Added Testing for the SPDX SBOM Reader (#1086)

- Added testing for the SPDX SBOM reader
google · Jul 2, 2024 · 556817b · 556817b
1 parent a3d9335
commit 556817b
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 0 deletions.
diff --git a/internal/sbom/fixtures/spdx-empty.json b/internal/sbom/fixtures/spdx-empty.json
@@ -0,0 +1,3 @@
+{
+    "spdxVersion": "SPDX-2.2"
+}
diff --git a/internal/sbom/fixtures/spdx.json b/internal/sbom/fixtures/spdx.json
@@ -0,0 +1,23 @@
+{
+    "spdxVersion": "SPDX-2.2",
+    "packages": [
+      {
+        "name": "HdrHistogram",
+        "externalRefs": [
+          {
+            "referenceType": "purl",
+            "referenceLocator": "pkg:maven/org.hdrhistogram/HdrHistogram@2.1.12"
+          }
+        ]
+      },
+      {
+        "name": "Apache Log4j Core",
+        "externalRefs": [
+          {
+            "referenceType": "purl",
+            "referenceLocator": "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0"
+          }
+        ]
+      }
+    ]
+}
diff --git a/internal/sbom/spdx_test.go b/internal/sbom/spdx_test.go
@@ -0,0 +1,60 @@
+package sbom_test
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/osv-scanner/internal/sbom"
+)
+
+func runSPDXGetPackages(t *testing.T, bomFile string, want []sbom.Identifier) {
+	t.Helper()
+
+	f, err := os.Open(filepath.Join("fixtures", bomFile))
+	if err != nil {
+		t.Fatalf("Failed to read fixture file: %v", err)
+	}
+	defer f.Close()
+
+	got := []sbom.Identifier{}
+	callback := func(id sbom.Identifier) error {
+		got = append(got, id)
+		return nil
+	}
+
+	spdx := &sbom.SPDX{}
+	err = spdx.GetPackages(f, callback)
+	if err != nil {
+		t.Errorf("GetPackages returned an error: %v", err)
+	}
+
+	if diff := cmp.Diff(want, got); diff != "" {
+		t.Errorf("GetPackages() returned an unexpected result (-want, +got):\n%s", diff)
+	}
+}
+
+func TestSPDXGetPackages(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		spdxFile    string
+		identifiers []sbom.Identifier
+	}{
+		{
+			spdxFile: "spdx.json",
+			identifiers: []sbom.Identifier{
+				{PURL: "pkg:maven/org.hdrhistogram/HdrHistogram@2.1.12"},
+				{PURL: "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0"},
+			},
+		},
+		{
+			spdxFile:    "spdx-empty.json",
+			identifiers: []sbom.Identifier{},
+		},
+	}
+
+	for _, tt := range tests {
+		runSPDXGetPackages(t, tt.spdxFile, tt.identifiers)
+	}
+}