-
Shane Alvarez committed with GitHub 12 months ago1 parent b4ed5994
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
-
skipped 7 lines 8 8 9 9 "github.com/CycloneDX/cyclonedx-go" 10 10 "github.com/stretchr/testify/assert" 11 + 12 + "github.com/anchore/syft/syft/artifact" 13 + "github.com/anchore/syft/syft/sbom" 11 14 ) 12 15 13 16 func Test_decode(t *testing.T) { skipped 170 lines 184 187 ver: "1.2.3", 185 188 }, 186 189 { 187 - pkg: "package-1", 188 - ver: "1.0.1", 189 - cpe: "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", 190 - purl: "pkg:some/[email protected]?arch=arm64&upstream=upstream1&distro=alpine-1", 191 - relation: "package-2", 190 + pkg: "package-1", 191 + ver: "1.0.1", 192 + cpe: "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", 193 + purl: "pkg:some/[email protected]?arch=arm64&upstream=upstream1&distro=alpine-1", 192 194 }, 193 195 { 194 - pkg: "package-2", 195 - ver: "2.0.2", 196 - purl: "pkg:apk/alpine/[email protected]?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2", 196 + pkg: "package-2", 197 + ver: "2.0.2", 198 + purl: "pkg:apk/alpine/[email protected]?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2", 199 + relation: "package-1", 197 200 }, 198 201 }, 199 202 }, skipped 55 lines 255 258 } 256 259 }) 257 260 } 261 + } 262 + 263 + func Test_relationshipDirection(t *testing.T) { 264 + cyclonedx_bom := cyclonedx.BOM{Metadata: nil, 265 + Components: &[]cyclonedx.Component{ 266 + { 267 + BOMRef: "p1", 268 + Type: cyclonedx.ComponentTypeLibrary, 269 + Name: "package-1", 270 + Version: "1.0.1", 271 + PackageURL: "pkg:some/[email protected]?arch=arm64&upstream=upstream1&distro=alpine-1", 272 + }, 273 + { 274 + BOMRef: "p2", 275 + Type: cyclonedx.ComponentTypeLibrary, 276 + Name: "package-2", 277 + Version: "2.0.2", 278 + PackageURL: "pkg:some/[email protected]?arch=arm64&upstream=upstream1&distro=alpine-1", 279 + }, 280 + }, 281 + Dependencies: &[]cyclonedx.Dependency{ 282 + { 283 + Ref: "p1", 284 + Dependencies: &[]string{"p2"}, 285 + }, 286 + }} 287 + sbom, err := ToSyftModel(&cyclonedx_bom) 288 + assert.Nil(t, err) 289 + assert.Len(t, sbom.Relationships, 1) 290 + relationship := sbom.Relationships[0] 291 + 292 + // check that p2 -- dependency of --> p1 293 + // same as p1 -- depends on --> p2 294 + assert.Equal(t, artifact.DependencyOfRelationship, relationship.Type) 295 + assert.Equal(t, "package-2", packageNameFromIdentifier(sbom, relationship.From)) 296 + assert.Equal(t, "package-1", packageNameFromIdentifier(sbom, relationship.To)) 297 + } 298 + 299 + func packageNameFromIdentifier(model *sbom.SBOM, identifier artifact.Identifiable) string { 300 + return model.Artifacts.Packages.Package(identifier.ID()).Name 258 301 } 259 302 260 303 func Test_missingDataDecode(t *testing.T) { skipped 37 lines