Add tests using real files

[terriko]

To make the basic test suite run quickly, we use "faked" binary files to test the CVE mappings. However, we want to be able to test real files to test that the signatures work on real-world data.

In #99, I've added a _file_test function (to match the existing _binary_test) that takes a url, and package name and a version, and downloads the file, runs the scanner against it, and makes sure it is the file that you've specified. But we need more tests!

• Existing tests are in test/
• You can see the scanner tests in 'tests/test_scanner.py'
• To add a new test, find an appropriate publicly available file (linux distribution packages and public releases of the packages itself are ideal)
• Make sure to hide it behind the LONG_TESTS flag so we aren't doing huge number of downloads for every test suite run

    @unittest.skipUnless(os.getenv('LONG_TESTS') == '1', 'Skipping long tests')
    def test_rpm_curl_7_32_0(self):
        """
        test to see if we detect a real copy of curl 7.32.0
        """
        self._file_test(
            'https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/20/Everything/x86_64/os/Packages/c/',
            'curl-7.32.0-3.fc20.x86_64.rpm',
            'curl',
            '7.32.0')

I'd like to have at least one test for every checker, and it would be nice to have some different sources for each as well. For example, for packages available in common Linux distributions, we might want to have one from fedora, one from debian, and one direct from upstream to show that we detect all those versions.

[terriko]

(Adding the gsoc tag since this is a good easy PR for prospective GSoC students)

[terriko]

Note that when you test this, you'll need to enable LONG_TESTS as follows:

LONG_TESTS=1 python -m unittest test.test_scanner.TestScanner.test_rpm_curl_7_32_0

[terriko]

All of the checkers currently have at least one file test as of #125. We have confirmed that some signatures work on some packages but not others, so if you're looking to add new tests of this type, I recommend trying to make sure you get ones in different formats or from different distributions. For example, if there's already a .rpm from fedora, try adding a .deb from debian or a .tar.gz from the developer.

[terriko]

This needs to be updated with the new test setup