mirror of
https://github.com/anchore/syft
synced 2024-09-20 06:01:53 +00:00
7392d607b6
* split up sbom.Format into encode and decode ops Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cmd pkg to inject format configs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump cyclonedx schema to 1.5 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * redact image metadata from github encoder tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add more testing around format decoder identify Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test case for format version options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix CLI test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] - review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep encoder creation out of post load function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep decider and identify functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add a few more doc comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove format encoder default function helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * move back to streaming based decode functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * with common convention for encoder constructors Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests and allow for encoders to be created from cli options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * buffer reads from stdin to support seeking Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
139 lines
3.5 KiB
Go
139 lines
3.5 KiB
Go
package cli
|
|
|
|
import (
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/anchore/stereoscope/pkg/imagetest"
|
|
"github.com/anchore/syft/syft/format/cyclonedxjson"
|
|
)
|
|
|
|
// We have schema validation mechanims in schema/cyclonedx/
|
|
// This test allows us to double check that validation against the cyclonedx-cli tool
|
|
func TestValidCycloneDX(t *testing.T) {
|
|
imageFixture := func(t *testing.T) string {
|
|
fixtureImageName := "image-pkg-coverage"
|
|
imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName)
|
|
tarPath := imagetest.GetFixtureImageTarPath(t, fixtureImageName)
|
|
return "docker-archive:" + tarPath
|
|
}
|
|
|
|
// TODO update image to exercise entire cyclonedx schema
|
|
tests := []struct {
|
|
name string
|
|
subcommand string
|
|
args []string
|
|
fixture func(*testing.T) string
|
|
assertions []traitAssertion
|
|
}{
|
|
{
|
|
name: "validate cyclonedx output",
|
|
subcommand: "packages",
|
|
args: []string{"-o", "cyclonedx-json"},
|
|
fixture: imageFixture,
|
|
assertions: []traitAssertion{
|
|
assertSuccessfulReturnCode,
|
|
assertValidCycloneDX,
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
fixtureRef := test.fixture(t)
|
|
args := []string{
|
|
test.subcommand, fixtureRef, "-q",
|
|
}
|
|
args = append(args, test.args...)
|
|
|
|
cmd, stdout, stderr := runSyft(t, nil, args...)
|
|
for _, traitFn := range test.assertions {
|
|
traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
|
|
}
|
|
logOutputOnFailure(t, cmd, stdout, stderr)
|
|
|
|
validateCycloneDXJSON(t, stdout)
|
|
})
|
|
}
|
|
}
|
|
|
|
func assertValidCycloneDX(tb testing.TB, stdout, stderr string, rc int) {
|
|
tb.Helper()
|
|
f, err := os.CreateTemp("", "tmpfile-")
|
|
if err != nil {
|
|
tb.Fatal(err)
|
|
}
|
|
|
|
// close and remove the temporary file at the end of the program
|
|
defer f.Close()
|
|
defer os.Remove(f.Name())
|
|
|
|
data := []byte(stdout)
|
|
|
|
if _, err := f.Write(data); err != nil {
|
|
tb.Fatal(err)
|
|
}
|
|
|
|
args := []string{
|
|
"validate",
|
|
"--input-format",
|
|
"json",
|
|
"--input-version",
|
|
"v1_4",
|
|
"--input-file",
|
|
"/sbom",
|
|
}
|
|
|
|
cmd, stdout, stderr := runCycloneDXInDocker(tb, nil, "cyclonedx/cyclonedx-cli", f, args...)
|
|
if cmd.ProcessState.ExitCode() != 0 {
|
|
tb.Errorf("expected no validation failures for cyclonedx-cli but got rc=%d", rc)
|
|
}
|
|
|
|
logOutputOnFailure(tb, cmd, stdout, stderr)
|
|
}
|
|
|
|
// validate --input-format json --input-version v1_4 --input-file bom.json
|
|
func validateCycloneDXJSON(t *testing.T, stdout string) {
|
|
f, err := os.CreateTemp("", "tmpfile-")
|
|
require.NoError(t, err)
|
|
|
|
// close and remove the temporary file at the end of the program
|
|
t.Cleanup(func() {
|
|
assert.NoError(t, f.Close())
|
|
assert.NoError(t, os.Remove(f.Name()))
|
|
})
|
|
|
|
data := []byte(stdout)
|
|
|
|
if _, err := f.Write(data); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// get the latest supported version of CycloneDX by syft and convert the expression to the format used by cyclonedx-cli
|
|
// e.g. "1.5" -> "v1_5"
|
|
versions := cyclonedxjson.SupportedVersions()
|
|
version := versions[len(versions)-1]
|
|
versionInput := "v" + strings.Replace(version, ".", "_", -1)
|
|
|
|
args := []string{
|
|
"validate",
|
|
"--input-format",
|
|
"json",
|
|
"--input-version",
|
|
versionInput,
|
|
"--input-file",
|
|
"/sbom",
|
|
}
|
|
|
|
cmd, stdout, stderr := runCycloneDXInDocker(t, nil, "cyclonedx/cyclonedx-cli", f, args...)
|
|
if strings.Contains(stdout, "BOM is not valid") {
|
|
t.Log("STDOUT:\n", stdout)
|
|
t.Errorf("expected no validation failures for cyclonedx-cli but found invalid BOM")
|
|
}
|
|
|
|
logOutputOnFailure(t, cmd, stdout, stderr)
|
|
}
|