github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/formats/common/cyclonedxhelpers/format_test.go (about) 1 package cyclonedxhelpers 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/CycloneDX/cyclonedx-go" 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10 11 "github.com/anchore/syft/syft/artifact" 12 "github.com/anchore/syft/syft/pkg" 13 "github.com/anchore/syft/syft/sbom" 14 "github.com/anchore/syft/syft/source" 15 ) 16 17 func Test_formatCPE(t *testing.T) { 18 tests := []struct { 19 cpe string 20 expected string 21 }{ 22 { 23 cpe: "cpe:2.3:o:amazon:amazon_linux:2", 24 expected: "cpe:2.3:o:amazon:amazon_linux:2:*:*:*:*:*:*:*", 25 }, 26 { 27 cpe: "cpe:/o:opensuse:leap:15.2", 28 expected: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", 29 }, 30 { 31 cpe: "invalid-cpe", 32 expected: "", 33 }, 34 } 35 36 for _, test := range tests { 37 t.Run(test.cpe, func(t *testing.T) { 38 out := formatCPE(test.cpe) 39 assert.Equal(t, test.expected, out) 40 }) 41 } 42 } 43 44 func Test_relationships(t *testing.T) { 45 p1 := pkg.Package{ 46 Name: "p1", 47 ComponentType: pkg.ComponentTypeApplication, 48 } 49 50 p2 := pkg.Package{ 51 Name: "p2", 52 } 53 54 p3 := pkg.Package{ 55 Name: "p3", 56 } 57 58 p4 := pkg.Package{ 59 Name: "p4", 60 } 61 62 for _, p := range []*pkg.Package{&p1, &p2, &p3, &p4} { 63 p.PURL = fmt.Sprintf("pkg:generic/%s@%s", p.Name, p.Name) 64 p.SetID() 65 } 66 67 tests := []struct { 68 name string 69 sbom sbom.SBOM 70 expected *[]cyclonedx.Dependency 71 }{ 72 { 73 name: "package dependencyOf relationships output as dependencies", 74 sbom: sbom.SBOM{ 75 Descriptor: sbom.Descriptor{ 76 Name: "syft", 77 Version: "1.2.3", 78 }, 79 Source: source.Description{ 80 Name: "test", 81 Version: "1.2.3", 82 Metadata: source.DirectorySourceMetadata{Path: "some/path/to/place"}, 83 }, 84 Artifacts: sbom.Artifacts{ 85 Packages: pkg.NewCollection(p1, p2, p3, p4), 86 }, 87 Relationships: []artifact.Relationship{ 88 { 89 From: p2, 90 To: p1, 91 Type: artifact.DependencyOfRelationship, 92 }, 93 { 94 From: p3, 95 To: p1, 96 Type: artifact.DependencyOfRelationship, 97 }, 98 { 99 From: p4, 100 To: p2, 101 Type: artifact.DependencyOfRelationship, 102 }, 103 }, 104 }, 105 expected: &[]cyclonedx.Dependency{ 106 { 107 Ref: "7ce954b3d0af7363", // hardcoded root component bom-ref 108 Dependencies: &[]string{ 109 deriveBomRef(p1), 110 }, 111 }, 112 { 113 Ref: deriveBomRef(p1), 114 Dependencies: &[]string{ 115 deriveBomRef(p2), 116 deriveBomRef(p3), 117 }, 118 }, 119 { 120 Ref: deriveBomRef(p2), 121 Dependencies: &[]string{ 122 deriveBomRef(p4), 123 }, 124 }, 125 }, 126 }, 127 { 128 name: "package contains relationships not output", 129 sbom: sbom.SBOM{ 130 Artifacts: sbom.Artifacts{ 131 Packages: pkg.NewCollection(p1, p2, p3), 132 }, 133 Relationships: []artifact.Relationship{ 134 { 135 From: p2, 136 To: p1, 137 Type: artifact.ContainsRelationship, 138 }, 139 { 140 From: p3, 141 To: p1, 142 Type: artifact.ContainsRelationship, 143 }, 144 }, 145 }, 146 expected: nil, 147 }, 148 } 149 150 for _, test := range tests { 151 t.Run(test.name, func(t *testing.T) { 152 cdx := ToFormatModel(test.sbom) 153 got := cdx.Dependencies 154 require.Equal(t, test.expected, got) 155 }) 156 } 157 }