test: add test for null byte in filename

[terriko]

Simple test to make sure that null bytes are handled correctly in filenames specified on the command line.

This is a kind of useless attack in practice for cve-bin-tool: you can only scan files you already have access to on the system so there's not much point in trying to disguise a file with a null byte. But since it's a relatively small test to prove that this isn't an issue for security compliance reasons, I'm just going to go ahead and add it.

[codecov-commenter]

Codecov Report

Merging #1635 (fc0bfac) into main (9e32cd7) will increase coverage by 2.31%.
The diff coverage is 61.11%.

@@            Coverage Diff             @@
##             main    #1635      +/-   ##
==========================================
+ Coverage   78.49%   80.81%   +2.31%     
==========================================
  Files         291      291              
  Lines        5975     5993      +18     
  Branches      980      982       +2     
==========================================
+ Hits         4690     4843     +153     
+ Misses       1072      941     -131     
+ Partials      213      209       -4     

Flag	Coverage Δ
longtests	80.81% <61.11%> (+2.31%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/test_cli.py	91.13% <61.11%> (+8.49%)	⬆️
cve_bin_tool/nvd_api.py	70.68% <0.00%> (-9.49%)	⬇️
cve_bin_tool/version_scanner.py	76.95% <0.00%> (+0.78%)	⬆️
cve_bin_tool/extractor.py	59.23% <0.00%> (+1.08%)	⬆️
cve_bin_tool/cli.py	72.60% <0.00%> (+2.60%)	⬆️
cve_bin_tool/checkers/glibc.py	100.00% <0.00%> (+4.16%)	⬆️
cve_bin_tool/available_fix/debian_cve_tracker.py	83.67% <0.00%> (+6.12%)	⬆️
cve_bin_tool/available_fix/redhat_cve_tracker.py	80.35% <0.00%> (+8.92%)	⬆️
test/test_scanner.py	74.61% <0.00%> (+12.30%)	⬆️
... and 5 more

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[terriko]

Turns out behaviour is a bit different on 3.7 (null bytes used to raise a different error) so I tweaked the test appropriately.

[nedsouza]

In the coverage diff, are we looking to stay in a particular range.

• Coverage 78.49% 80.81% +2.31%

[terriko]

There's no particular restriction on coverage, although I admit when it gets below 80% sometimes I go file bugs for particular areas that are missing testing, but that's just a source of potentially easy bugs for me to keep feeding into the system. ;)

[terriko]

I'm also hoping that we'll have a GSoC contributor to work on pushing our coverage numbers up a bit further:

• GSoC 2022 idea: get test coverage to 95% (stretch goal, 100%) #1525