mirror of
https://github.com/anchore/syft.git
synced 2025-11-22 02:43:19 +01:00
f6c8057977
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger. When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
89 lines
2.0 KiB
Go
89 lines
2.0 KiB
Go
package golang
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/anchore/syft/syft/cpe"
|
|
"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
|
|
)
|
|
|
|
func Test_Mod_Cataloger_Globs(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
fixture string
|
|
expected []string
|
|
}{
|
|
{
|
|
name: "obtain go.mod files",
|
|
fixture: "test-fixtures/glob-paths",
|
|
expected: []string{
|
|
"src/go.mod",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
pkgtest.NewCatalogTester().
|
|
FromDirectory(t, test.fixture).
|
|
ExpectsResolverContentQueries(test.expected).
|
|
IgnoreUnfulfilledPathResponses("src/go.sum").
|
|
TestCataloger(t, NewGoModFileCataloger(GoCatalogerOpts{}))
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_Binary_Cataloger_Globs(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
fixture string
|
|
expected []string
|
|
}{
|
|
{
|
|
name: "obtain binary files",
|
|
fixture: "test-fixtures/glob-paths",
|
|
expected: []string{
|
|
"partial-binary",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
pkgtest.NewCatalogTester().
|
|
FromDirectory(t, test.fixture).
|
|
ExpectsResolverContentQueries(test.expected).
|
|
TestCataloger(t, NewGoModuleBinaryCataloger(GoCatalogerOpts{}))
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_Binary_Cataloger_Stdlib_Cpe(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
candidate string
|
|
want string
|
|
}{
|
|
{
|
|
name: "generateStdlibCpe generates a cpe with a - for a major version",
|
|
candidate: "go1.21.0",
|
|
want: "cpe:2.3:a:golang:go:1.21.0:-:*:*:*:*:*:*",
|
|
},
|
|
{
|
|
name: "generateStdlibCpe generates a cpe with an rc candidate for a major rc version",
|
|
candidate: "go1.21rc2",
|
|
want: "cpe:2.3:a:golang:go:1.21:rc2:*:*:*:*:*:*",
|
|
},
|
|
}
|
|
|
|
for _, tc := range tests {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
got, err := generateStdlibCpe(tc.candidate)
|
|
assert.NoError(t, err, "expected no err; got %v", err)
|
|
assert.Equal(t, cpe.String(got), tc.want)
|
|
})
|
|
}
|
|
}
|