oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/cmd/syft/internal/test/integration/go_compiler_detection_test.go
William Murphy b7a6d5e946
feat: Record where CPEs come from (#2552) 
Syft can get CPEs from several source, including generating them based on
package data, finding them in the NVD CPE dictionary, or finding them declared
in a manifest or existing SBOM. Record where Syft got CPEs so that consumers of
SBOMs can reason about how trustworthy they are.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-02 16:17:52 +00:00

63 lines
1.9 KiB
Go
Raw Blame History

package integration
import (
"testing"
"github.com/anchore/syft/syft/cpe"
"github.com/anchore/syft/syft/source"
)
func TestGolangCompilerDetection(t *testing.T) {
tests := []struct {
name string
image string
expectedCompilers []string
expectedCPE []cpe.CPE
expectedPURL []string
}{
{
name: "syft can detect a single golang compiler given the golang base image",
image: "image-golang-compiler",
expectedCompilers: []string{"go1.18.10"},
expectedCPE: []cpe.CPE{cpe.Must("cpe:2.3:a:golang:go:1.18.10:-:*:*:*:*:*:*", cpe.GeneratedSource)},
expectedPURL: []string{"pkg:golang/stdlib@1.18.10"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sbom, _ := catalogFixtureImage(t, tt.image, source.SquashedScope)
packages := sbom.Artifacts.Packages.PackagesByName("stdlib")
foundCompilerVersions := make(map[string]struct{})
foundCPE := make(map[cpe.CPE]struct{})
foundPURL := make(map[string]struct{})
for _, pkg := range packages {
foundCompilerVersions[pkg.Version] = struct{}{}
foundPURL[pkg.PURL] = struct{}{}
for _, cpe := range pkg.CPEs {
foundCPE[cpe] = struct{}{}
}
}
for _, expectedCompiler := range tt.expectedCompilers {
if _, ok := foundCompilerVersions[expectedCompiler]; !ok {
t.Fatalf("expected %s version; not found in found compilers: %v", expectedCompiler, foundCompilerVersions)
}
}
for _, expectedPURL := range tt.expectedPURL {
if _, ok := foundPURL[expectedPURL]; !ok {
t.Fatalf("expected %s purl; not found in found purl: %v", expectedPURL, expectedPURLs)
}
}
for _, expectedCPE := range tt.expectedCPE {
if _, ok := foundCPE[expectedCPE]; !ok {
t.Fatalf("expected %s version; not found in found cpe: %v", expectedCPE, expectedCPE)
}
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink