chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706)

This commit is contained in:
dependabot[bot] 2023-04-24 10:20:12 -04:00 committed by GitHub
parent 13485ca5e7
commit 8102ad4edc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 43 additions and 42 deletions

2
go.mod
View file

@ -49,7 +49,7 @@ require (
)
require (
github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce
github.com/CycloneDX/cyclonedx-go v0.7.1
github.com/Masterminds/sprig/v3 v3.2.3
github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
github.com/anchore/stereoscope v0.0.0-20230412183729-8602f1afc574

4
go.sum
View file

@ -54,8 +54,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce h1:o5r3msApzvtE5LhcMkxWaKernD/PK0HpMccu7ywBj5Q=
github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce/go.mod h1:XURd0m8zvnLE5aIRqg6JOVRl7qZ/pWBtuFa9EHjQwFc=
github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE=
github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ=
github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=

View file

@ -33,14 +33,18 @@ func TestCycloneDxImageEncoder(t *testing.T) {
}
func cycloneDxRedactor(s []byte) []byte {
serialPattern := regexp.MustCompile(`urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
rfc3339Pattern := regexp.MustCompile(`([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([+|\-]([01][0-9]|2[0-3]):[0-5][0-9]))`)
sha256Pattern := regexp.MustCompile(`sha256:[A-Fa-f0-9]{64}`)
for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, sha256Pattern} {
s = pattern.ReplaceAll(s, []byte(""))
replacements := map[string]string{
// UUIDs
`urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`: `urn:uuid:redacted`,
// timestamps
`([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([+|\-]([01][0-9]|2[0-3]):[0-5][0-9]))`: `timestamp:redacted`,
// image hashes
`sha256:[A-Fa-f0-9]{64}`: `sha256:redacted`,
// bom-refs
`"bom-ref":\s*"[^"]+"`: `"bom-ref": "redacted"`,
}
for pattern, replacement := range replacements {
s = regexp.MustCompile(pattern).ReplaceAll(s, []byte(replacement))
}
// the bom-ref will be autogenerated every time, the value here should not be directly tested in snapshot tests
s = regexp.MustCompile(`\s+"bom-ref":\s*"[^"]+",?\n`).ReplaceAll(s, []byte(""))
return s
}

View file

@ -1,10 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:0b628da1-274e-4c24-821c-f9452f37db54",
"serialNumber": "urn:uuid:redacted",
"version": 1,
"metadata": {
"timestamp": "2022-12-22T18:33:51-05:00",
"timestamp": "timestamp:redacted",
"tools": [
{
"vendor": "anchore",
@ -13,14 +14,14 @@
}
],
"component": {
"bom-ref": "163686ac6e30c752",
"bom-ref": "redacted",
"type": "file",
"name": "/some/path"
}
},
"components": [
{
"bom-ref": "1b1d0be59ac59d2c",
"bom-ref": "redacted",
"type": "library",
"name": "package-1",
"version": "1.0.1",
@ -57,7 +58,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3",
"bom-ref": "redacted",
"type": "library",
"name": "package-2",
"version": "2.0.1",

View file

@ -1,10 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:542fc1a1-81ac-4b76-b9e2-8e6b9d8c840a",
"serialNumber": "urn:uuid:redacted",
"version": 1,
"metadata": {
"timestamp": "2022-12-22T18:33:51-05:00",
"timestamp": "timestamp:redacted",
"tools": [
{
"vendor": "anchore",
@ -13,15 +14,15 @@
}
],
"component": {
"bom-ref": "ffd645a093c0fe70",
"bom-ref": "redacted",
"type": "container",
"name": "user-image-input",
"version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
"version": "sha256:redacted"
}
},
"components": [
{
"bom-ref": "66ba429119b8bec6",
"bom-ref": "redacted",
"type": "library",
"name": "package-1",
"version": "1.0.1",
@ -53,7 +54,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:62058900d4ce269c900160b8dd255fe310c3a459dda236d041102fa070f84406"
"value": "sha256:redacted"
},
{
"name": "syft:location:0:path",
@ -62,7 +63,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=958443e2d9304af4",
"bom-ref": "redacted",
"type": "library",
"name": "package-2",
"version": "2.0.1",
@ -83,7 +84,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:623ad97366f39ae279f1925673cdacb4851ddf2e3266f04e63010ec080a098c1"
"value": "sha256:redacted"
},
{
"name": "syft:location:0:path",

View file

@ -47,21 +47,14 @@ func AssertEncoderAgainstGoldenImageSnapshot(t *testing.T, format sbom.Format, s
err := format.Encode(&buffer, sbom)
assert.NoError(t, err)
actual := buffer.Bytes()
actual := redact(buffer.Bytes(), redactors...)
// replace the expected snapshot contents with the current encoder contents
if updateSnapshot {
testutils.UpdateGoldenFileContents(t, actual)
}
var expected = testutils.GetGoldenFileContents(t)
// remove dynamic values, which should be tested independently
redactors = append(redactors, carriageRedactor)
for _, r := range redactors {
actual = r(actual)
expected = r(expected)
}
expected := redact(testutils.GetGoldenFileContents(t), redactors...)
if json {
require.JSONEq(t, string(expected), string(actual))
@ -78,21 +71,14 @@ func AssertEncoderAgainstGoldenSnapshot(t *testing.T, format sbom.Format, sbom s
err := format.Encode(&buffer, sbom)
assert.NoError(t, err)
actual := buffer.Bytes()
actual := redact(buffer.Bytes(), redactors...)
// replace the expected snapshot contents with the current encoder contents
if updateSnapshot {
testutils.UpdateGoldenFileContents(t, actual)
}
var expected = testutils.GetGoldenFileContents(t)
// remove dynamic values, which should be tested independently
redactors = append(redactors, carriageRedactor)
for _, r := range redactors {
actual = r(actual)
expected = r(expected)
}
expected := redact(testutils.GetGoldenFileContents(t), redactors...)
if json {
require.JSONEq(t, string(expected), string(actual))
@ -390,3 +376,12 @@ func AddSampleFileRelationships(s *sbom.SBOM) {
})
}
}
// remove dynamic values, which should be tested independently
func redact(b []byte, redactors ...redactor) []byte {
redactors = append(redactors, carriageRedactor)
for _, r := range redactors {
b = r(b)
}
return b
}