Skip to content

Commit

Permalink
fix spdx sbom tests
Browse files Browse the repository at this point in the history
  • Loading branch information
Sophie Wigmore authored and ForestEckhardt committed Jan 26, 2023
1 parent 13b0ecc commit 7fc64d7
Show file tree
Hide file tree
Showing 5 changed files with 93 additions and 153 deletions.
8 changes: 4 additions & 4 deletions sbom/formatted_reader_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) {

// Ensures pretty printing
Expect(buffer.String()).To(ContainSubstring(`{
"Reviews": null,
"SPDXID": "SPDXRef-DOCUMENT"`))
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {`))

var spdxOutput spdxOutput

Expand All @@ -137,7 +137,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) {
Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String())

// Ensure documentNamespace and creationInfo.created have reproducible values
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-d359f27c-86a7-5551-b971-9c7afd003959"), buffer.String())
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-e3c5c6c0-975c-50ad-ba89-6c690c58f329"), buffer.String())
Expect(spdxOutput.CreationInfo.Created).To(BeZero(), buffer.String())

rerunBuffer := bytes.NewBuffer(nil)
Expand Down Expand Up @@ -186,7 +186,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) {
Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String())

// Ensure documentNamespace and creationInfo.created have reproducible values
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-c6ae45ee-2cee-584a-b637-9de3c8486856"), buffer.String())
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-69392e4a-5484-50ba-babd-d21c6d13d9a3"), buffer.String())
Expect(spdxOutput.CreationInfo.Created).To(Equal(time.Unix(1659551872, 0).UTC()), buffer.String())

rerunBuffer := bytes.NewBuffer(nil)
Expand Down
7 changes: 3 additions & 4 deletions sbom/internal/formats/spdx22/encoder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,13 @@ func TestSPDXRelationshipOrder(t *testing.T) {
spdxJsonRedactor,
)
}

func spdxJsonRedactor(s []byte) []byte {
// each SBOM reports the time it was generated, which is not useful during snapshot testing
s = regexp.MustCompile(`"created":\s+"[^"]*",?`).ReplaceAll(s, []byte(""))
s = regexp.MustCompile(`"created":\s+"[^"]*"`).ReplaceAll(s, []byte(`"created":""`))

// each SBOM reports a unique documentNamespace when generated, this is not useful for snapshot testing
s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*",?`).ReplaceAll(s, []byte(""))
s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*"`).ReplaceAll(s, []byte(`"documentNamespace":""`))

// the license list will be updated periodically, the value here should not be directly tested in snapshot tests
return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*",?`).ReplaceAll(s, []byte(""))
return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*"`).ReplaceAll(s, []byte(`"licenseListVersion":""`))
}
Original file line number Diff line number Diff line change
@@ -1,96 +1,76 @@
{
"spdxVersion": "SPDX-2.2",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "/some/path",
"documentNamespace": "https://anchore.com/syft/dir/some/path-3005bc26-568d-4d19-80c1-c954ac36b7f8",
"creationInfo": {
"licenseListVersion": "3.16",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"created": "2023-01-12T20:22:07Z",
"comment": ""
},
"packages": [
"spdxVersion": "SPDX-2.2",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "/some/path",
"documentNamespace": "https://anchore.com/syft/dir/some/path-0567e7df-bcf5-4ee0-8565-ca4f9ecc7f0d",
"creationInfo": {
"licenseListVersion": "3.16",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"created": "2023-01-26T15:28:14Z"
},
"packages": [
{
"name": "package-1",
"SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c",
"versionInfo": "1.0.1",
"downloadLocation": "NOASSERTION",
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1",
"licenseConcluded": "MIT",
"licenseInfoFromFiles": null,
"licenseDeclared": "MIT",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"IsUnpackaged": false,
"name": "package-1",
"SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c",
"versionInfo": "1.0.1",
"downloadLocation": "NOASSERTION",
"IsFilesAnalyzedTagPresent": true,
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"checksums": null,
"sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1",
"licenseConcluded": "MIT",
"licenseInfoFromFiles": null,
"licenseDeclared": "MIT",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-2",
"comment": ""
}
],
"Files": null,
"annotations": null
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"IsUnpackaged": false,
"name": "package-2",
"SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3",
"versionInfo": "2.0.1",
"downloadLocation": "NOASSERTION",
"IsFilesAnalyzedTagPresent": true,
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"checksums": null,
"sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1",
"licenseConcluded": "NONE",
"licenseInfoFromFiles": null,
"licenseDeclared": "NONE",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1",
"comment": ""
}
],
"Files": null,
"annotations": null
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-2"
}
],
"files": null,
"hasExtractedLicensingInfos": null,
"relationships": [
]
},
{
"name": "package-2",
"SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3",
"versionInfo": "2.0.1",
"downloadLocation": "NOASSERTION",
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1",
"licenseConcluded": "NONE",
"licenseInfoFromFiles": null,
"licenseDeclared": "NONE",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-DOCUMENT",
"relationshipType": "DESCRIBES"
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1"
}
],
"annotations": null,
"snippets": null,
"Reviews": null
]
}
],
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-DOCUMENT",
"relationshipType": "DESCRIBES"
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,24 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "user-image-input",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-c725d1a0-94bc-4c99-92ac-250ce6b80a1c",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-1aca09fa-755d-453d-9bdf-481b438f386b",
"creationInfo": {
"licenseListVersion": "3.16",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"created": "2023-01-12T20:40:56Z",
"comment": ""
"created": "2023-01-26T15:31:27Z"
},
"packages": [
{
"IsUnpackaged": false,
"name": "package-1",
"SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
"versionInfo": "1.0.1",
"downloadLocation": "NOASSERTION",
"IsFilesAnalyzedTagPresent": true,
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"checksums": null,
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
"licenseConcluded": "MIT",
"licenseInfoFromFiles": null,
Expand All @@ -34,30 +30,23 @@
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*",
"comment": ""
"referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-1",
"comment": ""
"referenceLocator": "a-purl-1"
}
],
"Files": null,
"annotations": null
]
},
{
"IsUnpackaged": false,
"name": "package-2",
"SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
"versionInfo": "2.0.1",
"downloadLocation": "NOASSERTION",
"IsFilesAnalyzedTagPresent": true,
"packageVerificationCode": {
"packageVerificationCodeValue": ""
},
"checksums": null,
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
"licenseConcluded": "NONE",
"licenseInfoFromFiles": null,
Expand All @@ -67,30 +56,21 @@
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
"comment": ""
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1",
"comment": ""
"referenceLocator": "pkg:deb/debian/package-2@2.0.1"
}
],
"Files": null,
"annotations": null
]
}
],
"files": null,
"hasExtractedLicensingInfos": null,
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-DOCUMENT",
"relationshipType": "DESCRIBES"
}
],
"annotations": null,
"snippets": null,
"Reviews": null
]
}
Loading

0 comments on commit 7fc64d7

Please sign in to comment.