mirror of
https://github.com/anchore/syft.git
synced 2026-03-30 05:33:24 +02:00
988041ba6d
* replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
218 lines
5.7 KiB
Go
218 lines
5.7 KiB
Go
package syftjson
|
|
|
|
import (
|
|
"flag"
|
|
"regexp"
|
|
"testing"
|
|
|
|
stereoFile "github.com/anchore/stereoscope/pkg/file"
|
|
"github.com/anchore/syft/syft/artifact"
|
|
"github.com/anchore/syft/syft/cpe"
|
|
"github.com/anchore/syft/syft/file"
|
|
"github.com/anchore/syft/syft/formats/internal/testutils"
|
|
"github.com/anchore/syft/syft/linux"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/anchore/syft/syft/sbom"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
var updateJson = flag.Bool("update-json", false, "update the *.golden files for json encoders")
|
|
|
|
func TestDirectoryEncoder(t *testing.T) {
|
|
testutils.AssertEncoderAgainstGoldenSnapshot(t,
|
|
Format(),
|
|
testutils.DirectoryInput(t),
|
|
*updateJson,
|
|
true,
|
|
schemaVersionRedactor,
|
|
)
|
|
}
|
|
|
|
func TestImageEncoder(t *testing.T) {
|
|
testImage := "image-simple"
|
|
testutils.AssertEncoderAgainstGoldenImageSnapshot(t,
|
|
Format(),
|
|
testutils.ImageInput(t, testImage, testutils.FromSnapshot()),
|
|
testImage,
|
|
*updateJson,
|
|
true,
|
|
schemaVersionRedactor,
|
|
)
|
|
}
|
|
|
|
func schemaVersionRedactor(s []byte) []byte {
|
|
pattern := regexp.MustCompile(`,?\s*"schema":\s*\{[^}]*}`)
|
|
out := pattern.ReplaceAll(s, []byte(""))
|
|
return out
|
|
}
|
|
|
|
func TestEncodeFullJSONDocument(t *testing.T) {
|
|
catalog := pkg.NewCatalog()
|
|
|
|
p1 := pkg.Package{
|
|
Name: "package-1",
|
|
Version: "1.0.1",
|
|
Locations: source.NewLocationSet(
|
|
source.Location{
|
|
Coordinates: source.Coordinates{
|
|
RealPath: "/a/place/a",
|
|
},
|
|
},
|
|
),
|
|
Type: pkg.PythonPkg,
|
|
FoundBy: "the-cataloger-1",
|
|
Language: pkg.Python,
|
|
MetadataType: pkg.PythonPackageMetadataType,
|
|
Licenses: []string{"MIT"},
|
|
Metadata: pkg.PythonPackageMetadata{
|
|
Name: "package-1",
|
|
Version: "1.0.1",
|
|
Files: []pkg.PythonFileRecord{},
|
|
},
|
|
PURL: "a-purl-1",
|
|
CPEs: []cpe.CPE{
|
|
cpe.Must("cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"),
|
|
},
|
|
}
|
|
|
|
p2 := pkg.Package{
|
|
Name: "package-2",
|
|
Version: "2.0.1",
|
|
Locations: source.NewLocationSet(
|
|
source.Location{
|
|
Coordinates: source.Coordinates{
|
|
RealPath: "/b/place/b",
|
|
},
|
|
},
|
|
),
|
|
Type: pkg.DebPkg,
|
|
FoundBy: "the-cataloger-2",
|
|
MetadataType: pkg.DpkgMetadataType,
|
|
Metadata: pkg.DpkgMetadata{
|
|
Package: "package-2",
|
|
Version: "2.0.1",
|
|
Files: []pkg.DpkgFileRecord{},
|
|
},
|
|
PURL: "a-purl-2",
|
|
CPEs: []cpe.CPE{
|
|
cpe.Must("cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"),
|
|
},
|
|
}
|
|
|
|
catalog.Add(p1)
|
|
catalog.Add(p2)
|
|
|
|
s := sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: catalog,
|
|
FileMetadata: map[source.Coordinates]source.FileMetadata{
|
|
source.NewLocation("/a/place").Coordinates: {
|
|
Mode: 0775,
|
|
Type: stereoFile.TypeDirectory,
|
|
UserID: 0,
|
|
GroupID: 0,
|
|
},
|
|
source.NewLocation("/a/place/a").Coordinates: {
|
|
Mode: 0775,
|
|
Type: stereoFile.TypeRegular,
|
|
UserID: 0,
|
|
GroupID: 0,
|
|
},
|
|
source.NewLocation("/b").Coordinates: {
|
|
Mode: 0775,
|
|
Type: stereoFile.TypeSymLink,
|
|
LinkDestination: "/c",
|
|
UserID: 0,
|
|
GroupID: 0,
|
|
},
|
|
source.NewLocation("/b/place/b").Coordinates: {
|
|
Mode: 0644,
|
|
Type: stereoFile.TypeRegular,
|
|
UserID: 1,
|
|
GroupID: 2,
|
|
},
|
|
},
|
|
FileDigests: map[source.Coordinates][]file.Digest{
|
|
source.NewLocation("/a/place/a").Coordinates: {
|
|
{
|
|
Algorithm: "sha256",
|
|
Value: "366a3f5653e34673b875891b021647440d0127c2ef041e3b1a22da2a7d4f3703",
|
|
},
|
|
},
|
|
source.NewLocation("/b/place/b").Coordinates: {
|
|
{
|
|
Algorithm: "sha256",
|
|
Value: "1b3722da2a7d90d033b87581a2a3f12021647445653e34666ef041e3b4f3707c",
|
|
},
|
|
},
|
|
},
|
|
FileContents: map[source.Coordinates]string{
|
|
source.NewLocation("/a/place/a").Coordinates: "the-contents",
|
|
},
|
|
LinuxDistribution: &linux.Release{
|
|
ID: "redhat",
|
|
Version: "7",
|
|
VersionID: "7",
|
|
IDLike: []string{
|
|
"rhel",
|
|
},
|
|
},
|
|
},
|
|
Relationships: []artifact.Relationship{
|
|
{
|
|
From: p1,
|
|
To: p2,
|
|
Type: artifact.OwnershipByFileOverlapRelationship,
|
|
Data: map[string]string{
|
|
"file": "path",
|
|
},
|
|
},
|
|
},
|
|
Source: source.Metadata{
|
|
ID: "c2b46b4eb06296933b7cf0722683964e9ecbd93265b9ef6ae9642e3952afbba0",
|
|
Scheme: source.ImageScheme,
|
|
ImageMetadata: source.ImageMetadata{
|
|
UserInput: "user-image-input",
|
|
ID: "sha256:c2b46b4eb06296933b7cf0722683964e9ecbd93265b9ef6ae9642e3952afbba0",
|
|
ManifestDigest: "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
|
MediaType: "application/vnd.docker.distribution.manifest.v2+json",
|
|
Tags: []string{
|
|
"stereoscope-fixture-image-simple:85066c51088bdd274f7a89e99e00490f666c49e72ffc955707cd6e18f0e22c5b",
|
|
},
|
|
Size: 38,
|
|
Layers: []source.LayerMetadata{
|
|
{
|
|
MediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip",
|
|
Digest: "sha256:3de16c5b8659a2e8d888b8ded8427be7a5686a3c8c4e4dd30de20f362827285b",
|
|
Size: 22,
|
|
},
|
|
{
|
|
MediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip",
|
|
Digest: "sha256:366a3f5653e34673b875891b021647440d0127c2ef041e3b1a22da2a7d4f3703",
|
|
Size: 16,
|
|
},
|
|
},
|
|
RawManifest: []byte("eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJh..."),
|
|
RawConfig: []byte("eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZp..."),
|
|
RepoDigests: []string{},
|
|
},
|
|
},
|
|
Descriptor: sbom.Descriptor{
|
|
Name: "syft",
|
|
Version: "v0.42.0-bogus",
|
|
// the application configuration should be persisted here, however, we do not want to import
|
|
// the application configuration in this package (it's reserved only for ingestion by the cmd package)
|
|
Configuration: map[string]string{
|
|
"config-key": "config-value",
|
|
},
|
|
},
|
|
}
|
|
|
|
testutils.AssertEncoderAgainstGoldenSnapshot(t,
|
|
Format(),
|
|
s,
|
|
*updateJson,
|
|
true,
|
|
)
|
|
}
|