From 66623fb63e89c609e7cdfc459b7553833cfcf8f1 Mon Sep 17 00:00:00 2001 From: Thomas Schafer Date: Fri, 7 Feb 2025 13:19:25 +0000 Subject: [PATCH] style: simplify testing abstraction and pass in raw json string --- lib/ecosystems/enrich_spdx_test.go | 189 +++++++++++++++++------------ 1 file changed, 111 insertions(+), 78 deletions(-) diff --git a/lib/ecosystems/enrich_spdx_test.go b/lib/ecosystems/enrich_spdx_test.go index 815ec72..1e1cc76 100644 --- a/lib/ecosystems/enrich_spdx_test.go +++ b/lib/ecosystems/enrich_spdx_test.go @@ -18,6 +18,7 @@ package ecosystems import ( "bytes" + "encoding/json" "net/http" "testing" @@ -31,20 +32,51 @@ import ( "github.com/snyk/parlay/lib/sbom" ) -func testEnrichSBOM(t *testing.T, ecosysteMsPackageResponse map[string]interface{}, ecosysteMsRegistryResponse map[string]interface{}, assertions func(bom *v2_3.Document)) { +func parseJson(jsonStr string) map[string]any { + var result map[string]interface{} + + err := json.Unmarshal([]byte(jsonStr), &result) + if err != nil { + panic(err) + } + return result +} + +func setupHttpmock(packageVersionsResponse, packageResponse *string) { httpmock.Activate() - defer httpmock.DeactivateAndReset() - httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries/.*/packages/.*/versions`, - func(r *http.Request) (*http.Response, error) { - return httpmock.NewJsonResponse(200, ecosysteMsPackageResponse) - }, - ) - httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries`, - func(req *http.Request) (*http.Response, error) { - return httpmock.NewJsonResponse(200, ecosysteMsRegistryResponse) - }, - ) + if packageVersionsResponse != nil { + httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries/.*/packages/.*/versions`, + func(r *http.Request) (*http.Response, error) { + return httpmock.NewJsonResponse(200, parseJson(*packageVersionsResponse)) + }, + ) + } + + if packageResponse != nil { + httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries`, + func(req *http.Request) (*http.Response, error) { + return httpmock.NewJsonResponse(200, parseJson(*packageResponse)) + }) + } +} + +func TestEnrichSBOM_SPDX(t *testing.T) { + packageVersionResponse := `{ + "licenses": "MIT" + }` + packageResponse := `{ + "description": "description", + "normalized_licenses": ["BSD-3-Clause"], + "homepage": "https://github.com/spdx/tools-golang", + "repo_metadata": { + "owner_record": { + "name": "Acme Corp" + } + } + }` + setupHttpmock(&packageVersionResponse, &packageResponse) + defer httpmock.DeactivateAndReset() doc, err := sbom.DecodeSBOMDocument([]byte(`{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT"}`)) require.NoError(t, err) @@ -72,7 +104,11 @@ func testEnrichSBOM(t *testing.T, ecosysteMsPackageResponse map[string]interface pkgs := bom.Packages - assertions(bom) + assert.Equal(t, "description", pkgs[0].PackageDescription) + assert.Equal(t, "MIT", pkgs[0].PackageLicenseConcluded) + assert.Equal(t, "https://github.com/spdx/tools-golang", pkgs[0].PackageHomePage) + assert.Equal(t, "Organization", pkgs[0].PackageSupplier.SupplierType) + assert.Equal(t, "Acme Corp", pkgs[0].PackageSupplier.Supplier) httpmock.GetTotalCallCount() calls := httpmock.GetCallCountInfo() @@ -82,80 +118,77 @@ func testEnrichSBOM(t *testing.T, ecosysteMsPackageResponse map[string]interface require.NoError(t, doc.Encode(buf)) } -func TestEnrichSBOM_SPDX(t *testing.T) { - testEnrichSBOM( - t, - map[string]interface{}{ - "licenses": "MIT", - }, - map[string]interface{}{ - "description": "description", - "normalized_licenses": []string{"BSD-3-Clause"}, - "homepage": "https://github.com/spdx/tools-golang", - "repo_metadata": map[string]interface{}{ - "owner_record": map[string]interface{}{ - "name": "Acme Corp", - }, - }, - }, - func(bom *v2_3.Document) { - pkgs := bom.Packages - assert.Equal(t, "description", pkgs[0].PackageDescription) - assert.Equal(t, "MIT", pkgs[0].PackageLicenseConcluded) - assert.Equal(t, "https://github.com/spdx/tools-golang", pkgs[0].PackageHomePage) - assert.Equal(t, "Organization", pkgs[0].PackageSupplier.SupplierType) - assert.Equal(t, "Acme Corp", pkgs[0].PackageSupplier.Supplier) - }, - ) -} - func TestEnrichSBOM_MissingVersionedLicense(t *testing.T) { - testEnrichSBOM( - t, - map[string]interface{}{ - "licenses": "", - }, - map[string]interface{}{ - "description": "description", - "normalized_licenses": []string{"BSD-3-Clause", "Apache-2.0"}, - "homepage": "https://github.com/spdx/tools-golang", - "repo_metadata": map[string]interface{}{ - "owner_record": map[string]interface{}{ - "name": "Acme Corp", + packageVersionResponse := `{ + "licenses": "" + }` + packageResponse := `{ + "description": "description", + "normalized_licenses": ["BSD-3-Clause", "Apache-2.0"], + "homepage": "https://github.com/spdx/tools-golang", + "repo_metadata": { + "owner_record": { + "name": "Acme Corp" + } + } + }` + setupHttpmock(&packageVersionResponse, &packageResponse) + defer httpmock.DeactivateAndReset() + + doc, err := sbom.DecodeSBOMDocument([]byte(`{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT"}`)) + require.NoError(t, err) + + bom, ok := doc.BOM.(*v2_3.Document) + require.True(t, ok) + + bom.Packages = []*v2_3.Package{ + { + PackageSPDXIdentifier: "pkg:golang/github.com/spdx/tools-golang@v0.5.2", + PackageName: "github.com/spdx/tools-golang", + PackageVersion: "v0.5.2", + PackageExternalReferences: []*v2_3.PackageExternalReference{ + { + Category: common.CategoryPackageManager, + RefType: "purl", + Locator: "pkg:golang/github.com/spdx/tools-golang@v0.5.2", }, }, }, - func(bom *v2_3.Document) { - pkgs := bom.Packages - assert.Equal(t, "description", pkgs[0].PackageDescription) - assert.Equal(t, "BSD-3-Clause,Apache-2.0", pkgs[0].PackageLicenseConcluded) - assert.Equal(t, "https://github.com/spdx/tools-golang", pkgs[0].PackageHomePage) - assert.Equal(t, "Organization", pkgs[0].PackageSupplier.SupplierType) - assert.Equal(t, "Acme Corp", pkgs[0].PackageSupplier.Supplier) - }, - ) + } + logger := zerolog.Nop() + + EnrichSBOM(doc, &logger) + + pkgs := bom.Packages + + assert.Equal(t, "description", pkgs[0].PackageDescription) + assert.Equal(t, "BSD-3-Clause,Apache-2.0", pkgs[0].PackageLicenseConcluded) + assert.Equal(t, "https://github.com/spdx/tools-golang", pkgs[0].PackageHomePage) + assert.Equal(t, "Organization", pkgs[0].PackageSupplier.SupplierType) + assert.Equal(t, "Acme Corp", pkgs[0].PackageSupplier.Supplier) + + httpmock.GetTotalCallCount() + calls := httpmock.GetCallCountInfo() + assert.Equal(t, len(pkgs), calls[`GET =~^https://packages.ecosyste.ms/api/v1/registries`]) + + buf := bytes.NewBuffer(nil) + require.NoError(t, doc.Encode(buf)) } func TestEnrichSBOM_SPDX_NoSupplierName(t *testing.T) { - httpmock.Activate() + packageResponse := `{ + "description": "description", + "normalized_licenses": ["BSD-3-Clause"], + "homepage": "https://github.com/spdx/tools-golang", + "repo_metadata": { + "owner_record": { + "name": "" + } + } + }` + setupHttpmock(nil, &packageResponse) defer httpmock.DeactivateAndReset() - httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries`, - func(req *http.Request) (*http.Response, error) { - return httpmock.NewJsonResponse(200, map[string]interface{}{ - "description": "description", - "normalized_licenses": []string{ - "BSD-3-Clause", - }, - "homepage": "https://github.com/spdx/tools-golang", - "repo_metadata": map[string]interface{}{ - "owner_record": map[string]interface{}{ - "name": "", - }, - }, - }) - }) - doc, err := sbom.DecodeSBOMDocument([]byte(`{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT"}`)) require.NoError(t, err)