github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/formats/internal/testutils/image_input.go (about) 1 package testutils 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 8 "github.com/anchore/stereoscope/pkg/filetree" 9 "github.com/anchore/stereoscope/pkg/image" 10 "github.com/anchore/stereoscope/pkg/imagetest" 11 "github.com/anchore/syft/syft/cpe" 12 "github.com/anchore/syft/syft/file" 13 "github.com/anchore/syft/syft/linux" 14 "github.com/anchore/syft/syft/pkg" 15 "github.com/anchore/syft/syft/sbom" 16 "github.com/anchore/syft/syft/source" 17 ) 18 19 func ImageInput(t testing.TB, testImage string, options ...ImageOption) sbom.SBOM { 20 t.Helper() 21 catalog := pkg.NewCollection() 22 var cfg imageCfg 23 var img *image.Image 24 for _, opt := range options { 25 opt(&cfg) 26 } 27 28 switch cfg.fromSnapshot { 29 case true: 30 img = imagetest.GetGoldenFixtureImage(t, testImage) 31 default: 32 img = imagetest.GetFixtureImage(t, "docker-archive", testImage) 33 } 34 35 populateImageCatalog(catalog, img) 36 37 // this is a hard coded value that is not given by the fixture helper and must be provided manually 38 img.Metadata.ManifestDigest = "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368" 39 40 src, err := source.NewFromStereoscopeImageObject(img, "user-image-input", nil) 41 assert.NoError(t, err) 42 43 return sbom.SBOM{ 44 Artifacts: sbom.Artifacts{ 45 Packages: catalog, 46 LinuxDistribution: &linux.Release{ 47 PrettyName: "debian", 48 Name: "debian", 49 ID: "debian", 50 IDLike: []string{"like!"}, 51 Version: "1.2.3", 52 VersionID: "1.2.3", 53 }, 54 }, 55 Source: src.Describe(), 56 Descriptor: sbom.Descriptor{ 57 Name: "syft", 58 Version: "v0.42.0-bogus", 59 // the application configuration should be persisted here, however, we do not want to import 60 // the application configuration in this package (it's reserved only for ingestion by the cmd package) 61 Configuration: map[string]string{ 62 "config-key": "config-value", 63 }, 64 }, 65 } 66 } 67 68 func populateImageCatalog(catalog *pkg.Collection, img *image.Image) { 69 _, ref1, _ := img.SquashedTree().File("/somefile-1.txt", filetree.FollowBasenameLinks) 70 _, ref2, _ := img.SquashedTree().File("/somefile-2.txt", filetree.FollowBasenameLinks) 71 72 // populate catalog with test data 73 catalog.Add(pkg.Package{ 74 Name: "package-1", 75 Version: "1.0.1", 76 Locations: file.NewLocationSet( 77 file.NewLocationFromImage(string(ref1.RealPath), *ref1.Reference, img), 78 ), 79 Type: pkg.PythonPkg, 80 FoundBy: "the-cataloger-1", 81 Language: pkg.Python, 82 MetadataType: pkg.PythonPackageMetadataType, 83 Licenses: pkg.NewLicenseSet( 84 pkg.NewLicense("MIT"), 85 ), 86 Metadata: pkg.PythonPackageMetadata{ 87 Name: "package-1", 88 Version: "1.0.1", 89 }, 90 PURL: "a-purl-1", // intentionally a bad pURL for test fixtures 91 CPEs: []cpe.CPE{ 92 cpe.Must("cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"), 93 }, 94 }) 95 catalog.Add(pkg.Package{ 96 Name: "package-2", 97 Version: "2.0.1", 98 Locations: file.NewLocationSet( 99 file.NewLocationFromImage(string(ref2.RealPath), *ref2.Reference, img), 100 ), 101 Type: pkg.DebPkg, 102 FoundBy: "the-cataloger-2", 103 MetadataType: pkg.DpkgMetadataType, 104 Metadata: pkg.DpkgMetadata{ 105 Package: "package-2", 106 Version: "2.0.1", 107 }, 108 PURL: "pkg:deb/debian/package-2@2.0.1", 109 CPEs: []cpe.CPE{ 110 cpe.Must("cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"), 111 }, 112 }) 113 }