From a7311352e7c89d923f87c5782aea3b2f61cbd42b Mon Sep 17 00:00:00 2001 From: Octogonapus Date: Wed, 6 Dec 2023 17:01:44 -0500 Subject: [PATCH] Add integration test for Julia SBOMs --- integration/repo_test.go | 18 +++ .../fixtures/repo/julia/Manifest.toml | 16 +++ .../testdata/fixtures/repo/julia/Project.toml | 7 + .../testdata/julia-cyclonedx.json.golden | 126 ++++++++++++++++++ integration/testdata/julia-spdx.json.golden | 124 +++++++++++++++++ 5 files changed, 291 insertions(+) create mode 100644 integration/testdata/fixtures/repo/julia/Manifest.toml create mode 100644 integration/testdata/fixtures/repo/julia/Project.toml create mode 100644 integration/testdata/julia-cyclonedx.json.golden create mode 100644 integration/testdata/julia-spdx.json.golden diff --git a/integration/repo_test.go b/integration/repo_test.go index dbf9c9bcbdab..fbd25090572c 100644 --- a/integration/repo_test.go +++ b/integration/repo_test.go @@ -393,6 +393,24 @@ func TestRepository(t *testing.T) { report.ArtifactType = ftypes.ArtifactFilesystem }, }, + { + name: "julia generating SPDX SBOM", + args: args{ + command: "rootfs", + format: "spdx-json", + input: "testdata/fixtures/repo/julia", + }, + golden: "testdata/julia-spdx.json.golden", + }, + { + name: "julia generating CycloneDX SBOM", + args: args{ + command: "rootfs", + format: "spdx-json", + input: "testdata/fixtures/repo/julia", + }, + golden: "testdata/julia-cyclonedx.json.golden", + }, } // Set up testing DB diff --git a/integration/testdata/fixtures/repo/julia/Manifest.toml b/integration/testdata/fixtures/repo/julia/Manifest.toml new file mode 100644 index 000000000000..dd4ea00b943d --- /dev/null +++ b/integration/testdata/fixtures/repo/julia/Manifest.toml @@ -0,0 +1,16 @@ +# This file is machine-generated - editing it directly is not advised + +julia_version = "1.9.0" +manifest_format = "2.0" +project_hash = "f0a796fb78285c02ad123fec6e14c8bac09a2ccc" + +[[deps.A]] +uuid = "ead4f63c-334e-11e9-00e6-e7f0a5f21b60" + + [deps.A.deps] + B = "f41f7b98-334e-11e9-1257-49272045fb24" + +[[deps.B]] +uuid = "f41f7b98-334e-11e9-1257-49272045fb24" +[[deps.B]] +uuid = "edca9bc6-334e-11e9-3554-9595dbb4349c" diff --git a/integration/testdata/fixtures/repo/julia/Project.toml b/integration/testdata/fixtures/repo/julia/Project.toml new file mode 100644 index 000000000000..24fe6178c480 --- /dev/null +++ b/integration/testdata/fixtures/repo/julia/Project.toml @@ -0,0 +1,7 @@ +name = "packageName" +uuid = "1c653b0a-0b5a-4cff-b25a-92f0db012773" +version = "0.1.0" + +[deps] +A = "ead4f63c-334e-11e9-00e6-e7f0a5f21b60" +B = "edca9bc6-334e-11e9-3554-9595dbb4349c" diff --git a/integration/testdata/julia-cyclonedx.json.golden b/integration/testdata/julia-cyclonedx.json.golden new file mode 100644 index 000000000000..f8d18fb4c183 --- /dev/null +++ b/integration/testdata/julia-cyclonedx.json.golden @@ -0,0 +1,126 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", + "version": 1, + "metadata": { + "timestamp": "2021-08-25T12:20:30+00:00", + "tools": [ + { + "vendor": "aquasecurity", + "name": "trivy", + "version": "dev" + } + ], + "component": { + "bom-ref": "3bfd8c07-5407-4ee3-a51b-3725d6015de2", + "type": "application", + "name": "testdata/fixtures/repo/julia", + "properties": [ + { + "name": "aquasecurity:trivy:SchemaVersion", + "value": "2" + } + ] + } + }, + "components": [ + { + "bom-ref": "98bde055-d07d-4cb8-91a7-cf00399e7169", + "type": "application", + "name": "Manifest.toml", + "properties": [ + { + "name": "aquasecurity:trivy:Class", + "value": "lang-pkgs" + }, + { + "name": "aquasecurity:trivy:Type", + "value": "julia" + } + ] + }, + { + "bom-ref": "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60", + "type": "library", + "name": "A", + "version": "1.9.0", + "purl": "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60", + "properties": [ + { + "name": "aquasecurity:trivy:PkgID", + "value": "ead4f63c-334e-11e9-00e6-e7f0a5f21b60" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "julia" + } + ] + }, + { + "bom-ref": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c", + "type": "library", + "name": "B", + "version": "1.9.0", + "purl": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c", + "properties": [ + { + "name": "aquasecurity:trivy:PkgID", + "value": "edca9bc6-334e-11e9-3554-9595dbb4349c" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "julia" + } + ] + }, + { + "bom-ref": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24", + "type": "library", + "name": "B", + "version": "1.9.0", + "purl": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24", + "properties": [ + { + "name": "aquasecurity:trivy:PkgID", + "value": "f41f7b98-334e-11e9-1257-49272045fb24" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "julia" + } + ] + } + ], + "dependencies": [ + { + "ref": "3bfd8c07-5407-4ee3-a51b-3725d6015de2", + "dependsOn": [ + "98bde055-d07d-4cb8-91a7-cf00399e7169" + ] + }, + { + "ref": "98bde055-d07d-4cb8-91a7-cf00399e7169", + "dependsOn": [ + "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60", + "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c" + ] + }, + { + "ref": "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60", + "dependsOn": [ + "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24" + ] + }, + { + "ref": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c", + "dependsOn": [] + }, + { + "ref": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24", + "dependsOn": [] + } + ], + "vulnerabilities": [] +} diff --git a/integration/testdata/julia-spdx.json.golden b/integration/testdata/julia-spdx.json.golden new file mode 100644 index 000000000000..e9db26902b14 --- /dev/null +++ b/integration/testdata/julia-spdx.json.golden @@ -0,0 +1,124 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "testdata/fixtures/repo/julia", + "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/repo/julia-3ff14136-e09f-4df9-80ea-000000000001", + "creationInfo": { + "creators": [ + "Organization: aquasecurity", + "Tool: trivy-dev" + ], + "created": "2021-08-25T12:20:30Z" + }, + "packages": [ + { + "name": "A", + "SPDXID": "SPDXRef-Package-98c684976168b8a7", + "versionInfo": "1.9.0", + "supplier": "NOASSERTION", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "licenseConcluded": "NONE", + "licenseDeclared": "NONE", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60" + } + ], + "attributionTexts": [ + "PkgID: ead4f63c-334e-11e9-00e6-e7f0a5f21b60" + ], + "primaryPackagePurpose": "LIBRARY" + }, + { + "name": "B", + "SPDXID": "SPDXRef-Package-5227d958c1e56548", + "versionInfo": "1.9.0", + "supplier": "NOASSERTION", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "licenseConcluded": "NONE", + "licenseDeclared": "NONE", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24" + } + ], + "attributionTexts": [ + "PkgID: f41f7b98-334e-11e9-1257-49272045fb24" + ], + "primaryPackagePurpose": "LIBRARY" + }, + { + "name": "B", + "SPDXID": "SPDXRef-Package-c8743c7836aa8a43", + "versionInfo": "1.9.0", + "supplier": "NOASSERTION", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "licenseConcluded": "NONE", + "licenseDeclared": "NONE", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c" + } + ], + "attributionTexts": [ + "PkgID: edca9bc6-334e-11e9-3554-9595dbb4349c" + ], + "primaryPackagePurpose": "LIBRARY" + }, + { + "name": "testdata/fixtures/repo/julia", + "SPDXID": "SPDXRef-Filesystem-8c7a45edcd7a6cea", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "attributionTexts": [ + "SchemaVersion: 2" + ], + "primaryPackagePurpose": "SOURCE" + }, + { + "name": "julia", + "SPDXID": "SPDXRef-Application-7d3c9e4ebc4e0210", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "sourceInfo": "Manifest.toml", + "primaryPackagePurpose": "APPLICATION" + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Filesystem-8c7a45edcd7a6cea", + "relationshipType": "DESCRIBES" + }, + { + "spdxElementId": "SPDXRef-Filesystem-8c7a45edcd7a6cea", + "relatedSpdxElement": "SPDXRef-Application-7d3c9e4ebc4e0210", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", + "relatedSpdxElement": "SPDXRef-Package-98c684976168b8a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", + "relatedSpdxElement": "SPDXRef-Package-c8743c7836aa8a43", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", + "relatedSpdxElement": "SPDXRef-Package-5227d958c1e56548", + "relationshipType": "CONTAINS" + } + ] +}