mirror of
https://github.com/aquasecurity/trivy.git
synced 2026-02-02 06:43:13 +08:00
74dc5b6804
Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com> Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: Masahiro <mur4m4s4.331@gmail.com> Co-authored-by: Tomoya Amachi <tomoya.amachi@gmail.com> Co-authored-by: Masahiro <lomycisw@gmail.com> Co-authored-by: Liz Rice <liz@lizrice.com> Co-authored-by: Johannes <johannes@jitesoft.com> Co-authored-by: aprp <doelaudi@gmail.com> Co-authored-by: rahul2393 <rahulyadavsep92@gmail.com> Co-authored-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> Co-authored-by: Emrecan BATI <emrecanbati@gmail.com> Co-authored-by: sherif84 <12298259+sherif84@users.noreply.github.com> Co-authored-by: Sherif Fathalla <sfathall@akamai.com> Co-authored-by: sherif <sherif.mailbox@gmail.com> Co-authored-by: Sam Lane <samuel.lane@hotmail.com> Co-authored-by: Ankush K <akhobragade@gmail.com> Co-authored-by: Ankush K <akhobragade42@gmail.com> Co-authored-by: Tauseef <tauseefmlk@gmail.com> Co-authored-by: Daniel <danfaizer@gmail.com> Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: afdesk <work@afdesk.com> Co-authored-by: AndreyLevchenko <levchenko.andrey@gmail.com> Co-authored-by: Kobus van Schoor <10784365+kobus-v-schoor@users.noreply.github.com> Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de> Co-authored-by: jerbob92 <jerbob92@users.noreply.github.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: Shira Cohen <97398476+ShiraCohen33@users.noreply.github.com> Co-authored-by: astevenson-microsoft <78623826+astevenson-microsoft@users.noreply.github.com> Co-authored-by: Kyriakos Georgiou <kgeorgiou@users.noreply.github.com> Co-authored-by: mycodeself <mycodeself@users.noreply.github.com> Co-authored-by: DavidSalame <75929252+davidsalame1@users.noreply.github.com> Co-authored-by: Tom Fay <tom@teamfay.co.uk> Co-authored-by: Tom Fay <tomfay@microsoft.com> Co-authored-by: François Poirotte <fpoirotte@users.noreply.github.com> Co-authored-by: Guy Ben-Aharon <baguy3@gmail.com> Co-authored-by: Catminusminus <37803616+Catminusminus@users.noreply.github.com> Co-authored-by: Lior Vaisman Argon <97836016+VaismanLior@users.noreply.github.com> Co-authored-by: Matthieu Maitre <mmaitre@microsoft.com> Co-authored-by: Andrea Scarpino <andrea@scarpino.dev> Co-authored-by: MorAlon1 <101275199+MorAlon1@users.noreply.github.com> Co-authored-by: liorj-orca <96177663+liorj-orca@users.noreply.github.com> Co-authored-by: Nikita Pivkin <100182843+nikpivkin@users.noreply.github.com> Co-authored-by: guangwu <guoguangwu@magic-shield.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: yuriShafet <5830215+yuriShafet@users.noreply.github.com> Co-authored-by: Octogonapus <firey45@gmail.com>
132 lines
4.1 KiB
Go
132 lines
4.1 KiB
Go
package packaging_test
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/aquasecurity/trivy/pkg/dependency/parser/python/packaging"
|
|
"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
|
|
)
|
|
|
|
func TestParse(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
want []types.Library
|
|
wantErr bool
|
|
}{
|
|
// listing dependencies based on METADATA/PKG-INFO files
|
|
// docker run --name pipenv --rm -it python:3.7-alpine /bin/sh
|
|
// pip install pipenv
|
|
// find / -wholename "*(dist-info/METADATA|.egg-info/PKG-INFO)" | xargs -I {} sh -c 'cat {} | grep -e "^Name:" -e "^Version:" -e "^License:"' | tee METADATAS
|
|
// cat METADATAS | cut -d" " -f2- | tr "\n" "\t" | awk -F "\t" '{for(i=1;i<=NF;i=i+3){printf "\{\""$i"\", \""$(i+1)"\", \""$(i+2)"\"\}\n"}}'
|
|
|
|
{
|
|
name: "egg PKG-INFO",
|
|
input: "testdata/setuptools-51.3.3-py3.8.egg-info.PKG-INFO",
|
|
|
|
// docker run --name python --rm -it python:3.9-alpine sh
|
|
// apk add py3-setuptools
|
|
// cd /usr/lib/python3.9/site-packages/setuptools-52.0.0-py3.9.egg-info/
|
|
// cat PKG-INFO | grep -e "^Name:" -e "^Version:" -e "^License:" | cut -d" " -f2- | \
|
|
// tr "\n" "\t" | awk -F "\t" '{printf("\{\""$1"\", \""$2"\", \""$3"\"\}\n")}'
|
|
want: []types.Library{{Name: "setuptools", Version: "51.3.3", License: "UNKNOWN"}},
|
|
},
|
|
{
|
|
name: "egg PKG-INFO with description containing non-RFC 7230 bytes",
|
|
input: "testdata/unidecode-egg-info.PKG-INFO",
|
|
want: []types.Library{
|
|
{
|
|
Name: "Unidecode",
|
|
Version: "0.4.1",
|
|
License: "UNKNOWN",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "egg-info",
|
|
input: "testdata/distlib-0.3.1-py3.9.egg-info",
|
|
|
|
// docker run --name python --rm -it python:3.9-alpine sh
|
|
// apk add py3-distlib
|
|
// cd /usr/lib/python3.9/site-packages/
|
|
// cat distlib-0.3.1-py3.9.egg-info | grep -e "^Name:" -e "^Version:" -e "^License:" | cut -d" " -f2- | \
|
|
// tr "\n" "\t" | awk -F "\t" '{printf("\{\""$1"\", \""$2"\", \""$3"\"\}\n")}'
|
|
want: []types.Library{{Name: "distlib", Version: "0.3.1", License: "Python license"}},
|
|
},
|
|
{
|
|
name: "wheel METADATA",
|
|
input: "testdata/simple-0.1.0.METADATA",
|
|
|
|
// finding relevant metadata files for tests
|
|
// mkdir dist-infos
|
|
// find / -wholename "*dist-info/METADATA" | rev | cut -d '/' -f2- | rev | xargs -I % cp -r % dist-infos/
|
|
// find dist-infos/ | grep -v METADATA | xargs rm -R
|
|
|
|
// for single METADATA file with known name
|
|
// cat "{{ libname }}.METADATA | grep -e "^Name:" -e "^Version:" -e "^License:" | cut -d" " -f2- | tr "\n" "\t" | awk -F "\t" '{printf("\{\""$1"\", \""$2"\", \""$3"\"\}\n")}'
|
|
want: []types.Library{{Name: "simple", Version: "0.1.0", License: ""}},
|
|
},
|
|
{
|
|
name: "wheel METADATA",
|
|
|
|
// for single METADATA file with known name
|
|
// cat "{{ libname }}.METADATA | grep -e "^Name:" -e "^Version:" -e "^License:" | cut -d" " -f2- | tr "\n" "\t" | awk -F "\t" '{printf("\{\""$1"\", \""$2"\", \""$3"\"\}\n")}'
|
|
input: "testdata/distlib-0.3.1.METADATA",
|
|
want: []types.Library{{Name: "distlib", Version: "0.3.1", License: "Python license"}},
|
|
},
|
|
{
|
|
name: "invalid",
|
|
input: "testdata/invalid.json",
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "with License-Expression field",
|
|
input: "testdata/iniconfig-2.0.0.METADATA",
|
|
want: []types.Library{
|
|
{
|
|
Name: "iniconfig",
|
|
Version: "2.0.0",
|
|
License: "MIT",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "with an empty license field but with license in Classifier",
|
|
input: "testdata/zipp-3.12.1.METADATA",
|
|
want: []types.Library{
|
|
{
|
|
Name: "zipp",
|
|
Version: "3.12.1",
|
|
License: "MIT License",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "without licenses, but with a license file (a license in Classifier was removed)",
|
|
input: "testdata/networkx-3.0.METADATA",
|
|
want: []types.Library{
|
|
{
|
|
Name: "networkx",
|
|
Version: "3.0",
|
|
License: "file://LICENSE.txt",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
f, err := os.Open(tt.input)
|
|
require.NoError(t, err)
|
|
|
|
got, _, err := packaging.NewParser().Parse(f)
|
|
require.Equal(t, tt.wantErr, err != nil)
|
|
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|