Zip files for test cases

[Hritik14]

Currently the following importers are using zip files in their unit tests.

• rust
• npm

It needs to be discussed if they are required.

[sbs2001]

Did you "grepped" for them in the tests ?

Those are used to simulate git repos in the tests. If you don't zip them then git will emit weird things.

[Hritik14]

I was using the same technique to simulate a git repo in the Mozilla importer though @pombredanne suggests to avoid zips.
I've implemented something like the following for now,

        cls.mock_file_changes = (
            {
                os.path.join(TEST_DATA, "mfsa2005-29.md"),
                os.path.join(TEST_DATA, "mfsa2014-30.md"),
                os.path.join(TEST_DATA, "mfsa2021-01.yml"),
                os.path.join(TEST_DATA, "mfsa2021-06.yml"),
                os.path.join(TEST_DATA, "mfsa2021-04.yml"),
            },
            set(),
        )
...
...
        with patch(
            "vulnerabilities.importers.MozillaDataSource.file_changes",
            return_value=self.mock_file_changes,
        ):
            with patch(
                "vulnerabilities.importers.MozillaDataSource._ensure_repository"
            ):
                runner.run()

[pombredanne]

OK, so using a zip or tar for a special case of a git repo makes sense, but not for plain text test files.

[Hritik14]

@pombredanne the tests for git repo are handled by test cases for GitDataSource along the lines https://github.com/nexB/vulnerablecode/blob/09839b9198aaf970761c21f758a0bc138458fed9/vulnerabilities/tests/test_data_source.py#L98
So, do we really need to duplicate this test ? Files in git can be put as is then use the proposed python mock above to eliminate git specific tests.

[Hritik14]

Don't directly call ImportRunner https://github.com/nexB/vulnerablecode/blob/05fcc64f2b48b186b7f742a2adf869b82293b024/vulnerabilities/tests/test_npm.py#L89