forked from AppThreat/vulnerability-db
-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (100 loc) · 3.6 KB
/
Copy pathpythonapp.yml
File metadata and controls
105 lines (100 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Python matrix CI
on:
pull_request:
workflow_dispatch:
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-15]
python-version: ['3.10', '3.11', '3.12', '3.13', '3.14']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
python-version: ${{ matrix.python-version }}
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '25.x'
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '25'
- name: Install dependencies
run: |
uv sync --all-extras --dev
- name: Lint with flake8
run: |
uv run flake8 . --count --show-source --exit-zero --statistics
- name: Test with pytest
run: |
uv run pytest --cov=vdb test
env:
PYTHONPATH: .
TEST_VDB_HOME: vdb_data
VDB_TEMP_DIR: ${{ runner.temp }}/vdb-temp
- name: Generate SBOM with cdxgen
run: |
npm install -g @cyclonedx/cdxgen
cdxgen -t python -o bom.json . -p --profile research
if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}
- name: CLI tests
run: |
uv sync --all-extras --dev
uv run vdb --cache --only-osv
uv run vdb --bom bom.json
uv run vdb --search "pkg:maven/org.springframework/spring-core@6.0.13"
uv run vdb --search "pkg:maven/org.hibernate.orm/hibernate-core@6.2.9.Final"
uv run vdb --search "pkg:nuget/Microsoft.Data.SqlClient@5.0.1"
uv run vdb --search "pkg:nuget/Microsoft.IdentityModel.JsonWebTokens@6.21.0"
uv run vdb --search "pkg:nuget/System.Drawing.Common@5.0.0"
uv run vdb --search "pkg:npm/eslint-config-prettier@9.1.0"
uv run vdb --search "pkg:npm/eslint-config-prettier@9.1.1"
uv run vdb --search "pkg:npm/eslint-config-prettier@10.1.7"
uv run vdb --search "escape.tech:graphql-armor-max-depth:2.4.0"
uv run vdb --search "pkg:npm/%40escape.tech/graphql-armor-max-depth@2.4.0"
echo "Creating custom vulnerability file..."
mkdir -p custom_vulns
cat > custom_vulns/private.yaml <<EOF
dataType: CVE_RECORD
dataVersion: "5.2"
cveMetadata:
cveId: PRIVATE-CLI-TEST
assignerOrgId: 00000000-0000-4000-8000-000000000000
state: PUBLISHED
datePublished: "2024-01-01T00:00:00Z"
dateUpdated: "2024-01-01T00:00:00Z"
containers:
cna:
providerMetadata:
orgId: 00000000-0000-4000-8000-000000000000
descriptions:
- lang: en
value: "CLI Test Vulnerability"
affected:
- vendor: internal
product: cli-test
packageName: cli-test
packageURL: pkg:pypi/cli-test
versions:
- version: "1.0.0"
status: affected
versionType: semver
EOF
echo "Running search with --custom-data..."
uv run vdb --search pkg:pypi/cli-test@1.0.0 --custom-data custom_vulns
if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}
env:
VDB_IGNORE_OS: true
VDB_TEMP_DIR: ${{ runner.temp }}/vdb-temp