github.com/anchore/syft@v1.38.2/test/install/0_checksums_test.sh

github.com/anchore/syft@v1.38.2/test/install/0_checksums_test.sh (about)

     1  . test_harness.sh
     2  
     3  # search for an asset in a release checksums file
     4  test_search_for_asset_release() {
     5    fixture=./test-fixtures/syft_0.36.0_checksums.txt
     6  
     7    # search_for_asset [checksums-file-path] [name] [os] [arch] [format]
     8  
     9    # positive case
    10    actual=$(search_for_asset "${fixture}" "syft" "linux" "amd64" "tar.gz")
    11    assertEquals "syft_0.36.0_linux_amd64.tar.gz" "${actual}" "unable to find release asset"
    12  
    13    # negative cases
    14    actual=$(search_for_asset "${fixture}" "syft" "Linux" "amd64" "tar.gz")
    15    assertEquals "" "${actual}" "found a release asset but did not expect to (os)"
    16  
    17    actual=$(search_for_asset "${fixture}" "syft" "darwin" "amd64" "rpm")
    18    assertEquals "" "${actual}" "found a release asset but did not expect to (format)"
    19  
    20  }
    21  
    22  run_test_case test_search_for_asset_release
    23  
    24  
    25  # search for an asset in a snapshot checksums file
    26  test_search_for_asset_snapshot() {
    27    fixture=./test-fixtures/syft_0.35.1-SNAPSHOT-d461f63_checksums.txt
    28  
    29    # search_for_asset [checksums-file-path] [name] [os] [arch] [format]
    30  
    31    # positive case
    32    actual=$(search_for_asset "${fixture}" "syft" "linux" "amd64" "rpm")
    33    assertEquals "syft_0.35.1-SNAPSHOT-d461f63_linux_amd64.rpm" "${actual}" "unable to find snapshot asset"
    34  
    35    # negative case
    36    actual=$(search_for_asset "${fixture}" "syft" "linux" "amd64" "zip")
    37    assertEquals "" "${actual}" "found a snapshot asset but did not expect to (format)"
    38  }
    39  
    40  run_test_case test_search_for_asset_snapshot
    41  
    42  
    43  # verify 256 digest of a file
    44  test_hash_sha256() {
    45    target=./test-fixtures/assets/valid/syft_1.5.0_linux_arm64.tar.gz
    46  
    47    # hash_sha256 [target]
    48  
    49    # positive case
    50    actual=$(hash_sha256 "${target}")
    51    assertEquals "8d57abb57a0dae3ff23c8f0df1f51951b7772822e0d560e860d6f68c24ef6d3d" "${actual}" "mismatched checksum"
    52  }
    53  
    54  run_test_case test_hash_sha256
    55  
    56  # verify 256 digest of a file relative to the checksums file
    57  test_hash_sha256_verify() {
    58  
    59    # hash_sha256_verify [target] [checksums]
    60  
    61  
    62    # positive case
    63  
    64    checksums=./test-fixtures/assets/valid/checksums.txt
    65    target=./test-fixtures/assets/valid/syft_1.5.0_linux_arm64.tar.gz
    66  
    67    hash_sha256_verify "${target}" "${checksums}"
    68    assertEquals "0" "$?" "mismatched checksum"
    69  
    70  
    71    # negative case
    72  
    73    # we are expecting error messages, which is confusing to look at in passing tests... disable logging for now
    74    log_set_priority -1
    75  
    76    checksums=./test-fixtures/assets/invalid/checksums.txt
    77    target=./test-fixtures/assets/invalid/syft_1.5.0_linux_arm64.tar.gz
    78  
    79    hash_sha256_verify "${target}" "${checksums}"
    80    assertEquals "1" "$?" "verification did not catch mismatched checksum"
    81  
    82    # restore logging...
    83    log_set_priority 0
    84  }
    85  
    86  run_test_case test_hash_sha256_verify