From 7fc64d722b678e2710c62ce992aed7ae1666f00c Mon Sep 17 00:00:00 2001 From: Sophie Wigmore Date: Thu, 26 Jan 2023 10:35:57 -0500 Subject: [PATCH] fix spdx sbom tests --- sbom/formatted_reader_test.go | 8 +- sbom/internal/formats/spdx22/encoder_test.go | 7 +- .../TestSPDXJSONDirectoryEncoder.golden | 156 ++++++++---------- .../snapshot/TestSPDXJSONImageEncoder.golden | 38 +---- .../snapshot/TestSPDXRelationshipOrder.golden | 37 +---- 5 files changed, 93 insertions(+), 153 deletions(-) diff --git a/sbom/formatted_reader_test.go b/sbom/formatted_reader_test.go index 4afc7ad8..0f388542 100644 --- a/sbom/formatted_reader_test.go +++ b/sbom/formatted_reader_test.go @@ -119,8 +119,8 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { // Ensures pretty printing Expect(buffer.String()).To(ContainSubstring(`{ - "Reviews": null, - "SPDXID": "SPDXRef-DOCUMENT"`)) + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": {`)) var spdxOutput spdxOutput @@ -137,7 +137,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String()) // Ensure documentNamespace and creationInfo.created have reproducible values - Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-d359f27c-86a7-5551-b971-9c7afd003959"), buffer.String()) + Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-e3c5c6c0-975c-50ad-ba89-6c690c58f329"), buffer.String()) Expect(spdxOutput.CreationInfo.Created).To(BeZero(), buffer.String()) rerunBuffer := bytes.NewBuffer(nil) @@ -186,7 +186,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String()) // Ensure documentNamespace and creationInfo.created have reproducible values - Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-c6ae45ee-2cee-584a-b637-9de3c8486856"), buffer.String()) + Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-69392e4a-5484-50ba-babd-d21c6d13d9a3"), buffer.String()) Expect(spdxOutput.CreationInfo.Created).To(Equal(time.Unix(1659551872, 0).UTC()), buffer.String()) rerunBuffer := bytes.NewBuffer(nil) diff --git a/sbom/internal/formats/spdx22/encoder_test.go b/sbom/internal/formats/spdx22/encoder_test.go index 3e06d0c4..a80910f0 100644 --- a/sbom/internal/formats/spdx22/encoder_test.go +++ b/sbom/internal/formats/spdx22/encoder_test.go @@ -45,14 +45,13 @@ func TestSPDXRelationshipOrder(t *testing.T) { spdxJsonRedactor, ) } - func spdxJsonRedactor(s []byte) []byte { // each SBOM reports the time it was generated, which is not useful during snapshot testing - s = regexp.MustCompile(`"created":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + s = regexp.MustCompile(`"created":\s+"[^"]*"`).ReplaceAll(s, []byte(`"created":""`)) // each SBOM reports a unique documentNamespace when generated, this is not useful for snapshot testing - s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*"`).ReplaceAll(s, []byte(`"documentNamespace":""`)) // the license list will be updated periodically, the value here should not be directly tested in snapshot tests - return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*"`).ReplaceAll(s, []byte(`"licenseListVersion":""`)) } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden index b3698319..fa1c3a44 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden @@ -1,96 +1,76 @@ { - "spdxVersion": "SPDX-2.2", - "dataLicense": "CC0-1.0", - "SPDXID": "SPDXRef-DOCUMENT", - "name": "/some/path", - "documentNamespace": "https://anchore.com/syft/dir/some/path-3005bc26-568d-4d19-80c1-c954ac36b7f8", - "creationInfo": { - "licenseListVersion": "3.16", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-v0.42.0-bogus" - ], - "created": "2023-01-12T20:22:07Z", - "comment": "" - }, - "packages": [ + "spdxVersion": "SPDX-2.2", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "/some/path", + "documentNamespace": "https://anchore.com/syft/dir/some/path-0567e7df-bcf5-4ee0-8565-ca4f9ecc7f0d", + "creationInfo": { + "licenseListVersion": "3.16", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-v0.42.0-bogus" + ], + "created": "2023-01-26T15:28:14Z" + }, + "packages": [ + { + "name": "package-1", + "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c", + "versionInfo": "1.0.1", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "" + }, + "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", + "licenseConcluded": "MIT", + "licenseInfoFromFiles": null, + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ { - "IsUnpackaged": false, - "name": "package-1", - "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c", - "versionInfo": "1.0.1", - "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, - "packageVerificationCode": { - "packageVerificationCodeValue": "" - }, - "checksums": null, - "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", - "licenseConcluded": "MIT", - "licenseInfoFromFiles": null, - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "a-purl-2", - "comment": "" - } - ], - "Files": null, - "annotations": null + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { - "IsUnpackaged": false, - "name": "package-2", - "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3", - "versionInfo": "2.0.1", - "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, - "packageVerificationCode": { - "packageVerificationCodeValue": "" - }, - "checksums": null, - "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", - "licenseConcluded": "NONE", - "licenseInfoFromFiles": null, - "licenseDeclared": "NONE", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" - } - ], - "Files": null, - "annotations": null + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "a-purl-2" } - ], - "files": null, - "hasExtractedLicensingInfos": null, - "relationships": [ + ] + }, + { + "name": "package-2", + "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3", + "versionInfo": "2.0.1", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "" + }, + "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", + "licenseConcluded": "NONE", + "licenseInfoFromFiles": null, + "licenseDeclared": "NONE", + "copyrightText": "NOASSERTION", + "externalRefs": [ { - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-DOCUMENT", - "relationshipType": "DESCRIBES" + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DOCUMENT", + "relationshipType": "DESCRIBES" + } + ] } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden index db68e57b..614db67b 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden @@ -3,28 +3,24 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-c725d1a0-94bc-4c99-92ac-250ce6b80a1c", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-1aca09fa-755d-453d-9bdf-481b438f386b", "creationInfo": { "licenseListVersion": "3.16", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-12T20:40:56Z", - "comment": "" + "created": "2023-01-26T15:31:27Z" }, "packages": [ { - "IsUnpackaged": false, "name": "package-1", "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", "licenseConcluded": "MIT", "licenseInfoFromFiles": null, @@ -34,30 +30,23 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "a-purl-1", - "comment": "" + "referenceLocator": "a-purl-1" } - ], - "Files": null, - "annotations": null + ] }, { - "IsUnpackaged": false, "name": "package-2", "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", "licenseConcluded": "NONE", "licenseInfoFromFiles": null, @@ -67,30 +56,21 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "Files": null, - "annotations": null + ] } ], - "files": null, - "hasExtractedLicensingInfos": null, "relationships": [ { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-DOCUMENT", "relationshipType": "DESCRIBES" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index aefeba69..5b444d6d 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -3,28 +3,24 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-96922b5d-0ec8-47ec-9aa6-d4fbb53286a5", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-6c400694-c3e4-46f9-a7e7-9e826c9ced8b", "creationInfo": { "licenseListVersion": "3.16", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-12T20:42:55Z", - "comment": "" + "created": "2023-01-26T15:33:01Z" }, "packages": [ { - "IsUnpackaged": false, "name": "package-1", "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", "licenseConcluded": "MIT", "licenseInfoFromFiles": null, @@ -34,30 +30,23 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "a-purl-1", - "comment": "" + "referenceLocator": "a-purl-1" } - ], - "Files": null, - "annotations": null + ] }, { - "IsUnpackaged": false, "name": "package-2", "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", "licenseConcluded": "NONE", "licenseInfoFromFiles": null, @@ -67,18 +56,14 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "Files": null, - "annotations": null + ] } ], "files": [ @@ -179,7 +164,6 @@ "copyrightText": "" } ], - "hasExtractedLicensingInfos": null, "relationships": [ { "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", @@ -216,8 +200,5 @@ "relatedSpdxElement": "SPDXRef-DOCUMENT", "relationshipType": "DESCRIBES" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] }