#1838 Add unit tests for parser-cyclonedx

Lukas Fischer · Lukas Fischer · commit 71069d4d186e · 2023-09-08T18:36:55.000+02:00
Add a small and very simple test for the CycloneDX parser, after all it
doesn't do much. More annoying is again the Makefile structure, since
the project is not set up for multiple parsers for a scanner, it also
does not accommodate that for the tests. To circumvent this, the added
target for the parser-cyclonedx tests needs to manually run the
install-deps-js target with a different module name, so that all the
dependencies get installed correctly.

Signed-off-by: Lukas Fischer &lt;lukas.fischer@iteratec.com&gt;
diff --git a/scanners/trivy/Makefile b/scanners/trivy/Makefile
@@ -18,6 +18,7 @@ scanner = trivy
 docker-build: | docker-build-parser-sbom
 docker-export: | docker-export-parser-sbom
 kind-import: | kind-import-parser-sbom
+unit-tests: unit-tests-parser-sbom
 
 include ../../scanners.mk
 
@@ -57,3 +58,12 @@ deploy-without-scanner:
 		--set="cyclonedxParser.image.tag=$(IMG_TAG)" \
 		--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
 		--set-string="parser.env[0].value=true"
+
+# The unit tests for the cyclonedx-parser cannot reuse the unit-test-js target, because it requires install-deps-js,
+# which then tries to run npm ci in ../../${module}-sdk/nodejs and module is set to "parser-cyclonedx", but
+# install-deps-js still needs to be executed, in case this target runs before the normal parser tests
+.PHONY: unit-tests-parser-sbom
+unit-tests-parser-sbom:
+	@$(MAKE) -s install-deps-js module=$(parser-prefix)
+	@echo ".: 🧪 Starting unit-tests for '$(name)' parser-cyclonedx."
+	npm run test:unit -- ${name}/parser-cyclonedx/
diff --git a/scanners/trivy/parser-cyclonedx/parser.test.js b/scanners/trivy/parser-cyclonedx/parser.test.js
@@ -0,0 +1,54 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+const { parse } = require("./parser");
+const {
+  validateParser,
+} = require("@securecodebox/parser-sdk-nodejs/parser-utils");
+
+let scan;
+
+beforeEach(() => {
+  scan = {
+    metadata: {
+      name: "my-cyclonedx-sbom-scan",
+      namespace: "default",
+    },
+    spec: {
+      scanType: "trivy-image-sbom",
+      parameters: ["hello-world:latest"],
+    },
+    status: {
+      rawResultDownloadLink: "https://s3.example.com/sbom-cyclonedx.json",
+    },
+  };
+});
+
+test("should create finding correctly", async () => {
+  const result = {
+    bomFormat: "CycloneDX",
+    metadata: {
+      component: {
+        name: "hello-world:latest"
+      }
+    }
+  };
+
+  const findings = await parse(JSON.stringify(result), scan);
+  await expect(validateParser(findings)).resolves.toBeUndefined();
+  expect(findings).toMatchInlineSnapshot(`
+[
+  {
+    "attributes": {
+      "downloadLink": "https://s3.example.com/sbom-cyclonedx.json",
+    },
+    "category": "SBOM",
+    "description": "Generated an SBOM for: 'hello-world:latest'",
+    "name": "SBOM for hello-world:latest",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+  },
+]
+`);
+});
