mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
b0ab75fd89
* remove existing cataloging API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add file cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add configs for cross-cutting concerns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename CLI option configs to not require import aliases later Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update all nested structs for the Catalog struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update Catalog cli options - add new cataloger selection options (selection and default) - remove the excludeBinaryOverlapByOwnership - deprecate "catalogers" flag - add new javascript configuration Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate relationship capabilities to separate internal package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor golang cataloger to use configuration options when creating packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create internal object to facilitate reading from and writing to an SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create a command-like object (task) to facilitate partial SBOM creation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cataloger selection capability - be able to parse string expressions into a set of resolved actions against sets - be able to use expressions to select/add/remove tasks to/from the final set of tasks to run Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package, file, and environment related tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update existing file catalogers to use nested UI elements Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOMConfig that drives the SBOM creation process Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * capture SBOM creation info as a struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOM() function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update docs with SBOM selection help + breaking changes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix multiple override default inputs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix deprecation flag printing to stdout Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor cataloger selection description to separate object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep expression errors and show specific suggestions only Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address additional review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address more review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * addressed additional PR review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix file selection references Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove guess language data generation option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for coordinatesForSelection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename relationship attributes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add descriptions to relationships config fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve documentation around configuration options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add explicit errors around legacy config entries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
98 lines
2.7 KiB
Go
98 lines
2.7 KiB
Go
//go:build !arm64
|
|
|
|
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func TestPackageDeduplication(t *testing.T) {
|
|
tests := []struct {
|
|
scope source.Scope
|
|
packageCount int
|
|
instanceCount map[string]int
|
|
locationCount map[string]int
|
|
}{
|
|
{
|
|
scope: source.AllLayersScope,
|
|
packageCount: 172, // without deduplication this would be 618
|
|
instanceCount: map[string]int{
|
|
"basesystem": 1,
|
|
"wget": 1,
|
|
"curl": 2, // upgraded in the image
|
|
"vsftpd": 1,
|
|
"httpd": 1, // rpm, - we exclude binary
|
|
},
|
|
locationCount: map[string]int{
|
|
"basesystem-10.0-7.el7.centos": 4,
|
|
"curl-7.29.0-59.el7": 1, // from base image
|
|
"curl-7.29.0-59.el7_9.1": 3, // upgrade
|
|
"wget-1.14-18.el7_6.1": 3,
|
|
"vsftpd-3.0.2-29.el7_9": 2,
|
|
"httpd-2.4.6-97.el7.centos.5": 1,
|
|
// "httpd-2.4.6": 1, // binary
|
|
},
|
|
},
|
|
{
|
|
scope: source.SquashedScope,
|
|
packageCount: 170,
|
|
instanceCount: map[string]int{
|
|
"basesystem": 1,
|
|
"wget": 1,
|
|
"curl": 1, // upgraded, but the most recent
|
|
"vsftpd": 1,
|
|
"httpd": 1, // rpm, binary is now excluded by overlap
|
|
},
|
|
locationCount: map[string]int{
|
|
"basesystem-10.0-7.el7.centos": 1,
|
|
"curl-7.29.0-59.el7_9.1": 1, // upgrade
|
|
"wget-1.14-18.el7_6.1": 1,
|
|
"vsftpd-3.0.2-29.el7_9": 1,
|
|
"httpd-2.4.6-97.el7.centos.5": 1,
|
|
// "httpd-2.4.6": 1, // binary (excluded)
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(string(tt.scope), func(t *testing.T) {
|
|
sbom, _ := catalogFixtureImage(t, "image-vertical-package-dups", tt.scope)
|
|
for _, p := range sbom.Artifacts.Packages.Sorted() {
|
|
if p.Type == pkg.BinaryPkg {
|
|
assert.NotEmpty(t, p.Name)
|
|
}
|
|
}
|
|
|
|
assert.Equal(t, tt.packageCount, sbom.Artifacts.Packages.PackageCount())
|
|
for name, expectedInstanceCount := range tt.instanceCount {
|
|
pkgs := sbom.Artifacts.Packages.PackagesByName(name)
|
|
|
|
// with multiple packages with the same name, something is wrong (or this is the wrong fixture)
|
|
require.Len(t, pkgs, expectedInstanceCount)
|
|
|
|
for _, p := range pkgs {
|
|
nameVersion := fmt.Sprintf("%s-%s", name, p.Version)
|
|
expectedLocationCount, ok := tt.locationCount[nameVersion]
|
|
if !ok {
|
|
t.Fatalf("missing name-version: %s", nameVersion)
|
|
}
|
|
|
|
// we should see merged locations (assumption, there was 1 location for each package)
|
|
assert.Len(t, p.Locations.ToSlice(), expectedLocationCount)
|
|
|
|
// all paths should match
|
|
assert.Len(t, p.Locations.CoordinateSet().Paths(), 1)
|
|
}
|
|
}
|
|
|
|
})
|
|
}
|
|
}
|