From 71e22237ea810a4fbff6c32cbb8574ce7248e084 Mon Sep 17 00:00:00 2001
From: Evgeny Kiriyak <224408464+evkir@users.noreply.github.com>
Date: Thu, 18 Jun 2026 13:53:28 +0300
Subject: [PATCH] test(intel): skip real NVD tests on transient network
 failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Nightly slow job failed on a read timeout against the live NVD API for
CVE-2021-44228. The client returned a graceful error dict after 3 backoff
retries — correct behavior, not a regression. A transient transport
failure should skip, not fail the build.

Add _skip_on_transient() helper (timeout/connection/429/503) applied
before the error assertion in both real-NVD tests.
---
 tests/integration/test_real_intel.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/integration/test_real_intel.py b/tests/integration/test_real_intel.py
index 38f0c32..9edaa01 100644
--- a/tests/integration/test_real_intel.py
+++ b/tests/integration/test_real_intel.py
@@ -19,6 +19,17 @@
 )
 
 
+# NVD over the live network occasionally times out / rate-limits. A transient
+# transport failure is not a code regression, so skip rather than fail.
+_TRANSIENT = ("timed out", "timeout", "connection", "temporarily", "429", "503")
+
+
+def _skip_on_transient(result):
+    err = str(result.get("error", "")).lower()
+    if any(m in err for m in _TRANSIENT):
+        pytest.skip(f"NVD transient failure: {result.get('error')}")
+
+
 @skip_without_key
 def test_real_nvd_keyword_search_returns_high_severity_cve():
     """
@@ -27,6 +38,7 @@ def test_real_nvd_keyword_search_returns_high_severity_cve():
     """
     result = search_cves("openssh 7.4", max_results=10)
 
+    _skip_on_transient(result)
     assert "error" not in result, f"NVD failed: {result.get('error')}"
     cves = result.get("cves", [])
     assert len(cves) > 0, "expected at least one CVE for openssh 7.4"
@@ -47,6 +59,7 @@ def test_real_nvd_get_specific_cve_log4shell():
     """
     cve = get_cve("CVE-2021-44228")
 
+    _skip_on_transient(cve)
     assert "error" not in cve, f"NVD failed: {cve.get('error')}"
     assert cve.get("id") == "CVE-2021-44228"
     assert cve.get("cvss", {}).get("score") == 10.0