From 39c945b19a482b9c1ee9ba2d4844ab8fc07a6e9e Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Tue, 9 Dec 2025 09:39:41 -0800 Subject: [PATCH] chore(e2e): skip feature-level FixedBy assertions The feature-level FixedBy field changes every time a new advisory is published for a package. This causes frequent E2E test failures that require manual updates to the test assertions. Analysis of git history shows that ~74% of commits to testcase_test.go are updates to FixedBy values - maintenance overhead with minimal test value since: 1. Per-vulnerability FixedBy is still validated (stable, per-RHSA) 2. Vulnerability detection (correct CVEs/RHSAs) is still tested 3. CVSS metadata (scores, vectors) is still tested 4. Feature identification (name, version, namespace) is still tested This change mirrors the approach already used in grpc_test.go which clears FixedBy before comparison. --- e2etests/grpc_full_test.go | 19 +++++-------------- e2etests/sanity_test.go | 5 +++++ 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/e2etests/grpc_full_test.go b/e2etests/grpc_full_test.go index 3066c5e5e..67d43d3fa 100644 --- a/e2etests/grpc_full_test.go +++ b/e2etests/grpc_full_test.go @@ -9,7 +9,6 @@ import ( "context" "fmt" "sort" - "strings" "testing" "github.com/stackrox/scanner/api/v1/features" @@ -96,22 +95,14 @@ func verifyImage(t *testing.T, imgScan *v1.Image, test testCase) { assert.Truef(t, foundMatch, "Expected to find %s in scan results\nFound the following: %s", expectedVuln.Name, matching.Vulnerabilities) } } - // Check feature FixedBy, and provide the related vulnerability if they differ. - if feature.GetFixedBy() != matching.GetFixedBy() { - var vulns []string - for _, v := range matching.GetVulnerabilities() { - if strings.Contains(v.GetFixedBy(), matching.GetFixedBy()) { - vulns = append(vulns, fmt.Sprintf("%s (FixedBy: %s)", v.GetName(), v.GetFixedBy())) - } - } - assert.Equalf(t, len(vulns), 0, "FixedBy: expecting %q, but found %q: Probably due to the following "+ - "vulnerabilities (verify if test case needs an update, or if it's a bug): %v)", - feature.GetFixedBy(), matching.GetFixedBy(), vulns) - } - feature.Vulnerabilities = nil matching.Vulnerabilities = nil + // Clear FixedBy as it changes frequently when new advisories are published. + // The per-vulnerability FixedBy is still checked above via checkGRPCMatch(). + feature.FixedBy = "" + matching.FixedBy = "" + // Ensure the parts of the feature aside from the provided executables and vulnerabilities are equal, too. assert.Equal(t, *feature, *matching) }) diff --git a/e2etests/sanity_test.go b/e2etests/sanity_test.go index d9c1c3106..bca846a75 100644 --- a/e2etests/sanity_test.go +++ b/e2etests/sanity_test.go @@ -144,6 +144,11 @@ func verifyImageHasExpectedFeatures(t *testing.T, client *client.Clairify, test feature.Vulnerabilities = nil matching.Vulnerabilities = nil + // Clear FixedBy as it changes frequently when new advisories are published. + // The per-vulnerability FixedBy is still checked above via checkMatch(). + feature.FixedBy = "" + matching.FixedBy = "" + // Ensure the parts of the feature aside from the provided executables and vulnerabilities are equal, too. assert.Equal(t, feature, *matching) })