From 91f2f33df75c3010908c31223cb6aa502e83708b Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Thu, 19 Jan 2023 17:55:36 -0500 Subject: [PATCH] test: adds unit tests for SBOM data conversions Signed-off-by: Jennifer Power --- components/components.go | 2 +- components/conversion_test.go | 173 ++++++++++++++++++++++++++++++++++ components/doc.go | 2 +- 3 files changed, 175 insertions(+), 2 deletions(-) create mode 100644 components/conversion_test.go diff --git a/components/components.go b/components/components.go index 6c4e2802..2909f0ca 100644 --- a/components/components.go +++ b/components/components.go @@ -12,7 +12,7 @@ import ( "github.com/emporous/emporous-go/version" ) -const ApplicationName = "uor" +const ApplicationName = "emporous" // GenerateInventory generates an inventory based on input and DatasetConfiguration information. func GenerateInventory(input string, config clientapi.DataSetConfiguration) (*sbom.SBOM, error) { diff --git a/components/conversion_test.go b/components/conversion_test.go new file mode 100644 index 00000000..8f6c12e4 --- /dev/null +++ b/components/conversion_test.go @@ -0,0 +1,173 @@ +package components + +import ( + "testing" + + "github.com/anchore/syft/syft/linux" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/sbom" + "github.com/anchore/syft/syft/source" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/stretchr/testify/require" + + "github.com/emporous/emporous-go/nodes/descriptor" +) + +func TestInventoryToProperties(t *testing.T) { + inv := makeSBOM() + type spec struct { + name string + inputProp descriptor.Properties + path string + assertFunc func(properties descriptor.Properties) bool + expError string + } + + cases := []spec{ + { + name: "Success/EmptyProperties", + inputProp: descriptor.Properties{}, + assertFunc: func(properties descriptor.Properties) bool { + return properties.Descriptor != nil && properties.Descriptor.Name == "package-1" + }, + path: "testpath-1", + }, + { + name: "Success/PropertiesMerge", + inputProp: descriptor.Properties{ + Runtime: &ocispec.ImageConfig{ + User: "test", + }, + }, + assertFunc: func(properties descriptor.Properties) bool { + if properties.Descriptor == nil || properties.Descriptor.Name != "package-2" { + return false + } + + if properties.Runtime.User != "test" { + return false + } + + return true + }, + path: "testpath-2", + }, + { + name: "Success/PackageNotFound", + inputProp: descriptor.Properties{}, + assertFunc: func(properties descriptor.Properties) bool { + return properties.Descriptor == nil + }, + path: "notthere", + }, + { + name: "Failure/TooManyPackagesFound", + inputProp: descriptor.Properties{}, + expError: "incorrect number of components found for testpath-3, expected 1, got 2", + path: "testpath-3", + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + props := &c.inputProp + err := InventoryToProperties(inv, c.path, props) + if c.expError != "" { + require.EqualError(t, err, c.expError) + } else { + require.NoError(t, err) + require.True(t, c.assertFunc(*props)) + } + }) + } +} + +func makeSBOM() sbom.SBOM { + catalog := pkg.NewCatalog() + location1 := source.NewLocation("testpath-1") + catalog.Add(pkg.Package{ + Name: "package-1", + Version: "1.0.1", + Locations: source.NewLocationSet(location1), + Type: pkg.PythonPkg, + FoundBy: "the-cataloger-1", + Language: pkg.Python, + MetadataType: pkg.PythonPackageMetadataType, + Licenses: []string{"MIT"}, + Metadata: pkg.PythonPackageMetadata{ + Name: "package-1", + Version: "1.0.1", + }, + PURL: "a-purl-1", // intentionally a bad pURL for test fixtures + CPEs: []pkg.CPE{ + pkg.MustCPE("cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"), + }, + }) + location2 := source.NewLocation("testpath-2") + catalog.Add(pkg.Package{ + Name: "package-2", + Version: "2.0.1", + Locations: source.NewLocationSet(location2), + Type: pkg.DebPkg, + FoundBy: "the-cataloger-2", + MetadataType: pkg.DpkgMetadataType, + Metadata: pkg.DpkgMetadata{ + Package: "package-2", + Version: "2.0.1", + }, + PURL: "pkg:deb/debian/package-2@2.0.1", + CPEs: []pkg.CPE{ + pkg.MustCPE("cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"), + }, + }) + location3 := source.NewLocation("testpath-3") + catalog.Add(pkg.Package{ + Name: "package-3", + Version: "3.0.1", + Locations: source.NewLocationSet(location3), + Type: pkg.DebPkg, + FoundBy: "the-cataloger-3", + MetadataType: pkg.DpkgMetadataType, + Metadata: pkg.DpkgMetadata{ + Package: "package-3", + Version: "3.0.1", + }, + PURL: "pkg:deb/debian/package-3@3.0.1", + CPEs: []pkg.CPE{ + pkg.MustCPE("cpe:2.3:*:some:package:3:*:*:*:*:*:*:*"), + }, + }) + catalog.Add(pkg.Package{ + Name: "package-4", + Version: "4.0.1", + Locations: source.NewLocationSet(location3), + Type: pkg.DebPkg, + FoundBy: "the-cataloger-4", + MetadataType: pkg.DpkgMetadataType, + Metadata: pkg.DpkgMetadata{ + Package: "package-4", + Version: "4.0.1", + }, + PURL: "pkg:deb/debian/package-4@4.0.1", + CPEs: []pkg.CPE{ + pkg.MustCPE("cpe:2.3:*:some:package:4:*:*:*:*:*:*:*"), + }, + }) + return sbom.SBOM{ + Artifacts: sbom.Artifacts{ + PackageCatalog: catalog, + LinuxDistribution: &linux.Release{ + PrettyName: "debian", + Name: "debian", + ID: "debian", + IDLike: []string{"like!"}, + Version: "1.2.3", + VersionID: "1.2.3", + }, + }, + Descriptor: sbom.Descriptor{ + Name: "test", + Version: "test", + }, + } +} diff --git a/components/doc.go b/components/doc.go index a8574910..cbae5f2a 100644 --- a/components/doc.go +++ b/components/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2022 UOR-Framework Authors. +Copyright 2023 Emporous Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at