STRLCPY/syft

■ ■ ■ ■ ■ ■

go.mod

		skipped 48 lines
49	49		)
50	50
51	51		require (
52		-	github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce
	52	+	github.com/CycloneDX/cyclonedx-go v0.7.1
53	53		github.com/Masterminds/sprig/v3 v3.2.3
54	54		github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
55	55		github.com/anchore/stereoscope v0.0.0-20230412183729-8602f1afc574
		skipped 121 lines

■ ■ ■ ■ ■ ■

go.sum

		skipped 53 lines
54	54		github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
55	55		github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
56	56		github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
57		-	github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce h1:o5r3msApzvtE5LhcMkxWaKernD/PK0HpMccu7ywBj5Q=
58		-	github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce/go.mod h1:XURd0m8zvnLE5aIRqg6JOVRl7qZ/pWBtuFa9EHjQwFc=
	57	+	github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE=
	58	+	github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps=
59	59		github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
60	60		github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ=
61	61		github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
		skipped 1155 lines

■ ■ ■ ■ ■ ■

syft/formats/cyclonedxjson/encoder_test.go

		skipped 32 lines
33	33		}
34	34
35	35		func cycloneDxRedactor(s []byte) []byte {
36		-	serialPattern := regexp.MustCompile(`urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
37		-	rfc3339Pattern := regexp.MustCompile(`([0-9]+)-(0[1-9]\|1[012])-(0[1-9]\|[12][0-9]\|3[01])[Tt]([01][0-9]\|2[0-3]):([0-5][0-9]):([0-5][0-9]\|60)(\.[0-9]+)?(([Zz])\|([+\|\-]([01][0-9]\|2[0-3]):[0-5][0-9]))`)
38		-	sha256Pattern := regexp.MustCompile(`sha256:[A-Fa-f0-9]{64}`)
39		-	for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, sha256Pattern} {
40		-	s = pattern.ReplaceAll(s, []byte(""))
	36	+	replacements := map[string]string{
	37	+	// UUIDs
	38	+	`urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`: `urn:uuid:redacted`,
	39	+	// timestamps
	40	+	`([0-9]+)-(0[1-9]\|1[012])-(0[1-9]\|[12][0-9]\|3[01])[Tt]([01][0-9]\|2[0-3]):([0-5][0-9]):([0-5][0-9]\|60)(\.[0-9]+)?(([Zz])\|([+\|\-]([01][0-9]\|2[0-3]):[0-5][0-9]))`: `timestamp:redacted`,
	41	+	// image hashes
	42	+	`sha256:[A-Fa-f0-9]{64}`: `sha256:redacted`,
	43	+	// bom-refs
	44	+	`"bom-ref":\s*"[^"]+"`: `"bom-ref": "redacted"`,
41	45		}
42		-	// the bom-ref will be autogenerated every time, the value here should not be directly tested in snapshot tests
43		-	s = regexp.MustCompile(`\s+"bom-ref":\s*"[^"]+",?\n`).ReplaceAll(s, []byte(""))
44		-
	46	+	for pattern, replacement := range replacements {
	47	+	s = regexp.MustCompile(pattern).ReplaceAll(s, []byte(replacement))
	48	+	}
45	49		return s
46	50		}
47	51

■ ■ ■ ■ ■ ■

syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden

1	1		{
	2	+	"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
2	3		"bomFormat": "CycloneDX",
3	4		"specVersion": "1.4",
4		-	"serialNumber": "urn:uuid:0b628da1-274e-4c24-821c-f9452f37db54",
	5	+	"serialNumber": "urn:uuid:redacted",
5	6		"version": 1,
6	7		"metadata": {
7		-	"timestamp": "2022-12-22T18:33:51-05:00",
	8	+	"timestamp": "timestamp:redacted",
8	9		"tools": [
9	10		{
10	11		"vendor": "anchore",
		skipped 2 lines
13	14		}
14	15		],
15	16		"component": {
16		-	"bom-ref": "163686ac6e30c752",
	17	+	"bom-ref": "redacted",
17	18		"type": "file",
18	19		"name": "/some/path"
19	20		}
20	21		},
21	22		"components": [
22	23		{
23		-	"bom-ref": "1b1d0be59ac59d2c",
	24	+	"bom-ref": "redacted",
24	25		"type": "library",
25	26		"name": "package-1",
26	27		"version": "1.0.1",
		skipped 30 lines
57	58		]
58	59		},
59	60		{
60		-	"bom-ref": "pkg:deb/debian/[email protected]?package-id=db4abfe497c180d3",
	61	+	"bom-ref": "redacted",
61	62		"type": "library",
62	63		"name": "package-2",
63	64		"version": "2.0.1",
		skipped 57 lines

■ ■ ■ ■ ■ ■

syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden

1	1		{
	2	+	"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
2	3		"bomFormat": "CycloneDX",
3	4		"specVersion": "1.4",
4		-	"serialNumber": "urn:uuid:542fc1a1-81ac-4b76-b9e2-8e6b9d8c840a",
	5	+	"serialNumber": "urn:uuid:redacted",
5	6		"version": 1,
6	7		"metadata": {
7		-	"timestamp": "2022-12-22T18:33:51-05:00",
	8	+	"timestamp": "timestamp:redacted",
8	9		"tools": [
9	10		{
10	11		"vendor": "anchore",
		skipped 2 lines
13	14		}
14	15		],
15	16		"component": {
16		-	"bom-ref": "ffd645a093c0fe70",
	17	+	"bom-ref": "redacted",
17	18		"type": "container",
18	19		"name": "user-image-input",
19		-	"version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
	20	+	"version": "sha256:redacted"
20	21		}
21	22		},
22	23		"components": [
23	24		{
24		-	"bom-ref": "66ba429119b8bec6",
	25	+	"bom-ref": "redacted",
25	26		"type": "library",
26	27		"name": "package-1",
27	28		"version": "1.0.1",
		skipped 25 lines
53	54		},
54	55		{
55	56		"name": "syft:location:0:layerID",
56		-	"value": "sha256:62058900d4ce269c900160b8dd255fe310c3a459dda236d041102fa070f84406"
	57	+	"value": "sha256:redacted"
57	58		},
58	59		{
59	60		"name": "syft:location:0:path",
		skipped 2 lines
62	63		]
63	64		},
64	65		{
65		-	"bom-ref": "pkg:deb/debian/[email protected]?package-id=958443e2d9304af4",
	66	+	"bom-ref": "redacted",
66	67		"type": "library",
67	68		"name": "package-2",
68	69		"version": "2.0.1",
		skipped 14 lines
83	84		},
84	85		{
85	86		"name": "syft:location:0:layerID",
86		-	"value": "sha256:623ad97366f39ae279f1925673cdacb4851ddf2e3266f04e63010ec080a098c1"
	87	+	"value": "sha256:redacted"
87	88		},
88	89		{
89	90		"name": "syft:location:0:path",
		skipped 40 lines

■ ■ ■ ■ ■ ■

syft/formats/internal/testutils/utils.go

		skipped 46 lines
47	47
48	48		err := format.Encode(&buffer, sbom)
49	49		assert.NoError(t, err)
50		-	actual := buffer.Bytes()
	50	+	actual := redact(buffer.Bytes(), redactors...)
51	51
52	52		// replace the expected snapshot contents with the current encoder contents
53	53		if updateSnapshot {
54	54		testutils.UpdateGoldenFileContents(t, actual)
55	55		}
56	56
57		-	var expected = testutils.GetGoldenFileContents(t)
58		-
59		-	// remove dynamic values, which should be tested independently
60		-	redactors = append(redactors, carriageRedactor)
61		-	for _, r := range redactors {
62		-	actual = r(actual)
63		-	expected = r(expected)
64		-	}
	57	+	expected := redact(testutils.GetGoldenFileContents(t), redactors...)
65	58
66	59		if json {
67	60		require.JSONEq(t, string(expected), string(actual))
		skipped 10 lines
78	71
79	72		err := format.Encode(&buffer, sbom)
80	73		assert.NoError(t, err)
81		-	actual := buffer.Bytes()
	74	+	actual := redact(buffer.Bytes(), redactors...)
82	75
83	76		// replace the expected snapshot contents with the current encoder contents
84	77		if updateSnapshot {
85	78		testutils.UpdateGoldenFileContents(t, actual)
86	79		}
87	80
88		-	var expected = testutils.GetGoldenFileContents(t)
89		-
90		-	// remove dynamic values, which should be tested independently
91		-	redactors = append(redactors, carriageRedactor)
92		-	for _, r := range redactors {
93		-	actual = r(actual)
94		-	expected = r(expected)
95		-	}
	81	+	expected := redact(testutils.GetGoldenFileContents(t), redactors...)
96	82
97	83		if json {
98	84		require.JSONEq(t, string(expected), string(actual))
		skipped 292 lines
391	377		}
392	378		}
393	379
	380	+	// remove dynamic values, which should be tested independently
	381	+	func redact(b []byte, redactors ...redactor) []byte {
	382	+	redactors = append(redactors, carriageRedactor)
	383	+	for _, r := range redactors {
	384	+	b = r(b)
	385	+	}
	386	+	return b
	387	+	}
	388	+

chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706)