Add unit test for SBOM and Provenance scanning

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2025-07-10 05:27:07 +08:00 · 2024-03-01 15:13:08 -05:00
parent 6c485a98be
commit 1d0b542b1b
4 changed files with 339 additions and 6 deletions
--- a/util/imagetools/loader_test.go
+++ b/util/imagetools/loader_test.go
@ -1,19 +1,96 @@
 package imagetools

 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"testing"

+	"github.com/opencontainers/go-digest"
+
 	"github.com/stretchr/testify/assert"
 )

-func Test_scanSBOM(t *testing.T) {
+func TestSBOM(t *testing.T) {
+	tests := []struct {
+		name        string
+		contentType attestationType
+	}{
+		{
+			name:        "Plain SPDX",
+			contentType: plainSpdx,
+		},
+		{
+			name:        "SPDX in DSSE envelope",
+			contentType: dsseEmbeded,
+		},
+		{
+			name:        "Plain SPDX and SPDX in DSSE envelope",
+			contentType: plainSpdxAndDSSEEmbed,
+		},
+	}

+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			loader := newLoader(getMockResolver())
+			ctx := context.Background()
+			fetcher, _ := loader.resolver.Fetcher(ctx, "")
+
+			r := getImageWithAttestation(test.contentType)
+			r.refs["sha256:linux/amd64"] = []digest.Digest{
+				"sha256:linux/amd64-attestation",
+			}
+			a := asset{}
+			loader.scanSBOM(ctx, fetcher, r, r.refs["sha256:linux/amd64"], &a)
+			r.assets["linux/amd64"] = a
+			actual, err := r.SBOM()
+
+			assert.NoError(t, err)
+			assert.Equal(t, 1, len(actual))
+		})
+	}
 }

-func Test_scanProvenance(t *testing.T) {
+func TestProvenance(t *testing.T) {
+	tests := []struct {
+		name        string
+		contentType attestationType
+	}{
+		{
+			name:        "Plain SPDX",
+			contentType: plainSpdx,
+		},
+		{
+			name:        "SPDX in DSSE envelope",
+			contentType: dsseEmbeded,
+		},
+		{
+			name:        "Plain SPDX and SPDX in DSSE envelope",
+			contentType: plainSpdxAndDSSEEmbed,
+		},
+	}

+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			loader := newLoader(getMockResolver())
+			ctx := context.Background()
+			fetcher, _ := loader.resolver.Fetcher(ctx, "")
+
+			r := getImageWithAttestation(test.contentType)
+
+			r.refs["sha256:linux/amd64"] = []digest.Digest{
+				"sha256:linux/amd64-attestation",
+			}
+
+			a := asset{}
+			loader.scanProvenance(ctx, fetcher, r, r.refs["sha256:linux/amd64"], &a)
+			r.assets["linux/amd64"] = a
+			actual, err := r.Provenance()
+
+			assert.NoError(t, err)
+			assert.Equal(t, 1, len(actual))
+		})
+	}
 }

 func Test_isInTotoDSSE(t *testing.T) {
@ -55,9 +132,9 @@ func Test_decodeDSSE(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "hello world", string(actual))

-	actual, err = decodeDSSE([]byte("not a json"), "application/vnd.in-toto.spdx+dsse")
+	_, err = decodeDSSE([]byte("not a json"), "application/vnd.in-toto.spdx+dsse")
 	assert.Error(t, err)

-	actual, err = decodeDSSE([]byte("{\"payload\": \"not base64\"}"), "application/vnd.in-toto.spdx+dsse")
+	_, err = decodeDSSE([]byte("{\"payload\": \"not base64\"}"), "application/vnd.in-toto.spdx+dsse")
 	assert.Error(t, err)
 }