Skip to content

Commit d564898

Browse files
committed
test(materials): add CSAF and SPDX annotation coverage for empty values
Add test for CSAF tool annotation assertions and SPDX empty tool name case to cover the new guards added in the previous commit. Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent c5c6ed9 commit d564898

3 files changed

Lines changed: 57 additions & 6 deletions

File tree

pkg/attestation/crafter/materials/csaf_test.go

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2024-2025 The Chainloop Authors.
2+
// Copyright 2024-2026 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -99,11 +99,13 @@ func TestNewCSAFCrafter(t *testing.T) {
9999

100100
func TestCSAFCraft(t *testing.T) {
101101
testCases := []struct {
102-
name string
103-
filePath string
104-
wantErr string
105-
digest string
106-
schema *contractAPI.CraftingSchema_Material
102+
name string
103+
filePath string
104+
wantErr string
105+
digest string
106+
schema *contractAPI.CraftingSchema_Material
107+
annotations map[string]string
108+
absentAnnotations []string
107109
}{
108110
{
109111
name: "non-expected json file",
@@ -167,6 +169,10 @@ func TestCSAFCraft(t *testing.T) {
167169
Name: "test",
168170
Type: contractAPI.CraftingSchema_Material_CSAF_VEX,
169171
},
172+
annotations: map[string]string{
173+
"chainloop.material.tool.name": "Secvisogram",
174+
"chainloop.material.tool.version": "1.11.0",
175+
},
170176
},
171177
{
172178
name: "2.0 security advisory",
@@ -252,6 +258,15 @@ func TestCSAFCraft(t *testing.T) {
252258
assert.Equal(&attestationApi.Attestation_Material_Artifact{
253259
Id: "test", Digest: tc.digest, Name: strings.Split(tc.filePath, "/")[2],
254260
}, got.GetArtifact())
261+
262+
for k, v := range tc.annotations {
263+
assert.Equal(v, got.Annotations[k])
264+
}
265+
266+
for _, k := range tc.absentAnnotations {
267+
_, exists := got.Annotations[k]
268+
assert.False(exists, "annotation %q should not be present", k)
269+
}
255270
})
256271
}
257272
}

pkg/attestation/crafter/materials/spdxjson_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,16 @@ func TestSPDXJSONCraft(t *testing.T) {
100100
"chainloop.material.tools": `["syft@0.73.0"]`,
101101
},
102102
},
103+
{
104+
name: "tool with empty name",
105+
filePath: "./testdata/sbom-spdx-empty-tool-name.json",
106+
wantDigest: "sha256:bbc5c2f78c7b05f2e80295e1bf827f24623394dafcd56a4a14f0591b835d28fa",
107+
wantFilename: "sbom-spdx-empty-tool-name.json",
108+
absentAnnotations: []string{
109+
"chainloop.material.tool.name",
110+
"chainloop.material.tool.version",
111+
},
112+
},
103113
{
104114
name: "tool without version",
105115
filePath: "./testdata/sbom-spdx-no-tool-version.json",
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"spdxVersion": "SPDX-2.3",
3+
"dataLicense": "CC0-1.0",
4+
"SPDXID": "SPDXRef-DOCUMENT",
5+
"name": "test-empty-tool-name",
6+
"documentNamespace": "https://example.com/test/empty-tool-name",
7+
"creationInfo": {
8+
"licenseListVersion": "3.20",
9+
"creators": [
10+
"Organization: Example Corp",
11+
"Tool: "
12+
],
13+
"created": "2024-01-01T10:00:00Z"
14+
},
15+
"packages": [
16+
{
17+
"name": "example-package",
18+
"SPDXID": "SPDXRef-Package-example",
19+
"versionInfo": "1.0.0",
20+
"downloadLocation": "NOASSERTION",
21+
"licenseConcluded": "MIT",
22+
"licenseDeclared": "MIT",
23+
"copyrightText": "NOASSERTION"
24+
}
25+
]
26+
}

0 commit comments

Comments
 (0)