From 45d6f6f0c636d27a69cc8af3c4980834ea43b061 Mon Sep 17 00:00:00 2001
From: Terri Oda <terri@toybox.ca>
Date: Sat, 15 Jul 2023 12:30:11 -0700
Subject: [PATCH 1/2] test: fix tests broken by improved data

* Fixes #3157

The improvement to avoid data from multiple sources from clobbering
each other caused a few tests to suddenly get new results, so they
needed to be updated.

This doesn't feel like the most "correct" fix for the package lsit parser's
test_valid_ubuntu_list, but that one may need more investigation. This
should be ok as a workaround while we sort out the data issue that's
causing us to get "unknown" vendors.

Signed-off-by: Terri Oda <terri@toybox.ca>
---
 test/language_data/fail_pom.xml  | 13 +------------
 test/test_language_scanner.py    | 12 ++++++------
 test/test_package_list_parser.py |  6 +++---
 3 files changed, 10 insertions(+), 21 deletions(-)

diff --git a/test/language_data/fail_pom.xml b/test/language_data/fail_pom.xml
index 8d104ce7c2..42ff70065a 100644
--- a/test/language_data/fail_pom.xml
+++ b/test/language_data/fail_pom.xml
@@ -27,11 +27,6 @@
 
   <dependencyManagement>
     <dependencies>
-      <dependency>
-        <groupId>commons-io</groupId>
-        <artifactId>commons-io</artifactId>
-        <version>2.11.0</version>
-      </dependency>
       <dependency>
         <groupId>org.apache.maven</groupId>
         <artifactId>maven-plugin-api</artifactId>
@@ -61,12 +56,6 @@
       <version>1.1.0</version>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.hamcrest</groupId>
-      <artifactId>hamcrest</artifactId>
-      <version>2.2</version>
-      <scope>test</scope>
-    </dependency>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-engine</artifactId>
@@ -500,4 +489,4 @@
     </profile>
   </profiles>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py
index 62fd1917cb..1ed18bd455 100644
--- a/test/test_language_scanner.py
+++ b/test/test_language_scanner.py
@@ -162,17 +162,17 @@ def setup_class(cls):
         print("Database setup complete.")
 
     @pytest.mark.parametrize(
-        "filename, product_name",
-        (((str(TEST_FILE_PATH / "pom.xml")), "commons_io"),),
+        "filename, product_list",
+        (((str(TEST_FILE_PATH / "pom.xml")), ["commons-io", "hamcrest"]),),
     )
-    def test_java_package(self, filename: str, product_name: str) -> None:
+    def test_java_package(self, filename: str, product_list: set[str]) -> None:
         scanner = VersionScanner()
         scanner.file_stack.append(filename)
-        # Only expecting to get one product with a vendor in the database
+        # check list of product_names
         for product in scanner.scan_file(filename):
             if product:
                 product_info, file_path = product
-        assert product_info.product == product_name
+        assert product_info.product in product_list
         assert file_path == filename
 
     @pytest.mark.parametrize(
@@ -217,7 +217,7 @@ def test_language_package_none_found(self, filename: str) -> None:
             (str(TEST_FILE_PATH / "cpanfile"), PERL_PRODUCTS),
         ],
     )
-    def test_language_package(self, filename: str, products) -> None:
+    def test_language_package(self, filename: str, products: set[str]) -> None:
         scanner = VersionScanner()
         scanner.file_stack.append(filename)
         found_product = []
diff --git a/test/test_package_list_parser.py b/test/test_package_list_parser.py
index 96a9fef880..625cd8be29 100644
--- a/test/test_package_list_parser.py
+++ b/test/test_package_list_parser.py
@@ -59,19 +59,19 @@ class TestPackageListParser:
 
     UBUNTU_PARSED_TRIAGE_DATA = {
         ProductInfo(
-            vendor="gnu*", product="bash", version=UBUNTU_PACKAGE_VERSIONS[0]
+            vendor="unknown", product="bash", version=UBUNTU_PACKAGE_VERSIONS[0]
         ): {
             "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(
-            vendor="gnu*", product="binutils", version=UBUNTU_PACKAGE_VERSIONS[1]
+            vendor="unknown", product="binutils", version=UBUNTU_PACKAGE_VERSIONS[1]
         ): {
             "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(
-            vendor="gnu*", product="wget", version=UBUNTU_PACKAGE_VERSIONS[2]
+            vendor="unknown", product="wget", version=UBUNTU_PACKAGE_VERSIONS[2]
         ): {
             "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},

From 52906e935fcc92b7412051c59fbe4251d3a76267 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 15 Jul 2023 19:34:55 +0000
Subject: [PATCH 2/2] chore(deps): bump technote-space/get-diff-action from
 6.1.2 to 6.1.3

Bumps [technote-space/get-diff-action](https://github.com/technote-space/get-diff-action) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/technote-space/get-diff-action/releases)
- [Changelog](https://github.com/technote-space/get-diff-action/blob/main/.releasegarc)
- [Commits](https://github.com/technote-space/get-diff-action/compare/f27caffdd0fb9b13f4fc191c016bb4e0632844af...32707cfc11d81d19dfe37ec5201c269b32b15139)

---
updated-dependencies:
- dependency-name: technote-space/get-diff-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/testing.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index c81bb85e8a..74dd965864 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -156,7 +156,7 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-      - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
+      - uses: technote-space/get-diff-action@32707cfc11d81d19dfe37ec5201c269b32b15139 # v6.1.3
         with:
           PATTERNS: |
             cve_bin_tool/checkers/*.py
@@ -253,7 +253,7 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-      - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
+      - uses: technote-space/get-diff-action@32707cfc11d81d19dfe37ec5201c269b32b15139 # v6.1.3
         with:
           PATTERNS: |
             cve_bin_tool/data_sources/*.py