Extensive test suite for CPE matching

[nscuro]

Current Behavior

We maintain a custom CPE matching logic, yet our test coverage is very scarce.

Making changes to the existing logic is a high risk, because we don't quite know if it negatively affects matching on real-world data.

Proposed Behavior

Setup a test suite with loads of real-world CPE data.

Note that we also pull versions information from component PURLs if the analyzed component has no CPE assigned to it, so that aspect should be covered as well.

The test subject will be the InternalAnalysisTask.

To cover as much data as possible without having to write too much code, setting up a test that just reads from a CSV file or so would be preferable.

cpe,componentCpe,componentPurl,match
cpe:2.3:a:...,cpe:2.3:a:...,,true
cpe:2.3:a:...,,pkg:maven/...,true

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[RingoDev]

Hi, I would be interested inhelping out here. Do you have a starting point of where somebody could generate such test input data from?

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.