chore: pretty-print JSON in snapshots (#647)

* chore: pretty-print JSON in snapshots

Otherwise, it can be very hard to review a PR that updates a snapshot.

Signed-off-by: Will Murphy <[email protected]>

* chore: track script, use orjson and indent 2

orjson is the preferred JSON package in this project, but only supports
indent 2. Track the script that formats the JSON snapshots, and switch
to indenting at 2 spaces to permit using orjson.

Signed-off-by: Will Murphy <[email protected]>

* chore: linter

Signed-off-by: Will Murphy <[email protected]>

* chore: track script as make target, not pyproject target

Since this script is not part of Vunnel, it should not be declared in
the pyproject.toml tool.poetry.scripts block.

Signed-off-by: Will Murphy <[email protected]>

---------

Signed-off-by: Will Murphy <[email protected]>

Makefile

@@ -111,6 +111,7 @@ lint-fix: virtual-env-check  ## Fix linting issues (ruff)
 .PHONY: format
 format: virtual-env-check  ## Format all code (black)
 	black src tests
+	poetry run python scripts/format-json-snapshots.py
 
 .PHONY: check-types
 check-types: virtual-env-check  ## Run type checks (mypy)

scripts/format-json-snapshots.py

@@ -0,0 +1,35 @@
+import os
+
+import orjson
+
+root_directory = "tests/unit/providers"
+
+
+def pretty_print_json_file(file_path):
+    try:
+        with open(file_path, "rb") as file:
+            existing = file.read()
+            data = orjson.loads(existing)
+
+        formatted = orjson.dumps(
+            data,
+            option=orjson.OPT_INDENT_2 | orjson.OPT_SORT_KEYS | orjson.OPT_APPEND_NEWLINE)
+        if formatted == existing:
+            return
+
+        with open(file_path, "wb") as file:
+            file.write(formatted)
+            print(f"Formatted: {file_path}")
+    except (OSError, orjson.JSONDecodeError) as e:
+        print(f"Error processing {file_path}: {e}")
+
+
+def main():
+    for dirpath, _, filenames in os.walk(root_directory):
+        if "test-fixtures/snapshots" in dirpath:
+            for filename in filenames:
+                if filename.endswith(".json"):
+                    file_path = os.path.join(dirpath, filename)
+                    pretty_print_json_file(file_path)
+
+    print("JSON formatting complete.")

tests/conftest.py

@@ -9,6 +9,7 @@
 import shutil
 
 import jsonschema
+import orjson
 import pytest
 
 
@@ -93,7 +94,11 @@ def assert_result_snapshots(self):
                 if not self.snapshot._snapshot_update and not os.path.exists(snapshot_abs_path):
                     missing_snapshot_files.append(snapshot_abs_path)
                 else:
-                    self.snapshot.assert_match(f.read() + "\n", snapshot_path)
+                    d = orjson.loads(f.read())
+                    expected_bytes = orjson.dumps(
+                        d, option=orjson.OPT_APPEND_NEWLINE | orjson.OPT_INDENT_2 | orjson.OPT_SORT_KEYS
+                    )
+                    self.snapshot.assert_match(expected_bytes, snapshot_path)
 
                     if snapshot_abs_path in expected_files_to_test:
                         expected_files_to_test.remove(snapshot_abs_path)

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-1071.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1071","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-1071","Description":"","Metadata":{},"Name":"CVE-2018-1071","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2018-1071",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zsh",
+          "NamespaceName": "alpine:3.15",
+          "Version": "5.4.2-r1",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2018-1071",
+      "Metadata": {},
+      "Name": "CVE-2018-1071",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-1083.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1083","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-1083","Description":"","Metadata":{},"Name":"CVE-2018-1083","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2018-1083",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zsh",
+          "NamespaceName": "alpine:3.15",
+          "Version": "5.4.2-r1",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2018-1083",
+      "Metadata": {},
+      "Name": "CVE-2018-1083",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-25032.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-25032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zlib","Version":"1.2.12-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-25032","Description":"","Metadata":{},"Name":"CVE-2018-25032","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2018-25032",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zlib",
+          "NamespaceName": "alpine:3.15",
+          "Version": "1.2.12-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2018-25032",
+      "Metadata": {},
+      "Name": "CVE-2018-25032",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-11922.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-11922","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.3.8-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-11922","Description":"","Metadata":{},"Name":"CVE-2019-11922","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2019-11922",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zstd",
+          "NamespaceName": "alpine:3.15",
+          "Version": "1.3.8-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2019-11922",
+      "Metadata": {},
+      "Name": "CVE-2019-11922",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-13132.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-13132","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.2-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-13132","Description":"","Metadata":{},"Name":"CVE-2019-13132","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2019-13132",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zeromq",
+          "NamespaceName": "alpine:3.15",
+          "Version": "4.3.2-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2019-13132",
+      "Metadata": {},
+      "Name": "CVE-2019-13132",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-20044.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-20044","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.8-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-20044","Description":"","Metadata":{},"Name":"CVE-2019-20044","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2019-20044",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zsh",
+          "NamespaceName": "alpine:3.15",
+          "Version": "5.8-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2019-20044",
+      "Metadata": {},
+      "Name": "CVE-2019-20044",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-6250.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-6250","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.1-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-6250","Description":"","Metadata":{},"Name":"CVE-2019-6250","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2019-6250",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zeromq",
+          "NamespaceName": "alpine:3.15",
+          "Version": "4.3.1-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2019-6250",
+      "Metadata": {},
+      "Name": "CVE-2019-6250",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-9210.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-9210","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"advancecomp","Version":"2.1-r2"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-9210","Description":"","Metadata":{},"Name":"CVE-2019-9210","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2019-9210",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "advancecomp",
+          "NamespaceName": "alpine:3.15",
+          "Version": "2.1-r2",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2019-9210",
+      "Metadata": {},
+      "Name": "CVE-2019-9210",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2020-14929.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-14929","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.23-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2020-14929","Description":"","Metadata":{},"Name":"CVE-2020-14929","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2020-14929",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "alpine",
+          "NamespaceName": "alpine:3.15",
+          "Version": "2.23-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2020-14929",
+      "Metadata": {},
+      "Name": "CVE-2020-14929",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2020-15166.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-15166","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.3-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2020-15166","Description":"","Metadata":{},"Name":"CVE-2020-15166","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2020-15166",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zeromq",
+          "NamespaceName": "alpine:3.15",
+          "Version": "4.3.3-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2020-15166",
+      "Metadata": {},
+      "Name": "CVE-2020-15166",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-24031.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24031","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.1-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-24031","Description":"","Metadata":{},"Name":"CVE-2021-24031","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2021-24031",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zstd",
+          "NamespaceName": "alpine:3.15",
+          "Version": "1.4.1-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2021-24031",
+      "Metadata": {},
+      "Name": "CVE-2021-24031",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-24032.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.9-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-24032","Description":"","Metadata":{},"Name":"CVE-2021-24032","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2021-24032",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "zstd",
+          "NamespaceName": "alpine:3.15",
+          "Version": "1.4.9-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2021-24032",
+      "Metadata": {},
+      "Name": "CVE-2021-24032",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-38370.json

@@ -1 +1,23 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-38370","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.25-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-38370","Description":"","Metadata":{},"Name":"CVE-2021-38370","CVSS":[]}}}
+{
+  "identifier": "3.15/cve-2021-38370",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [],
+      "Description": "",
+      "FixedIn": [
+        {
+          "Name": "alpine",
+          "NamespaceName": "alpine:3.15",
+          "Version": "2.25-r0",
+          "VersionFormat": "apk"
+        }
+      ],
+      "Link": "https://www.cve.org/CVERecord?id=CVE-2021-38370",
+      "Metadata": {},
+      "Name": "CVE-2021-38370",
+      "NamespaceName": "alpine:3.15",
+      "Severity": "Unknown"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}