The raw code that makes up a virus is harmless on its own, it needs to be deployed in some way. In most cases, a virus is deployed when an unsuspecting user is tricked into doing so, whether that be through downloading and running a malicious executable, clicking a malicious email attachment, or plugging in a malicious piece of hardware.

Some very sophisticated viruses (or those targeting very insecure systems like printers) can self-deploy and spread without input from another user. Modern software is designed to be resistant to this sort of thing, so accomplishing it requires the exploitation of what are called zero-day vulnerabilities; that is vulnerabilities in software and/or hardware that are only known to the attacker. The infamous Stuxnet virus utilized 4 different zero-day vulnerabilities to infect Windows computers worldwide.

As other commenters have pointed out, testing a virus would need to involve an isolated system; something like a Virtual Machine, dedicated computer, or even an air-gapped network (that is a group of systems that have no physical way of connecting to the wider internet).