diff --git a/etc/test-data/cyclonedx/simple_1dot6.json b/etc/test-data/cyclonedx/simple_1dot6.json new file mode 100644 index 000000000..ab484a0d3 --- /dev/null +++ b/etc/test-data/cyclonedx/simple_1dot6.json @@ -0,0 +1,92 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "timestamp": "1970-01-01T13:30:00Z", + "component": { + "name": "simple", + "type": "application" + } + }, + "components": [ + { + "name": "A", + "version": "1", + "bom-ref": "a", + "purl": "pkg:rpm/redhat/A@0.0.0?arch=src", + "type": "library" + }, + { + "name": "B", + "version": "1", + "bom-ref": "b", + "purl": "pkg:rpm/redhat/B@0.0.0?arch=src", + "type": "library" + }, + { + "name": "AA", + "version": "1", + "bom-ref": "aa", + "purl": "pkg:rpm/redhat/AA@0.0.0?arch=src", + "type": "library" + }, + { + "name": "BB", + "version": "1", + "bom-ref": "bb", + "purl": "pkg:rpm/redhat/BB@0.0.0?arch=src", + "type": "library" + }, + { + "name": "CC", + "version": "1", + "bom-ref": "cc", + "purl": "pkg:rpm/redhat/CC@0.0.0?arch=src", + "type": "library" + }, + { + "name": "DD", + "version": "1", + "bom-ref": "dd", + "purl": "pkg:rpm/redhat/DD@0.0.0?arch=src", + "type": "library" + }, + { + "name": "EE", + "version": "1", + "bom-ref": "ee", + "purl": "pkg:rpm/redhat/EE@0.0.0?arch=src", + "type": "library" + }, + { + "name": "FF", + "version": "1", + "bom-ref": "ff", + "purl": "pkg:rpm/redhat/FF@0.0.0?arch=src", + "type": "library" + } + ], + "dependencies": [ + { + "ref": "a", + "dependsOn": ["b"] + }, + { + "ref": "aa", + "dependsOn": ["bb"] + }, + { + "ref": "bb", + "dependsOn": ["cc"] + }, + { + "ref": "bb", + "dependsOn": ["dd"] + }, + { + "ref": "dd", + "dependsOn": ["ff"] + } + ] +} diff --git a/modules/fundamental/tests/sbom/cyclonedx/mod.rs b/modules/fundamental/tests/sbom/cyclonedx/mod.rs index 48bb47df4..2dd9bdf05 100644 --- a/modules/fundamental/tests/sbom/cyclonedx/mod.rs +++ b/modules/fundamental/tests/sbom/cyclonedx/mod.rs @@ -84,6 +84,49 @@ async fn test_parse_cyclonedx(ctx: &TrustifyContext) -> Result<(), anyhow::Error .await } +#[test_context(TrustifyContext)] +#[test(tokio::test)] +async fn parse_cyclonedx_1dot6(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { + test_with_cyclonedx( + ctx, + "cyclonedx/simple_1dot6.json", + |WithContext { service, sbom, .. }| async move { + let described = service + .describes_packages(sbom.sbom.sbom_id, Default::default(), &ctx.db) + .await?; + + assert_eq!(1, described.items.len()); + + let package = &described.items[0]; + + assert_eq!(package.name, "simple"); + assert_eq!(package.version, None); + assert_eq!(0, package.purl.len()); + + assert!(package.cpe.is_empty()); + + let packages = service + .fetch_sbom_packages( + sbom.sbom.sbom_id, + Default::default(), + Paginated { + offset: 0, + limit: 1, + }, + &ctx.db, + ) + .await?; + + log::debug!("{:?}", packages); + + assert_eq!(9, packages.total); + + Ok(()) + }, + ) + .await +} + #[instrument(skip(ctx, f))] pub async fn test_with_cyclonedx( ctx: &TrustifyContext,