mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
b0ab75fd89
* remove existing cataloging API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add file cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add configs for cross-cutting concerns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename CLI option configs to not require import aliases later Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update all nested structs for the Catalog struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update Catalog cli options - add new cataloger selection options (selection and default) - remove the excludeBinaryOverlapByOwnership - deprecate "catalogers" flag - add new javascript configuration Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate relationship capabilities to separate internal package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor golang cataloger to use configuration options when creating packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create internal object to facilitate reading from and writing to an SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create a command-like object (task) to facilitate partial SBOM creation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cataloger selection capability - be able to parse string expressions into a set of resolved actions against sets - be able to use expressions to select/add/remove tasks to/from the final set of tasks to run Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package, file, and environment related tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update existing file catalogers to use nested UI elements Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOMConfig that drives the SBOM creation process Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * capture SBOM creation info as a struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOM() function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update docs with SBOM selection help + breaking changes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix multiple override default inputs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix deprecation flag printing to stdout Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor cataloger selection description to separate object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep expression errors and show specific suggestions only Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address additional review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address more review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * addressed additional PR review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix file selection references Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove guess language data generation option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for coordinatesForSelection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename relationship attributes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add descriptions to relationships config fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve documentation around configuration options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add explicit errors around legacy config entries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
88 lines
2.4 KiB
Go
88 lines
2.4 KiB
Go
package integration
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/anchore/syft/syft/format/syftjson"
|
|
syftjsonModel "github.com/anchore/syft/syft/format/syftjson/model"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func TestPackageOwnershipRelationships(t *testing.T) {
|
|
// ensure that the json encoder is applying artifact ownership with an image that has expected ownership relationships
|
|
tests := []struct {
|
|
fixture string
|
|
}{
|
|
{
|
|
fixture: "image-owning-package",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.fixture, func(t *testing.T) {
|
|
sbom, _ := catalogFixtureImage(t, test.fixture, source.SquashedScope)
|
|
|
|
output := bytes.NewBufferString("")
|
|
err := syftjson.NewFormatEncoder().Encode(output, sbom)
|
|
require.NoError(t, err)
|
|
|
|
var doc syftjsonModel.Document
|
|
decoder := json.NewDecoder(output)
|
|
if err := decoder.Decode(&doc); err != nil {
|
|
t.Fatalf("unable to decode json doc: %+v", err)
|
|
}
|
|
|
|
if len(doc.ArtifactRelationships) == 0 {
|
|
t.Errorf("expected to find relationships between packages but found none")
|
|
}
|
|
|
|
})
|
|
}
|
|
|
|
}
|
|
|
|
func TestPackageOwnershipExclusions(t *testing.T) {
|
|
// ensure that the json encoder is excluding packages by artifact ownership with an image that has expected ownership relationships
|
|
tests := []struct {
|
|
name string
|
|
fixture string
|
|
}{
|
|
{
|
|
name: "busybox binary is filtered based on ownership relationship",
|
|
fixture: "image-os-binary-overlap",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.fixture, func(t *testing.T) {
|
|
sbom, _ := catalogFixtureImage(t, test.fixture, source.SquashedScope)
|
|
binaryPackages := make([]pkg.Package, 0)
|
|
apkPackages := make([]pkg.Package, 0)
|
|
for p := range sbom.Artifacts.Packages.Enumerate() {
|
|
if p.Type == pkg.BinaryPkg && p.Name == "busybox" {
|
|
binaryPackages = append(binaryPackages, p)
|
|
}
|
|
if p.Type == pkg.ApkPkg && p.Name == "busybox" {
|
|
apkPackages = append(apkPackages, p)
|
|
}
|
|
}
|
|
|
|
if len(binaryPackages) != 0 {
|
|
packageNames := make([]string, 0)
|
|
for _, p := range binaryPackages {
|
|
packageNames = append(packageNames, p.Name)
|
|
}
|
|
t.Errorf("expected to find no binary packages but found %d packages: %v", len(binaryPackages), packageNames)
|
|
}
|
|
if len(apkPackages) == 0 {
|
|
t.Errorf("expected to find apk packages but found none")
|
|
}
|
|
})
|
|
}
|
|
}
|