github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/golang/cataloger_test.go (about) 1 package golang 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 8 "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" 9 ) 10 11 func Test_PackageCataloger_Binary(t *testing.T) { 12 13 tests := []struct { 14 name string 15 fixture string 16 expectedPkgs []string 17 expectedRels []string 18 }{ 19 { 20 name: "simple module with dependencies", 21 fixture: "image-small", 22 expectedPkgs: []string{ 23 "anchore.io/not/real @ v1.0.0 (/run-me)", 24 "github.com/andybalholm/brotli @ v1.1.1 (/run-me)", 25 "github.com/dsnet/compress @ v0.0.2-0.20210315054119-f66993602bf5 (/run-me)", 26 "github.com/golang/snappy @ v0.0.4 (/run-me)", 27 "github.com/klauspost/compress @ v1.17.11 (/run-me)", 28 "github.com/klauspost/pgzip @ v1.2.6 (/run-me)", 29 "github.com/nwaples/rardecode @ v1.1.3 (/run-me)", 30 "github.com/pierrec/lz4/v4 @ v4.1.21 (/run-me)", 31 "github.com/ulikunitz/xz @ v0.5.12 (/run-me)", 32 "github.com/xi2/xz @ v0.0.0-20171230120015-48954b6210f8 (/run-me)", 33 "stdlib @ go1.23.2 (/run-me)", 34 "github.com/anchore/archiver/v3 @ v3.5.3-0.20241210171143-5b1d8d1c7c51 (/run-me)", 35 }, 36 expectedRels: []string{ 37 "github.com/andybalholm/brotli @ v1.1.1 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 38 "github.com/dsnet/compress @ v0.0.2-0.20210315054119-f66993602bf5 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 39 "github.com/golang/snappy @ v0.0.4 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 40 "github.com/klauspost/compress @ v1.17.11 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 41 "github.com/klauspost/pgzip @ v1.2.6 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 42 "github.com/anchore/archiver/v3 @ v3.5.3-0.20241210171143-5b1d8d1c7c51 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 43 "github.com/nwaples/rardecode @ v1.1.3 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 44 "github.com/pierrec/lz4/v4 @ v4.1.21 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 45 "github.com/ulikunitz/xz @ v0.5.12 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 46 "github.com/xi2/xz @ v0.0.0-20171230120015-48954b6210f8 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 47 "stdlib @ go1.23.2 (/run-me) [dependency-of] anchore.io/not/real @ v1.0.0 (/run-me)", 48 }, 49 }, 50 { 51 name: "partially built binary", 52 // the difference is the build flags used to build the binary... they will not reference the module directly 53 // see the dockerfile for details 54 fixture: "image-not-a-module", 55 expectedPkgs: []string{ 56 "command-line-arguments @ (/run-me)", // this is the difference! 57 "github.com/andybalholm/brotli @ v1.1.1 (/run-me)", 58 "github.com/dsnet/compress @ v0.0.2-0.20210315054119-f66993602bf5 (/run-me)", 59 "github.com/golang/snappy @ v0.0.4 (/run-me)", 60 "github.com/anchore/archiver/v3 @ v3.5.3-0.20241210171143-5b1d8d1c7c51 (/run-me)", 61 "github.com/klauspost/compress @ v1.17.11 (/run-me)", 62 "github.com/klauspost/pgzip @ v1.2.6 (/run-me)", 63 "github.com/nwaples/rardecode @ v1.1.3 (/run-me)", 64 "github.com/pierrec/lz4/v4 @ v4.1.21 (/run-me)", 65 "github.com/ulikunitz/xz @ v0.5.12 (/run-me)", 66 "github.com/xi2/xz @ v0.0.0-20171230120015-48954b6210f8 (/run-me)", 67 "stdlib @ go1.23.2 (/run-me)", 68 }, 69 expectedRels: []string{ 70 "github.com/anchore/archiver/v3 @ v3.5.3-0.20241210171143-5b1d8d1c7c51 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 71 "github.com/andybalholm/brotli @ v1.1.1 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 72 "github.com/dsnet/compress @ v0.0.2-0.20210315054119-f66993602bf5 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 73 "github.com/golang/snappy @ v0.0.4 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 74 "github.com/klauspost/compress @ v1.17.11 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 75 "github.com/klauspost/pgzip @ v1.2.6 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 76 "github.com/nwaples/rardecode @ v1.1.3 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 77 "github.com/pierrec/lz4/v4 @ v4.1.21 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 78 "github.com/ulikunitz/xz @ v0.5.12 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 79 "github.com/xi2/xz @ v0.0.0-20171230120015-48954b6210f8 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 80 "stdlib @ go1.23.2 (/run-me) [dependency-of] command-line-arguments @ (/run-me)", 81 }, 82 }, 83 } 84 85 for _, test := range tests { 86 t.Run(test.name, func(t *testing.T) { 87 pkgtest.NewCatalogTester(). 88 WithImageResolver(t, test.fixture). 89 ExpectsPackageStrings(test.expectedPkgs). 90 ExpectsRelationshipStrings(test.expectedRels). 91 TestCataloger(t, NewGoModuleBinaryCataloger(DefaultCatalogerConfig())) 92 }) 93 } 94 95 } 96 97 func Test_Mod_Cataloger_Globs(t *testing.T) { 98 tests := []struct { 99 name string 100 fixture string 101 expected []string 102 }{ 103 { 104 name: "obtain go.mod files", 105 fixture: "test-fixtures/glob-paths", 106 expected: []string{ 107 "src/go.mod", 108 }, 109 }, 110 } 111 112 for _, test := range tests { 113 t.Run(test.name, func(t *testing.T) { 114 pkgtest.NewCatalogTester(). 115 FromDirectory(t, test.fixture). 116 ExpectsResolverContentQueries(test.expected). 117 IgnoreUnfulfilledPathResponses("src/go.sum"). 118 TestCataloger(t, NewGoModuleFileCataloger(CatalogerConfig{})) 119 }) 120 } 121 } 122 123 func Test_Binary_Cataloger_Globs(t *testing.T) { 124 tests := []struct { 125 name string 126 fixture string 127 expected []string 128 }{ 129 { 130 name: "obtain binary files", 131 fixture: "test-fixtures/glob-paths", 132 expected: []string{ 133 "partial-binary", 134 }, 135 }, 136 } 137 138 for _, test := range tests { 139 t.Run(test.name, func(t *testing.T) { 140 pkgtest.NewCatalogTester(). 141 FromDirectory(t, test.fixture). 142 ExpectsResolverContentQueries(test.expected). 143 TestCataloger(t, NewGoModuleBinaryCataloger(CatalogerConfig{})) 144 }) 145 } 146 } 147 148 func Test_Binary_Cataloger_Stdlib_Cpe(t *testing.T) { 149 tests := []struct { 150 name string 151 candidate string 152 want string 153 }{ 154 { 155 name: "generateStdlibCpe generates a cpe with a - for a major version", 156 candidate: "go1.21.0", 157 want: "cpe:2.3:a:golang:go:1.21.0:-:*:*:*:*:*:*", 158 }, 159 { 160 name: "generateStdlibCpe generates a cpe with an rc candidate for a major rc version", 161 candidate: "go1.21rc2", 162 want: "cpe:2.3:a:golang:go:1.21:rc2:*:*:*:*:*:*", 163 }, 164 } 165 166 for _, tc := range tests { 167 t.Run(tc.name, func(t *testing.T) { 168 got, err := generateStdlibCpe(tc.candidate) 169 assert.NoError(t, err, "expected no err; got %v", err) 170 assert.Equal(t, got.Attributes.String(), tc.want) 171 }) 172 } 173 }