that referenced this issue Mar 18, 2025
@22f1001635
fix: improve test_nvd_api intel#4877
14275b0
22f1001635 added a commit to 22f1001635/cve-bin-tool that referenced this issue Mar 18, 2025
@22f1001635
fix: improve test_nvd_api intel#4877
3b9ed7e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: improve test_nvd_api 22f1001635/cve-bin-tool
3 participants
@terriko @22f1001635 @JigyasuRajput