-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tests for spdx "relationshipType": "PACKAGE_OF" #1186
base: main
Are you sure you want to change the base?
Conversation
Verify the relationship type shows up in `/api/v2/analysis/root-component` API calls. Part of issue trustification#1140 Signed-off-by: Hiram Chirino <[email protected]>
log::debug!("{response:#?}"); | ||
log::debug!("{}", serde_json::to_string_pretty(&response)?); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really wish serde's impl of :#?
used to_string_pretty
. I can remember the former, but never the latter. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
100%
); | ||
let request: Request = TestRequest::get().uri(&uri).to_request(); | ||
let response: Value = app.call_and_read_body_json(request).await; | ||
log::info!("{}", serde_json::to_string_pretty(&response)?); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use log::debug!
inside tests. Our default test output is noisy enough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
your right.. will fix.
m == &&json!({ | ||
"sbom_id": sbom["sbom_id"], | ||
"node_id": m["node_id"], | ||
"relationship": "PackageOf", | ||
"purl": m["purl"], // long list assume it's correct | ||
"cpe": m["cpe"], // long list assume it's correct | ||
"name": "rubygem-google-cloud-compute", | ||
"version": "0.5.0-1.el8sat" | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me, this is a brittle test. I'd want my expectation to be the minimum required to affirm the test. If some future change adds or takes away one of the fields that has nothing to do with this test, it's still gonna break. Is that good or annoying? I'd rather something like this, maybe even omitting name
and version
, too:
m == &&json!({ | |
"sbom_id": sbom["sbom_id"], | |
"node_id": m["node_id"], | |
"relationship": "PackageOf", | |
"purl": m["purl"], // long list assume it's correct | |
"cpe": m["cpe"], // long list assume it's correct | |
"name": "rubygem-google-cloud-compute", | |
"version": "0.5.0-1.el8sat" | |
}) | |
m["sbom_id"] == sbom["sbom_id"] | |
&& m["relationship"] == "PackageOf" | |
&& m["name"] == "rubygem-google-cloud-compute" | |
&& m["version"] == "0.5.0-1.el8sat" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kinda was thinking about similar lines. Is there an existing function that can test if an actual Value matches a partial set of fields of another expected Value? The assertion would become more concise and less brittle then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not that I know of. You can always downcast the Value
to an AncestorSummary
or DepSummary
, but I'm not sure m["name"]
is all that better or worse than m.name
.
Another option is to use Value::pointer
, but I haven't personally tried that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like where you're going, but you haven't gone far enough!!!
modules/analysis/src/test.rs
Outdated
// This function checks if the actual JSON object has all the fields of the expected JSON object. | ||
pub fn has_json_fields(actual: &Value, expected: &Value) -> bool { | ||
match (actual.as_object(), expected.as_object()) { | ||
(Some(actual), Some(expected)) => { | ||
for (key, value_a) in expected { | ||
if Some(value_a) != actual.get(key.as_str()) { | ||
return false; | ||
} | ||
} | ||
true | ||
} | ||
_ => false, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very cool idea! I want it to do more, though, so forgive me for challenging you. 😄
The function expects Value
's, but fails if they're not a specific type of Value
. Make it work for any kind of Value
. If it's an object, then use recursion to compare the key/value pairs. Probably want to rename the function to is_same
or subset
or contains
or some such.
You'll essentially have two branches:
pub fn is_subset(actual: &Value, expected: &Value) -> bool {
if expected.is_object() {
expected.iter().all(|(k, v)| is_subset(&actual[k], v))
} else {
expected == actual
}
}
And no, that won't actually compile due to Value
's overly-complicated API, but you can make it work!
And this will be useful all over, so let's stick it somewhere in test-context
maybe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even better...
pub trait Contains {
fn contains(&self, subset: Value) -> bool;
}
impl Contains for Value {
fn contains(&self, subset: Value) -> bool {
match (self.as_object(), subset.as_object()) {
(Some(src), Some(tgt)) => tgt
.iter()
.all(|(k, v)| src.get(k).is_some_and(|x| x.contains(v.clone()))),
_ => subset == *self,
}
}
}
Accepting a reference to self and taking ownership of subset
allows you to clean up your calling code a bit, e.g.
.filter(|m| {
m.contains(json!({
"relationship": "PackageOf",
"name": "rubygem-google-cloud-compute",
"version": "0.5.0-1.el8sat"
}))
})
Deciding to take a reference instead of ownership would be determined by whether we think most of our test subsets will be "one-off's". If we often re-use the same one, we might take a reference to avoid having to .clone()
the subset each time we pass it. But I tend to think it's more likely we'll call json!
every time we call .contains
so taking ownership seems reasonable.
Make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't help myself...
If you add a branch for Value::Array
types...
impl Contains for Value {
fn contains(&self, subset: Value) -> bool {
match (self, &subset) {
(Value::Object(src), Value::Object(tgt)) => tgt
.iter()
.all(|(k, v)| src.get(k).is_some_and(|x| x.contains(v.clone()))),
(Value::Array(src), Value::Array(tgt)) => tgt
.iter()
.all(|v| src.iter().any(|x| x.contains(v.clone()))),
_ => subset == *self,
}
}
}
You can assert things like this:
assert!(response.contains(json!({
"items": [
{
"deps": [
{
"relationship": "PackageOf",
"name": "SATELLITE-6.15-RHEL-8",
"version": "6.15",
}
]
}
]
})));
There's a tradeoff, though. Sometimes you might want arrays to match on the exact contents, e.g. you might want to assert that "purls": ["pkg:blah"]
has exactly one element in it, and removing that Value::Array
arm would do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great ideas.. my next commit will have a version of it.
Added a ContainsSubset trait which allows you to Test if a value has a subset of elements/fields And also deep version which does it recursively. Signed-off-by: Hiram Chirino <[email protected]>
modules/analysis/src/test.rs
Outdated
use trustify_test_context::{ | ||
call::{self, CallService}, | ||
TrustifyContext, | ||
}; | ||
|
||
// This function checks if the actual JSON object has all the fields of the expected JSON object. | ||
pub fn has_json_fields(actual: &Value, expected: &Value) -> bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcrossley3 is there a better file to place this in? Or a better way to implement it?
modules/analysis/src/test.rs
Outdated
// This function checks if the actual JSON object has all the fields of the expected JSON object. | ||
pub fn has_json_fields(actual: &Value, expected: &Value) -> bool { | ||
match (actual.as_object(), expected.as_object()) { | ||
(Some(actual), Some(expected)) => { | ||
for (key, value_a) in expected { | ||
if Some(value_a) != actual.get(key.as_str()) { | ||
return false; | ||
} | ||
} | ||
true | ||
} | ||
_ => false, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great ideas.. my next commit will have a version of it.
fn contains_subset(&self, value: Value) -> bool; | ||
// Returns true if the value a deep subset of the receiver. | ||
fn contains_deep_subset(&self, value: Value) -> bool; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcrossley3 did a shallow and a deep version so that the caller can choose how strict the field matching is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice! I might suggest putting the trait, impl and tests in another module, maybe test-context/src/subset.rs
? lib.rs
is getting kinda crowded, I think.
Verify the relationship type shows up in
/api/v2/analysis/root-component
API calls.Part of issue #1140