def test_process_pip(default_request, default_toplevel_purl):
pkg = Package.from_json({
"name": "requests",
"type": "pip",
"version": "2.24.0"
})
pkg.id = 1
expected_purl = default_toplevel_purl
dep_commit_id = "58c88e4952e95935c0dd72d4a24b0c44f2249f5b"
dep = Package.from_json({
"name":
"cnr-server",
"type":
"pip",
"version":
f"git+https://github.com/quay/appr@{dep_commit_id}",
})
dep.id = 2
expected_dep_purl = f"pkg:github/quay/appr@{dep_commit_id}"
src = Package.from_json({
"name": "setuptools",
"type": "pip",
"version": "49.1.1"
})
src.id = 3
src.dev = True
expected_src_purl = "pkg:pypi/[email protected]"
cm = ContentManifest(default_request)
# emulate to_json behavior to setup internal packages cache
cm._pip_data.setdefault(pkg.id, {
"purl": expected_purl,
"dependencies": [],
"sources": []
})
cm.process_pip_package(pkg, dep)
cm.process_pip_package(pkg, src)
expected_contents = {
pkg.id: {
"purl": expected_purl,
"dependencies": [{
"purl": expected_dep_purl
}],
"sources": [{
"purl": expected_dep_purl
}, {
"purl": expected_src_purl
}],
}
}
assert cm._pip_data
assert pkg.id in cm._pip_data
assert cm._pip_data == expected_contents
def test_process_npm(default_request, default_toplevel_purl):
pkg = Package.from_json({
"name": "grc-ui",
"type": "npm",
"version": "1.0.0"
})
pkg.id = 1
expected_purl = default_toplevel_purl
dep_commit_id = "7762177aacfb1ddf5ca45cebfe8de1da3b24f0ff"
dep = Package.from_json({
"name":
"security-middleware",
"type":
"npm",
"version":
f"github:open-cluster-management/security-middleware#{dep_commit_id}",
})
dep.id = 2
expected_dep_purl = f"pkg:github/open-cluster-management/security-middleware@{dep_commit_id}"
src = Package.from_json({
"name": "@types/events",
"type": "npm",
"version": "3.0.0"
})
src.id = 3
src.dev = True
expected_src_purl = "pkg:npm/%40types/[email protected]"
cm = ContentManifest(default_request)
# emulate to_json behavior to setup internal packages cache
cm._npm_data.setdefault(pkg.id, {
"purl": expected_purl,
"dependencies": [],
"sources": []
})
cm.process_npm_package(pkg, dep)
cm.process_npm_package(pkg, src)
expected_contents = {
pkg.id: {
"purl": expected_purl,
"dependencies": [{
"purl": expected_dep_purl
}],
"sources": [{
"purl": expected_dep_purl
}, {
"purl": expected_src_purl
}],
}
}
assert cm._npm_data
assert pkg.id in cm._npm_data
assert cm._npm_data == expected_contents
def test_process_go(default_request):
pkg = Package.from_json({
"name": "example.com/org/project",
"type": "go-package",
"version": "1.1.1"
})
pkg.id = 1
expected_purl = "pkg:golang/example.com%2Forg%[email protected]"
dep = Package.from_json({
"name": "example.com/org/project/lib",
"type": "go-package",
"version": "2.2.2"
})
dep.id = 2
expected_dep_purl = "pkg:golang/example.com%2Forg%2Fproject%[email protected]"
src = Package.from_json({
"name": "example.com/anotherorg/project",
"type": "gomod",
"version": "3.3.3"
})
src.id = 3
expected_src_purl = "pkg:golang/example.com%2Fanotherorg%[email protected]"
cm = ContentManifest(default_request)
# emulate to_json behavior to setup internal packages cache
cm._gomod_data.setdefault(pkg.name, {
"purl": "not-important",
"dependencies": []
})
cm._gopkg_data.setdefault(pkg.id, {
"name": pkg.name,
"purl": expected_purl,
"dependencies": [],
"sources": []
})
cm.process_go_package(pkg, dep)
cm.process_gomod(pkg, src)
cm.set_go_package_sources()
expected_contents = {
pkg.id: {
"purl": expected_purl,
"dependencies": [{
"purl": expected_dep_purl
}],
"sources": [{
"purl": expected_src_purl
}],
}
}
assert cm._gopkg_data
assert pkg.id in cm._gopkg_data
assert cm._gopkg_data == expected_contents
def test_to_json(mock_top_level_purl, app, package, subpath):
request = Request()
cm = ContentManifest(request)
image_contents = []
if package:
pkg = Package.from_json(package)
request_package = RequestPackage(package=pkg, subpath=subpath)
request.request_packages.append(request_package)
content = {
"purl": mock_top_level_purl.return_value,
"dependencies": [],
"sources": [],
}
image_contents.append(content)
expected = {
"metadata": {
"icm_version": 1,
"icm_spec": ContentManifest.json_schema_url,
"image_layer_index": -1,
},
"image_contents": image_contents,
}
assert cm.to_json() == expected
if package:
mock_top_level_purl.assert_called_once_with(request, subpath=subpath)
def test_purl_conversion_bogus_forge():
package = {"name": "odd", "type": "npm", "version": "github:something/odd"}
pkg = Package.from_json(package)
msg = f"Could not convert version {pkg.version} to purl"
with pytest.raises(ContentManifestError, match=msg):
pkg.to_purl()
def test_purl_conversion(package, expected_purl, defined, known_protocol):
pkg = Package.from_json(package)
if defined and known_protocol:
purl = pkg.to_purl()
assert purl == expected_purl
else:
msg = f"The PURL spec is not defined for {pkg.type} packages"
if defined:
msg = f"Unknown protocol in {pkg.type} package version: {pkg.version}"
with pytest.raises(ContentManifestError, match=msg):
pkg.to_purl()
def test_to_json_with_multiple_packages(mock_generate_icm, app, packages):
request = Request()
cm = ContentManifest(request)
image_contents = []
for package in packages:
pkg = Package.from_json(package)
request_package = RequestPackage(package=pkg)
request.request_packages.append(request_package)
content = {"purl": pkg.to_purl(), "dependencies": [], "sources": []}
image_contents.append(content)
res = cm.to_json()
mock_generate_icm.assert_called_once_with(image_contents)
assert res == mock_generate_icm.return_value
def test_process_gomod_replace_parent_purl(default_request):
module = Package.from_json({
"name": "example.com/org/project",
"type": "gomod",
"version": "1.1.1"
})
module.id = 1
expected_module_purl = "pkg:golang/example.com%2Forg%[email protected]"
module_dep = Package.from_json({
"name":
"example.com/anotherorg/project",
"type":
"gomod",
"version":
"./staging/src/anotherorg/project",
})
module_dep.id = 2
expected_dependency_purl = f"{expected_module_purl}#staging/src/anotherorg/project"
cm = ContentManifest(default_request)
# emulate to_json behavior to setup internal packages cache
cm._gomod_data.setdefault(module.name, {
"purl": expected_module_purl,
"dependencies": []
})
cm.process_gomod(module, module_dep)
assert cm._gomod_data == {
module.name: {
"purl": expected_module_purl,
"dependencies": [{
"purl": expected_dependency_purl
}],
},
}
def test_to_json_properly_sets_internal_data(mock_set_go_sources,
mock_top_level_purl, app, package,
internal_attr, internal_data):
# Half the unit tests "emulate to_json() behaviour" so we should probably test that behaviour
request = Request()
pkg = Package.from_json(package)
pkg.id = 1
request_package = RequestPackage(package=pkg)
request.request_packages.append(request_package)
mock_top_level_purl.return_value = "mock-package-purl"
cm = ContentManifest(request)
cm.to_json()
# Here we are only interested in the setup part of to_json()
# (sidenote: we really need to refactor to_json())
assert getattr(cm, internal_attr) == internal_data