From 34c8f0fb9794582b655902acd47dc6ef7db6e0b8 Mon Sep 17 00:00:00 2001
From: Andrew Pollock <apollock@google.com>
Date: Mon, 4 Nov 2024 06:12:12 +0000
Subject: [PATCH 1/2] fix(redhat_osv): restructure test data

This commit restructures the test data so that CSAF and OSV data is not
co-mingled in the same directory. It is an attept to address

```
$ go install github.com/ossf/osv-schema/tools/osv-linter@latest
go: downloading github.com/ossf/osv-schema v1.6.7
go: github.com/ossf/osv-schema/tools/osv-linter@latest: create zip: tools/redhat/testdata/rhsa-2024_4546.json: case-insensitive file name collision: "tools/redhat/testdata/RHSA-2024_4546.json" and "tools/redhat/testdata/rhsa-2024_4546.json"
```

Signed-off-by: Andrew Pollock <apollock@google.com>
---
 tools/redhat/redhat_osv/convert_redhat_test.py       | 4 ++--
 tools/redhat/redhat_osv/osv_test.py                  | 2 +-
 tools/redhat/testdata/{ => CSAF}/rhsa-2003_315.json  | 0
 tools/redhat/testdata/{ => CSAF}/rhsa-2015_0008.json | 0
 tools/redhat/testdata/{ => CSAF}/rhsa-2024_4546.json | 0
 tools/redhat/testdata/{ => CSAF}/rhsa-2024_6220.json | 0
 tools/redhat/testdata/{ => OSV}/RHSA-2024_4546.json  | 0
 tools/redhat/testdata/{ => OSV}/RHSA-2024_6220.json  | 0
 8 files changed, 3 insertions(+), 3 deletions(-)
 rename tools/redhat/testdata/{ => CSAF}/rhsa-2003_315.json (100%)
 rename tools/redhat/testdata/{ => CSAF}/rhsa-2015_0008.json (100%)
 rename tools/redhat/testdata/{ => CSAF}/rhsa-2024_4546.json (100%)
 rename tools/redhat/testdata/{ => CSAF}/rhsa-2024_6220.json (100%)
 rename tools/redhat/testdata/{ => OSV}/RHSA-2024_4546.json (100%)
 rename tools/redhat/testdata/{ => OSV}/RHSA-2024_6220.json (100%)

diff --git a/tools/redhat/redhat_osv/convert_redhat_test.py b/tools/redhat/redhat_osv/convert_redhat_test.py
index fa0a751..78cb7dc 100644
--- a/tools/redhat/redhat_osv/convert_redhat_test.py
+++ b/tools/redhat/redhat_osv/convert_redhat_test.py
@@ -15,8 +15,8 @@ def test_convert_redhat(self):
             """ Test a single demo CSAF file """
             modified_time = datetime.strptime("2024-09-02T14:30:00",
                                               "%Y-%m-%dT%H:%M:%S")
-            csaf_file = f"testdata/rhsa-{test_advisory}.json"
-            expected_file = f"testdata/RHSA-{test_advisory}.json"
+            csaf_file = f"testdata/CSAF/rhsa-{test_advisory}.json"
+            expected_file = f"testdata/OSV/RHSA-{test_advisory}.json"
 
             with open(csaf_file, "r", encoding="utf-8") as fp:
                 csaf_data = fp.read()
diff --git a/tools/redhat/redhat_osv/osv_test.py b/tools/redhat/redhat_osv/osv_test.py
index 549614f..a02d8b3 100644
--- a/tools/redhat/redhat_osv/osv_test.py
+++ b/tools/redhat/redhat_osv/osv_test.py
@@ -15,7 +15,7 @@ class ScoreTest(unittest.TestCase):
     def test_missing_cvss_v3(self):
         """Test parsing a CSAF file with missing CVSSv3 score"""
         for test_csaf_file in self.test_csaf_files:
-            csaf_file = f"testdata/{test_csaf_file}"
+            csaf_file = f"testdata/CSAF/{test_csaf_file}"
             with open(csaf_file, "r", encoding="utf-8") as fp:
                 csaf_data = fp.read()
             csaf = CSAF(csaf_data)
diff --git a/tools/redhat/testdata/rhsa-2003_315.json b/tools/redhat/testdata/CSAF/rhsa-2003_315.json
similarity index 100%
rename from tools/redhat/testdata/rhsa-2003_315.json
rename to tools/redhat/testdata/CSAF/rhsa-2003_315.json
diff --git a/tools/redhat/testdata/rhsa-2015_0008.json b/tools/redhat/testdata/CSAF/rhsa-2015_0008.json
similarity index 100%
rename from tools/redhat/testdata/rhsa-2015_0008.json
rename to tools/redhat/testdata/CSAF/rhsa-2015_0008.json
diff --git a/tools/redhat/testdata/rhsa-2024_4546.json b/tools/redhat/testdata/CSAF/rhsa-2024_4546.json
similarity index 100%
rename from tools/redhat/testdata/rhsa-2024_4546.json
rename to tools/redhat/testdata/CSAF/rhsa-2024_4546.json
diff --git a/tools/redhat/testdata/rhsa-2024_6220.json b/tools/redhat/testdata/CSAF/rhsa-2024_6220.json
similarity index 100%
rename from tools/redhat/testdata/rhsa-2024_6220.json
rename to tools/redhat/testdata/CSAF/rhsa-2024_6220.json
diff --git a/tools/redhat/testdata/RHSA-2024_4546.json b/tools/redhat/testdata/OSV/RHSA-2024_4546.json
similarity index 100%
rename from tools/redhat/testdata/RHSA-2024_4546.json
rename to tools/redhat/testdata/OSV/RHSA-2024_4546.json
diff --git a/tools/redhat/testdata/RHSA-2024_6220.json b/tools/redhat/testdata/OSV/RHSA-2024_6220.json
similarity index 100%
rename from tools/redhat/testdata/RHSA-2024_6220.json
rename to tools/redhat/testdata/OSV/RHSA-2024_6220.json

From 9707694f119de0a6d5ae429219313fa556c9ec2e Mon Sep 17 00:00:00 2001
From: Andrew Pollock <apollock@google.com>
Date: Tue, 5 Nov 2024 05:50:25 +0000
Subject: [PATCH 2/2] fix(redhat_osv): link to comment for additional context

This commit adds a link to additional context for posterity.

I personally found this line odd and confusing and received an explanation,
so figured not to let it go to waste...
Signed-off-by: Andrew Pollock <apollock@google.com>
---
 tools/redhat/redhat_osv/osv_test.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/redhat/redhat_osv/osv_test.py b/tools/redhat/redhat_osv/osv_test.py
index a02d8b3..47ca207 100644
--- a/tools/redhat/redhat_osv/osv_test.py
+++ b/tools/redhat/redhat_osv/osv_test.py
@@ -27,6 +27,7 @@ def test_missing_cvss_v3(self):
                     for remediation in vuln.remediations:
                         assert "@" in remediation.purl
 
+                # See https://github.com/ossf/osv-schema/pull/308#issuecomment-2456061864
                 osv = OSV(csaf, "test_date")
                 assert not hasattr(osv, "severity")
                 for affected in osv.affected: