github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/test/integration/package_ownership_relationship_test.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/test/integration/package_ownership_relationship_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"testing"
     7  
     8  	"github.com/stretchr/testify/require"
     9  
    10  	"github.com/anchore/syft/syft/format/syftjson"
    11  	syftjsonModel "github.com/anchore/syft/syft/format/syftjson/model"
    12  	"github.com/anchore/syft/syft/pkg"
    13  	"github.com/anchore/syft/syft/source"
    14  )
    15  
    16  func TestPackageOwnershipRelationships(t *testing.T) {
    17  	// ensure that the json encoder is applying artifact ownership with an image that has expected ownership relationships
    18  	tests := []struct {
    19  		fixture string
    20  	}{
    21  		{
    22  			fixture: "image-owning-package",
    23  		},
    24  	}
    25  
    26  	for _, test := range tests {
    27  		t.Run(test.fixture, func(t *testing.T) {
    28  			sbom, _ := catalogFixtureImage(t, test.fixture, source.SquashedScope, nil)
    29  
    30  			output := bytes.NewBufferString("")
    31  			err := syftjson.NewFormatEncoder().Encode(output, sbom)
    32  			require.NoError(t, err)
    33  
    34  			var doc syftjsonModel.Document
    35  			decoder := json.NewDecoder(output)
    36  			if err := decoder.Decode(&doc); err != nil {
    37  				t.Fatalf("unable to decode json doc: %+v", err)
    38  			}
    39  
    40  			if len(doc.ArtifactRelationships) == 0 {
    41  				t.Errorf("expected to find relationships between packages but found none")
    42  			}
    43  
    44  		})
    45  	}
    46  
    47  }
    48  
    49  func TestPackageOwnershipExclusions(t *testing.T) {
    50  	// ensure that the json encoder is excluding packages by artifact ownership with an image that has expected ownership relationships
    51  	tests := []struct {
    52  		name    string
    53  		fixture string
    54  	}{
    55  		{
    56  			name:    "busybox binary is filtered based on ownership relationship",
    57  			fixture: "image-os-binary-overlap",
    58  		},
    59  	}
    60  
    61  	for _, test := range tests {
    62  		t.Run(test.fixture, func(t *testing.T) {
    63  			sbom, _ := catalogFixtureImage(t, test.fixture, source.SquashedScope, nil)
    64  			binaryPackages := make([]pkg.Package, 0)
    65  			apkPackages := make([]pkg.Package, 0)
    66  			for p := range sbom.Artifacts.Packages.Enumerate() {
    67  				if p.Type == pkg.BinaryPkg && p.Name == "busybox" {
    68  					binaryPackages = append(binaryPackages, p)
    69  				}
    70  				if p.Type == pkg.ApkPkg && p.Name == "busybox" {
    71  					apkPackages = append(apkPackages, p)
    72  				}
    73  			}
    74  
    75  			if len(binaryPackages) != 0 {
    76  				packageNames := make([]string, 0)
    77  				for _, p := range binaryPackages {
    78  					packageNames = append(packageNames, p.Name)
    79  				}
    80  				t.Errorf("expected to find no binary packages but found %d packages: %v", len(binaryPackages), packageNames)
    81  			}
    82  			if len(apkPackages) == 0 {
    83  				t.Errorf("expected to find apk packages but found none")
    84  			}
    85  		})
    86  	}
    87  }