mirror of
https://github.com/anchore/syft.git
synced 2025-11-18 00:43:20 +01:00
ef627d82ef
* migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
52 lines
1.7 KiB
Go
52 lines
1.7 KiB
Go
package integration
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/anchore/syft/internal"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
)
|
|
|
|
func TestNpmPackageLockDirectory(t *testing.T) {
|
|
sbom, _ := catalogDirectory(t, "test-fixtures/npm-lock")
|
|
|
|
foundPackages := internal.NewStringSet()
|
|
|
|
for actualPkg := range sbom.Artifacts.PackageCatalog.Enumerate(pkg.NpmPkg) {
|
|
for _, actualLocation := range actualPkg.Locations {
|
|
if strings.Contains(actualLocation.RealPath, "node_modules") {
|
|
t.Errorf("found packages from package-lock.json in node_modules: %s", actualLocation)
|
|
}
|
|
}
|
|
foundPackages.Add(actualPkg.Name)
|
|
}
|
|
|
|
// ensure that integration test commonTestCases stay in sync with the available catalogers
|
|
const expectedPackageCount = 6
|
|
if len(foundPackages) != expectedPackageCount {
|
|
t.Errorf("found the wrong set of npm package-lock.json packages (expected: %d, actual: %d)", expectedPackageCount, len(foundPackages))
|
|
}
|
|
}
|
|
|
|
func TestYarnPackageLockDirectory(t *testing.T) {
|
|
sbom, _ := catalogDirectory(t, "test-fixtures/yarn-lock")
|
|
|
|
foundPackages := internal.NewStringSet()
|
|
|
|
for actualPkg := range sbom.Artifacts.PackageCatalog.Enumerate(pkg.NpmPkg) {
|
|
for _, actualLocation := range actualPkg.Locations {
|
|
if strings.Contains(actualLocation.RealPath, "node_modules") {
|
|
t.Errorf("found packages from yarn.lock in node_modules: %s", actualLocation)
|
|
}
|
|
}
|
|
foundPackages.Add(actualPkg.Name)
|
|
}
|
|
|
|
// ensure that integration test commonTestCases stay in sync with the available catalogers
|
|
const expectedPackageCount = 5
|
|
if len(foundPackages) != expectedPackageCount {
|
|
t.Errorf("found the wrong set of yarn.lock packages (expected: %d, actual: %d)", expectedPackageCount, len(foundPackages))
|
|
}
|
|
}
|