mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
ef627d82ef
* migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
52 lines
1.1 KiB
Go
52 lines
1.1 KiB
Go
package integration
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/anchore/syft/internal/formats/syftjson"
|
|
syftjsonModel "github.com/anchore/syft/internal/formats/syftjson/model"
|
|
)
|
|
|
|
func TestPackageOwnershipRelationships(t *testing.T) {
|
|
|
|
// ensure that the json presenter is applying artifact ownership with an image that has expected ownership relationships
|
|
tests := []struct {
|
|
fixture string
|
|
}{
|
|
{
|
|
fixture: "image-owning-package",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.fixture, func(t *testing.T) {
|
|
sbom, _ := catalogFixtureImage(t, test.fixture)
|
|
|
|
p := syftjson.Format().Presenter(sbom)
|
|
if p == nil {
|
|
t.Fatal("unable to get presenter")
|
|
}
|
|
|
|
output := bytes.NewBufferString("")
|
|
err := p.Present(output)
|
|
if err != nil {
|
|
t.Fatalf("unable to present: %+v", err)
|
|
}
|
|
|
|
var doc syftjsonModel.Document
|
|
decoder := json.NewDecoder(output)
|
|
if err := decoder.Decode(&doc); err != nil {
|
|
t.Fatalf("unable to decode json doc: %+v", err)
|
|
}
|
|
|
|
if len(doc.ArtifactRelationships) == 0 {
|
|
t.Errorf("expected to find relationships between packages but found none")
|
|
}
|
|
|
|
})
|
|
}
|
|
|
|
}
|