github.com/anchore/syft@v1.38.2/test/install/4_prep_signature_verification_test.sh

github.com/anchore/syft@v1.38.2/test/install/4_prep_signature_verification_test.sh (about)

     1  . test_harness.sh
     2  
     3  test_compare_semver() {
     4    # compare_semver [version1] [version2]
     5  
     6    # positive cases (version1 >= version2)
     7    compare_semver "0.32.0" "0.32.0"
     8    assertEquals "0" "$?" "+ versions should equal"
     9  
    10    compare_semver "0.32.1" "0.32.0"
    11    assertEquals "0" "$?" "+ patch version should be greater"
    12  
    13    compare_semver "0.33.0" "0.32.0"
    14    assertEquals "0" "$?" "+ minor version should be greater"
    15  
    16    compare_semver "0.333.0" "0.32.0"
    17    assertEquals "0" "$?" "+ minor version should be greater (different length)"
    18  
    19    compare_semver "00.33.00" "0.032.0"
    20    assertEquals "0" "$?" "+ minor version should be greater (different length reversed)"
    21  
    22    compare_semver "1.0.0" "0.9.9"
    23    assertEquals "0" "$?" "+ major version should be greater"
    24  
    25    compare_semver "v1.0.0" "1.0.0"
    26    assertEquals "0" "$?" "+ can remove leading 'v' from version"
    27  
    28    # negative cases (version1 < version2)
    29    compare_semver "0.32.0" "0.32.1"
    30    assertEquals "1" "$?" "- patch version should be less"
    31  
    32    compare_semver "0.32.7" "0.33.0"
    33    assertEquals "1" "$?" "- minor version should be less"
    34  
    35    compare_semver "00.00032.070" "0.33.0"
    36    assertEquals "1" "$?" "- minor version should be less (different length)"
    37  
    38    compare_semver "0.32.7" "00.0033.000"
    39    assertEquals "1" "$?" "- minor version should be less (different length reversed)"
    40  
    41    compare_semver "1.9.9" "2.0.1"
    42    assertEquals "1" "$?" "- major version should be less"
    43  
    44    compare_semver "1.0.0" "v2.0.0"
    45    assertEquals "1" "$?" "- can remove leading 'v' from version"
    46  }
    47  
    48  run_test_case test_compare_semver
    49  
    50  # ensure that various signature verification pre-requisites are correctly checked for
    51  test_prep_signature_verification() {
    52    # prep_sign_verification [version]
    53  
    54    # we are expecting error messages, which is confusing to look at in passing tests... disable logging for now
    55    log_set_priority -1
    56  
    57    # backup original values...
    58    OG_COSIGN_BINARY=${COSIGN_BINARY}
    59  
    60    # check the verification path...
    61    VERIFY_SIGN=true
    62  
    63    # release does not support signature verification
    64    prep_signature_verification "0.103.0"
    65    assertEquals "1" "$?" "release does not support signature verification"
    66  
    67    # check that the COSIGN binary exists
    68    COSIGN_BINARY=fake-cosign-that-doesnt-exist
    69    prep_signature_verification "0.105.0"
    70    assertEquals "1" "$?" "cosign binary verification failed"
    71    # restore original values...
    72    COSIGN_BINARY=${OG_COSIGN_BINARY}
    73  
    74    # ignore any failing conditions since we are not verifying the signature
    75    VERIFY_SIGN=false
    76    prep_signature_verification "0.103.0"
    77    assertEquals "0" "$?" "release support verification should not have been triggered"
    78  
    79    COSIGN_BINARY=fake-cosign-that-doesnt-exist
    80    prep_signature_verification "0.105.0"
    81    assertEquals "0" "$?" "cosign binary verification should not have been triggered"
    82    # restore original values...
    83    COSIGN_BINARY=${OG_COSIGN_BINARY}
    84  
    85    # restore logging...
    86    log_set_priority 0
    87  }
    88  
    89  run_test_case test_prep_signature_verification