mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
1aaa644007
* [wip] Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * distinct the package metadata functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove metadata type from package core model Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review feedback for names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add RPM archive metadata and split parser helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * clarify the python package metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename the KB metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * break hackage and composer types by use case Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linting fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix encoding and decoding for syft-json and cyclonedx Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema to 11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-xml snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-tv snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update syft-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct metadata type in stack yaml parser test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix bom-ref redactor for cyclonedx-xml Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for legacy package metadata names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema v11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix legacy HackageMetadataType reflect type value check Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * packagemetadata discovery should account for type shadowing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema version to v12 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema to incorporate changes from main Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add syft-json legacy config option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests around v11-v12 json decoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add docs for SYFT_JSON_LEGACY Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename structs to be compliant with new naming scheme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
102 lines
4.1 KiB
Go
102 lines
4.1 KiB
Go
package cli
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestPowerUserCmdFlags(t *testing.T) {
|
|
secretsFixture := getFixtureImage(t, "image-secrets")
|
|
tests := []struct {
|
|
name string
|
|
args []string
|
|
env map[string]string
|
|
assertions []traitAssertion
|
|
}{
|
|
{
|
|
name: "no-args-shows-help",
|
|
args: []string{"power-user"},
|
|
assertions: []traitAssertion{
|
|
assertInOutput("an image/directory argument is required"), // specific error that should be shown
|
|
assertInOutput("Run bulk operations on container images"), // excerpt from help description
|
|
assertFailingReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-results-w-pkg-coverage",
|
|
args: []string{"power-user", "docker-archive:" + getFixtureImage(t, "image-pkg-coverage")},
|
|
assertions: []traitAssertion{
|
|
assertNotInOutput(" command is deprecated"), // only the root command should be deprecated
|
|
assertInOutput(`"type": "RegularFile"`), // proof of file-metadata data
|
|
assertInOutput(`"algorithm": "sha256"`), // proof of file-metadata default digest algorithm of sha256
|
|
assertInOutput(`"metadataType": "apk-db-entry"`), // proof of package artifacts data
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "content-cataloger-wired-up",
|
|
args: []string{"power-user", "docker-archive:" + secretsFixture},
|
|
env: map[string]string{
|
|
"SYFT_FILE_CONTENTS_GLOBS": "/api-key.txt",
|
|
},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"contents": "c29tZV9BcEkta0V5ID0gIjEyMzQ1QTdhOTAxYjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MCIK"`), // proof of the content cataloger
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-dir-results-w-pkg-coverage",
|
|
args: []string{"power-user", "dir:test-fixtures/image-pkg-coverage"},
|
|
assertions: []traitAssertion{
|
|
assertNotInOutput(" command is deprecated"), // only the root command should be deprecated
|
|
assertInOutput(`"type": "RegularFile"`), // proof of file-metadata data
|
|
assertInOutput(`"algorithm": "sha256"`), // proof of file-metadata default digest algorithm of sha256
|
|
assertInOutput(`"metadataType": "apk-db-entry"`), // proof of package artifacts data
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-secrets-results-w-reveal-values",
|
|
env: map[string]string{
|
|
"SYFT_SECRETS_REVEAL_VALUES": "true",
|
|
},
|
|
args: []string{"power-user", "docker-archive:" + secretsFixture},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"classification": "generic-api-key"`), // proof of the secrets cataloger finding something
|
|
assertInOutput(`"12345A7a901b345678901234567890123456789012345678901234567890"`), // proof of the secrets cataloger finding the api key
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-secret-results-dont-reveal-values",
|
|
args: []string{"power-user", "docker-archive:" + secretsFixture},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"classification": "generic-api-key"`), // proof of the secrets cataloger finding something
|
|
assertNotInOutput(`"12345A7a901b345678901234567890123456789012345678901234567890"`), // proof of the secrets cataloger finding the api key
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-secrets-dir-results-w-reveal-values",
|
|
env: map[string]string{
|
|
"SYFT_SECRETS_REVEAL_VALUES": "true",
|
|
},
|
|
args: []string{"power-user", "dir:test-fixtures/image-secrets-dir"},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"classification": "generic-api-key"`), // proof of the secrets cataloger finding something
|
|
assertInOutput(`"12345A7a901b345678901234567890123456789012345678901234567890"`), // proof of the secrets cataloger finding the api key
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
cmd, stdout, stderr := runSyftSafe(t, test.env, test.args...)
|
|
for _, traitFn := range test.assertions {
|
|
traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
|
|
}
|
|
logOutputOnFailure(t, cmd, stdout, stderr)
|
|
})
|
|
}
|
|
}
|