test: add test for cyclonedx 1.6

trustification · Dec 10, 2024 · bd2eaf2 · bd2eaf2
1 parent 3c3870f
commit bd2eaf2
Show file tree

Hide file tree

Showing 2 changed files with 135 additions and 0 deletions.
diff --git a/etc/test-data/cyclonedx/simple_1dot6.json b/etc/test-data/cyclonedx/simple_1dot6.json
@@ -0,0 +1,92 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "metadata": {
+    "timestamp": "1970-01-01T13:30:00Z",
+    "component": {
+      "name": "simple",
+      "type": "application"
+    }
+  },
+  "components": [
+    {
+      "name": "A",
+      "version": "1",
+      "bom-ref": "a",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "B",
+      "version": "1",
+      "bom-ref": "b",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "AA",
+      "version": "1",
+      "bom-ref": "aa",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "BB",
+      "version": "1",
+      "bom-ref": "bb",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "CC",
+      "version": "1",
+      "bom-ref": "cc",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "DD",
+      "version": "1",
+      "bom-ref": "dd",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "EE",
+      "version": "1",
+      "bom-ref": "ee",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    },
+    {
+      "name": "FF",
+      "version": "1",
+      "bom-ref": "ff",
+      "purl": "pkg:rpm/redhat/[email protected]?arch=src",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "a",
+      "dependsOn": ["b"]
+    },
+    {
+      "ref": "aa",
+      "dependsOn": ["bb"]
+    },
+    {
+      "ref": "bb",
+      "dependsOn": ["cc"]
+    },
+    {
+      "ref": "bb",
+      "dependsOn": ["dd"]
+    },
+    {
+      "ref": "dd",
+      "dependsOn": ["ff"]
+    }
+  ]
+}
diff --git a/modules/fundamental/tests/sbom/cyclonedx/mod.rs b/modules/fundamental/tests/sbom/cyclonedx/mod.rs
@@ -84,6 +84,49 @@ async fn test_parse_cyclonedx(ctx: &TrustifyContext) -> Result<(), anyhow::Error
     .await
 }
 
+#[test_context(TrustifyContext)]
+#[test(tokio::test)]
+async fn parse_cyclonedx_1dot6(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
+    test_with_cyclonedx(
+        ctx,
+        "cyclonedx/simple_1dot6.json",
+        |WithContext { service, sbom, .. }| async move {
+            let described = service
+                .describes_packages(sbom.sbom.sbom_id, Default::default(), &ctx.db)
+                .await?;
+
+            assert_eq!(1, described.items.len());
+
+            let package = &described.items[0];
+
+            assert_eq!(package.name, "simple");
+            assert_eq!(package.version, None);
+            assert_eq!(0, package.purl.len());
+
+            assert!(package.cpe.is_empty());
+
+            let packages = service
+                .fetch_sbom_packages(
+                    sbom.sbom.sbom_id,
+                    Default::default(),
+                    Paginated {
+                        offset: 0,
+                        limit: 1,
+                    },
+                    &ctx.db,
+                )
+                .await?;
+
+            log::debug!("{:?}", packages);
+
+            assert_eq!(9, packages.total);
+
+            Ok(())
+        },
+    )
+    .await
+}
+
 #[instrument(skip(ctx, f))]
 pub async fn test_with_cyclonedx<F, Fut>(
     ctx: &TrustifyContext,