oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/test/cli/packages_cmd_test.go
Dan Luhring f98868b55e
Find Java package versions in additional manifest sections (#673) 
* Add failing test for missing versions

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Look through all named sections for version

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Consistent installation of yajsv

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Adjust output text for test assertion

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
2021-12-13 15:39:42 -05:00

253 lines
8.0 KiB
Go
Raw Blame History

package cli
import (
"strings"
"testing"
)
func TestPackagesCmdFlags(t *testing.T) {
coverageImage := "docker-archive:" + getFixtureImage(t, "image-pkg-coverage")
badBinariesImage := "docker-archive:" + getFixtureImage(t, "image-bad-binaries")
tests := []struct {
name string
args []string
env map[string]string
assertions []traitAssertion
}{
{
name: "no-args-shows-help",
args: []string{"packages"},
assertions: []traitAssertion{
assertInOutput("an image/directory argument is required"), // specific error that should be shown
assertInOutput("Generate a packaged-based Software Bill Of Materials"), // excerpt from help description
assertFailingReturnCode,
},
},
{
name: "json-output-flag",
args: []string{"packages", "-o", "json", coverageImage},
assertions: []traitAssertion{
assertJsonReport,
assertSuccessfulReturnCode,
},
},
{
name: "regression-survive-bad-binaries",
// this image has all sorts of rich binaries from the clang-13 test suite that should do pretty bad things
// to the go cataloger binary path. We should NEVER let a panic stop the cataloging process for these
// specific cases.
// this is more of an integration test, however, to assert the output we want to see from the application
// a CLI test is much easier.
args: []string{"packages", "-vv", badBinariesImage},
assertions: []traitAssertion{
assertInOutput("could not parse possible go binary"),
assertSuccessfulReturnCode,
},
},
{
name: "output-env-binding",
env: map[string]string{
"SYFT_OUTPUT": "json",
},
args: []string{"packages", coverageImage},
assertions: []traitAssertion{
assertJsonReport,
assertSuccessfulReturnCode,
},
},
{
name: "table-output-flag",
args: []string{"packages", "-o", "table", coverageImage},
assertions: []traitAssertion{
assertTableReport,
assertSuccessfulReturnCode,
},
},
{
name: "default-output-flag",
args: []string{"packages", coverageImage},
assertions: []traitAssertion{
assertTableReport,
assertSuccessfulReturnCode,
},
},
{
name: "squashed-scope-flag",
args: []string{"packages", "-o", "json", "-s", "squashed", coverageImage},
assertions: []traitAssertion{
assertPackageCount(20),
assertSuccessfulReturnCode,
},
},
{
name: "all-layers-scope-flag",
args: []string{"packages", "-o", "json", "-s", "all-layers", coverageImage},
assertions: []traitAssertion{
assertPackageCount(22),
assertSuccessfulReturnCode,
},
},
{
name: "all-layers-scope-flag-by-env",
args: []string{"packages", "-o", "json", coverageImage},
env: map[string]string{
"SYFT_PACKAGE_CATALOGER_SCOPE": "all-layers",
},
assertions: []traitAssertion{
assertPackageCount(22),
assertSuccessfulReturnCode,
},
},
{
name: "attempt-upload-on-cli-switches",
args: []string{"packages", "-vv", "-H", "localhost:8080", "-u", "the-username", "-d", "test-fixtures/image-pkg-coverage/Dockerfile", "--overwrite-existing-image", coverageImage},
env: map[string]string{
"SYFT_ANCHORE_PATH": "path/to/api",
"SYFT_ANCHORE_PASSWORD": "the-password",
},
assertions: []traitAssertion{
// we cannot easily assert a successful upload behavior, so instead we are doing the next best thing
// and asserting that the parsed configuration has the expected values and we see log entries
// indicating an upload attempt.
assertNotInOutput("the-username"),
assertNotInOutput("the-password"),
assertInOutput("uploading results to localhost:8080"),
assertInOutput(`dockerfile: test-fixtures/image-pkg-coverage/Dockerfile`),
assertInOutput(`overwrite-existing-image: true`),
assertInOutput(`path: path/to/api`),
assertInOutput(`host: localhost:8080`),
assertFailingReturnCode, // upload can't go anywhere, so if this passes that would be surprising
},
},
{
name: "dockerfile-without-upload-is-invalid",
args: []string{"packages", "-vv", "-d", "test-fixtures/image-pkg-coverage/Dockerfile", coverageImage},
assertions: []traitAssertion{
assertNotInOutput("uploading results to localhost:8080"),
assertInOutput("invalid application config: cannot provide dockerfile option without enabling upload"),
assertFailingReturnCode,
},
},
{
name: "attempt-upload-with-env-host-set",
args: []string{"packages", "-vv", coverageImage},
env: map[string]string{
"SYFT_ANCHORE_HOST": "localhost:8080",
},
assertions: []traitAssertion{
assertInOutput("uploading results to localhost:8080"),
assertFailingReturnCode, // upload can't go anywhere, so if this passes that would be surprising
},
},
{
// we want to make certain that syft can catalog a single go binary and get a SBOM report that is not empty
name: "catalog-single-go-binary",
args: []string{"packages", "-o", "json", getSyftBinaryLocation(t)},
assertions: []traitAssertion{
assertJsonReport,
assertStdoutLengthGreaterThan(1000),
assertSuccessfulReturnCode,
},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
cmd, stdout, stderr := runSyft(t, test.env, test.args...)
for _, traitFn := range test.assertions {
traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
}
if t.Failed() {
t.Log("STDOUT:\n", stdout)
t.Log("STDERR:\n", stderr)
t.Log("COMMAND:", strings.Join(cmd.Args, " "))
}
})
}
}
func TestRegistryAuth(t *testing.T) {
tests := []struct {
name string
args []string
env map[string]string
assertions []traitAssertion
}{
{
name: "fallback to keychain",
args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"},
assertions: []traitAssertion{
assertInOutput("source=OciRegistry"),
assertInOutput("localhost:5000/something:latest"),
assertInOutput("no registry credentials configured, using the default keychain"),
},
},
{
name: "use creds",
args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"},
env: map[string]string{
"SYFT_REGISTRY_AUTH_AUTHORITY": "localhost:5000",
"SYFT_REGISTRY_AUTH_USERNAME": "username",
"SYFT_REGISTRY_AUTH_PASSWORD": "password",
},
assertions: []traitAssertion{
assertInOutput("source=OciRegistry"),
assertInOutput("localhost:5000/something:latest"),
assertInOutput(`using basic auth for registry "localhost:5000"`),
},
},
{
name: "use token",
args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"},
env: map[string]string{
"SYFT_REGISTRY_AUTH_AUTHORITY": "localhost:5000",
"SYFT_REGISTRY_AUTH_TOKEN": "token",
},
assertions: []traitAssertion{
assertInOutput("source=OciRegistry"),
assertInOutput("localhost:5000/something:latest"),
assertInOutput(`using token for registry "localhost:5000"`),
},
},
{
name: "not enough info fallsback to keychain",
args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"},
env: map[string]string{
"SYFT_REGISTRY_AUTH_AUTHORITY": "localhost:5000",
},
assertions: []traitAssertion{
assertInOutput("source=OciRegistry"),
assertInOutput("localhost:5000/something:latest"),
assertInOutput(`no registry credentials configured, using the default keychain`),
},
},
{
name: "allows insecure http flag",
args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"},
env: map[string]string{
"SYFT_REGISTRY_INSECURE_USE_HTTP": "true",
},
assertions: []traitAssertion{
assertInOutput("insecure-use-http: true"),
},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
cmd, stdout, stderr := runSyft(t, test.env, test.args...)
for _, traitAssertionFn := range test.assertions {
traitAssertionFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
}
if t.Failed() {
t.Log("STDOUT:\n", stdout)
t.Log("STDERR:\n", stderr)
t.Log("COMMAND:", strings.Join(cmd.Args, " "))
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink