github.com/khulnasoft/trivy@v0.48.1-0.20231207234930-27df843a75e0/integration/sbom_test.go

github.com/khulnasoft/trivy@v0.48.1-0.20231207234930-27df843a75e0/integration/sbom_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"path/filepath"
     7  	"testing"
     8  
     9  	v1 "github.com/google/go-containerregistry/pkg/v1"
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  
    13  	ftypes "github.com/khulnasoft/trivy/pkg/fanal/types"
    14  	"github.com/khulnasoft/trivy/pkg/types"
    15  )
    16  
    17  func TestSBOM(t *testing.T) {
    18  	type args struct {
    19  		input        string
    20  		format       string
    21  		artifactType string
    22  	}
    23  	tests := []struct {
    24  		name     string
    25  		args     args
    26  		golden   string
    27  		override types.Report
    28  	}{
    29  		{
    30  			name: "centos7 cyclonedx",
    31  			args: args{
    32  				input:        "testdata/fixtures/sbom/centos-7-cyclonedx.json",
    33  				format:       "json",
    34  				artifactType: "cyclonedx",
    35  			},
    36  			golden: "testdata/centos-7.json.golden",
    37  			override: types.Report{
    38  				ArtifactName: "testdata/fixtures/sbom/centos-7-cyclonedx.json",
    39  				ArtifactType: ftypes.ArtifactType("cyclonedx"),
    40  				Results: types.Results{
    41  					{
    42  						Target: "testdata/fixtures/sbom/centos-7-cyclonedx.json (centos 7.6.1810)",
    43  						Vulnerabilities: []types.DetectedVulnerability{
    44  							{PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"},
    45  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
    46  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
    47  						},
    48  					},
    49  				},
    50  			},
    51  		},
    52  		{
    53  			name: "fluentd-multiple-lockfiles cyclonedx",
    54  			args: args{
    55  				input:        "testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json",
    56  				format:       "json",
    57  				artifactType: "cyclonedx",
    58  			},
    59  			golden: "testdata/fluentd-multiple-lockfiles.json.golden",
    60  		},
    61  		{
    62  			name: "minikube KBOM",
    63  			args: args{
    64  				input:        "testdata/fixtures/sbom/minikube-kbom.json",
    65  				format:       "json",
    66  				artifactType: "cyclonedx",
    67  			},
    68  			golden: "testdata/minikube-kbom.json.golden",
    69  		},
    70  		{
    71  			name: "centos7 in in-toto attestation",
    72  			args: args{
    73  				input:        "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl",
    74  				format:       "json",
    75  				artifactType: "cyclonedx",
    76  			},
    77  			golden: "testdata/centos-7.json.golden",
    78  			override: types.Report{
    79  				ArtifactName: "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl",
    80  				ArtifactType: ftypes.ArtifactType("cyclonedx"),
    81  				Results: types.Results{
    82  					{
    83  						Target: "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl (centos 7.6.1810)",
    84  						Vulnerabilities: []types.DetectedVulnerability{
    85  							{PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"},
    86  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
    87  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
    88  						},
    89  					},
    90  				},
    91  			},
    92  		},
    93  		{
    94  			name: "centos7 spdx tag-value",
    95  			args: args{
    96  				input:        "testdata/fixtures/sbom/centos-7-spdx.txt",
    97  				format:       "json",
    98  				artifactType: "spdx",
    99  			},
   100  			golden: "testdata/centos-7.json.golden",
   101  			override: types.Report{
   102  				ArtifactName: "testdata/fixtures/sbom/centos-7-spdx.txt",
   103  				ArtifactType: ftypes.ArtifactType("spdx"),
   104  				Results: types.Results{
   105  					{
   106  						Target: "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)",
   107  						Vulnerabilities: []types.DetectedVulnerability{
   108  							{PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"},
   109  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
   110  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
   111  						},
   112  					},
   113  				},
   114  			},
   115  		},
   116  		{
   117  			name: "centos7 spdx json",
   118  			args: args{
   119  				input:        "testdata/fixtures/sbom/centos-7-spdx.json",
   120  				format:       "json",
   121  				artifactType: "spdx",
   122  			},
   123  			golden: "testdata/centos-7.json.golden",
   124  			override: types.Report{
   125  				ArtifactName: "testdata/fixtures/sbom/centos-7-spdx.json",
   126  				ArtifactType: ftypes.ArtifactType("spdx"),
   127  				Results: types.Results{
   128  					{
   129  						Target: "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)",
   130  						Vulnerabilities: []types.DetectedVulnerability{
   131  							{PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"},
   132  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
   133  							{PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
   134  						},
   135  					},
   136  				},
   137  			},
   138  		},
   139  	}
   140  
   141  	// Set up testing DB
   142  	cacheDir := initDB(t)
   143  
   144  	for _, tt := range tests {
   145  		t.Run(tt.name, func(t *testing.T) {
   146  			osArgs := []string{
   147  				"--cache-dir",
   148  				cacheDir,
   149  				"sbom",
   150  				"-q",
   151  				"--skip-db-update",
   152  				"--format",
   153  				tt.args.format,
   154  			}
   155  
   156  			// Set up the output file
   157  			outputFile := filepath.Join(t.TempDir(), "output.json")
   158  			if *update {
   159  				outputFile = tt.golden
   160  			}
   161  
   162  			osArgs = append(osArgs, "--output", outputFile)
   163  			osArgs = append(osArgs, tt.args.input)
   164  
   165  			// Run "trivy sbom"
   166  			err := execute(osArgs)
   167  			assert.NoError(t, err)
   168  
   169  			// Compare want and got
   170  			switch tt.args.format {
   171  			case "json":
   172  				compareSBOMReports(t, tt.golden, outputFile, tt.override)
   173  			default:
   174  				require.Fail(t, "invalid format", "format: %s", tt.args.format)
   175  			}
   176  		})
   177  	}
   178  }
   179  
   180  // TODO(teppei): merge into compareReports
   181  func compareSBOMReports(t *testing.T, wantFile, gotFile string, overrideWant types.Report) {
   182  	want := readReport(t, wantFile)
   183  
   184  	if overrideWant.ArtifactName != "" {
   185  		want.ArtifactName = overrideWant.ArtifactName
   186  	}
   187  	if overrideWant.ArtifactType != "" {
   188  		want.ArtifactType = overrideWant.ArtifactType
   189  	}
   190  	want.Metadata.ImageID = ""
   191  	want.Metadata.ImageConfig = v1.ConfigFile{}
   192  	want.Metadata.DiffIDs = nil
   193  	for i, result := range want.Results {
   194  		for j := range result.Vulnerabilities {
   195  			want.Results[i].Vulnerabilities[j].Layer.DiffID = ""
   196  		}
   197  	}
   198  
   199  	for i, result := range overrideWant.Results {
   200  		want.Results[i].Target = result.Target
   201  		for j, vuln := range result.Vulnerabilities {
   202  			want.Results[i].Vulnerabilities[j].PkgRef = vuln.PkgRef
   203  		}
   204  	}
   205  
   206  	got := readReport(t, gotFile)
   207  	assert.Equal(t, want, got)
   208  }