🧹 add more integration testing for sbom scanning (#3295)

mondoohq · Feb 14, 2024 · 25da67d · 25da67d
1 parent bb1cae4
commit 25da67d
Show file tree

Hide file tree

Showing 37 changed files with 4,099 additions and 0 deletions.
diff --git a/test/sbom/README.md b/test/sbom/README.md
@@ -0,0 +1,25 @@
+# SBOM Testing
+
+## Container Images
+
+We use the following container images to test the SBOM generation:
+
+| OS                    | Version                           |
+|-----------------------|-----------------------------------|
+| Alpine Linux          | 3.14, 3.15, 3.16, 3.17, 3.18      |
+| AlmaLinux             | 8, 9                              |
+| Amazon Linux          | 2018, 2, 2023                     |
+| CentOS                | 6, 7, 8, Stream 8, Stream 9       |
+| Debian Linux          | 7, 8, 9, 10, 11, 12               |
+| Fedora Linux          | 34-40                             |
+| openSUSE Leap         | 42, 15                            |
+| openSUSE Tumbleweed   | Rolling                           |
+| Oracle Linux          | 6, 7, 8, 9                        |
+| Photon                | 4, 5                              |
+| Red Hat Linux         | 6, 7, 8, 9                        |
+| Rocky Linux           | 8, 9                              |
+| Suse Enterprise Linux | 12, 15                            |
+| Ubuntu                | 14.04, 16.04, 18.04, 20.04, 22.04 |
+
+
+
diff --git a/test/sbom/sbom_test.go b/test/sbom/sbom_test.go
@@ -0,0 +1,131 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build debugtest
+// +build debugtest
+
+package sbom
+
+import (
+	"os/exec"
+	"sync"
+
+	"bytes"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var once sync.Once
+
+// setup builds cnquery locally
+func setup() {
+	if err := exec.Command("go", "build", "../../apps/cnquery/cnquery.go").Run(); err != nil {
+		log.Fatalf("building cnquery: %v", err)
+	}
+}
+
+func TestMain(m *testing.M) {
+	ret := m.Run()
+	os.Exit(ret)
+}
+
+func TestSbomGeneration(t *testing.T) {
+	once.Do(setup)
+
+	images := []string{
+		"alpine:3.16",
+		"alpine:3.17",
+		"alpine:3.18",
+		"alpine:3.19",
+		"almalinux:8.9",
+		"almalinux:9.3",
+		"amazonlinux:2",
+		"amazonlinux:2023",
+		"centos:7",
+		"centos:8",
+		"debian:7",
+		"debian:8",
+		"debian:9",
+		"debian:10",
+		"debian:11",
+		"debian:12",
+		"fedora:37",
+		"fedora:38",
+		"fedora:39",
+		"fedora:40",
+		"opensuse/leap:15.5",
+		"opensuse/leap:42.3",
+		"opensuse/tumbleweed",
+		"oraclelinux:8.9",
+		"oraclelinux:9",
+		"photon:3.0",
+		"photon:4.0",
+		"photon:5.0",
+		"registry.access.redhat.com/ubi7/ubi-minimal:7.9-1313",
+		"registry.access.redhat.com/ubi8/ubi:8.0-122",
+		"registry.access.redhat.com/ubi8/ubi:8.9-1107",
+		"rockylinux:8.9",
+		"rockylinux:9.3",
+		"registry.suse.com/bci/bci-base:15.5",
+		"registry.suse.com/suse/sles12sp5:6.5.559",
+		"ubuntu:14.04",
+		"ubuntu:16.04",
+		"ubuntu:18.04",
+		"ubuntu:20.04",
+		"ubuntu:22.04",
+	}
+
+	// test all images sequentially since they use os.stdout
+	for i := range images {
+		t.Run(images[i], func(t *testing.T) {
+			testSbomExport(t, images[i], false, false)
+		})
+	}
+}
+
+func testSbomExport(t *testing.T, img string, update bool, useRecording bool) {
+	fileImgName := strings.ReplaceAll(img, ":", "-")
+	fileImgName = strings.ReplaceAll(fileImgName, ".", "-")
+	fileImgName = strings.ReplaceAll(fileImgName, "/", "-")
+
+	args := []string{"sbom", "docker", img}
+	if useRecording {
+		args = append(args, "--use-recording", "testdata/"+fileImgName+"-recording.json")
+	}
+	cmd := exec.Command("./cnquery", args...)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	if err := cmd.Start(); err != nil {
+		fmt.Printf("Error starting command: %s\n", err)
+		return
+	}
+
+	// Wait for the command to finish
+	if err := cmd.Wait(); err != nil {
+		fmt.Printf("Command finished with error: %v\n", err)
+	}
+
+	// Check the output
+	fmt.Println("stdout:\n", stdout.String())
+	fmt.Println("stderr:\n", stderr.String())
+
+	if update {
+		os.WriteFile("testdata/"+fileImgName+"-cli.txt", stdout.Bytes(), 0600)
+	}
+
+	expected, err := os.ReadFile("testdata/" + fileImgName + "-cli.txt")
+	require.NoError(t, err)
+
+	output := stdout.String()
+	assert.Equal(t, string(expected), output)
+	assert.NotEmpty(t, strings.TrimSpace(output))
+}
diff --git a/test/sbom/testdata/almalinux-8-9-cli.txt b/test/sbom/testdata/almalinux-8-9-cli.txt
@@ -0,0 +1,156 @@
+rpm/acl/2.2.53-1.el8
+rpm/almalinux-release/8.9-1.el8
+rpm/audit-libs/3.0.7-5.el8
+rpm/basesystem/11-5.el8
+rpm/bash/4.4.20-4.el8_6
+rpm/binutils/2.30-123.el8
+rpm/bzip2-libs/1.0.6-26.el8
+rpm/ca-certificates/2023.2.60_v7.0.306-80.0.el8_8
+rpm/chkconfig/1.19.2-1.el8
+rpm/coreutils-single/8.30-15.el8
+rpm/cracklib/2.9.6-15.el8
+rpm/cracklib-dicts/2.9.6-15.el8
+rpm/crypto-policies/20230731-1.git3177e06.el8
+rpm/cryptsetup-libs/2.3.7-7.el8
+rpm/curl/7.61.1-33.el8
+rpm/cyrus-sasl-lib/2.1.27-6.el8_5
+rpm/dbus/1:1.12.8-26.el8
+rpm/dbus-common/1:1.12.8-26.el8
+rpm/dbus-daemon/1:1.12.8-26.el8
+rpm/dbus-libs/1:1.12.8-26.el8
+rpm/dbus-tools/1:1.12.8-26.el8
+rpm/device-mapper/8:1.02.181-13.el8_9
+rpm/device-mapper-libs/8:1.02.181-13.el8_9
+rpm/dnf/4.7.0-19.el8.alma
+rpm/dnf-data/4.7.0-19.el8.alma
+rpm/elfutils-default-yama-scope/0.189-3.el8
+rpm/elfutils-libelf/0.189-3.el8
+rpm/elfutils-libs/0.189-3.el8
+rpm/expat/2.2.5-11.el8
+rpm/file-libs/5.33-25.el8
+rpm/filesystem/3.8-6.el8
+rpm/findutils/1:4.6.0-21.el8
+rpm/gawk/4.2.1-4.el8
+rpm/gdbm/1:1.18-2.el8
+rpm/gdbm-libs/1:1.18-2.el8
+rpm/glib2/2.56.4-161.el8
+rpm/glibc/2.28-236.el8.7
+rpm/glibc-common/2.28-236.el8.7
+rpm/glibc-minimal-langpack/2.28-236.el8.7
+rpm/gmp/1:6.1.2-10.el8
+rpm/gnupg2/2.2.20-3.el8_6
+rpm/gnutls/3.6.16-7.el8
+pypi/gpg/1.13.1 /usr/lib64/python3.6/site-packages/gpg-1.13.1-py3.6.egg-info
+rpm/gpg-pubkey/ced7258b-6525146f
+rpm/gpg-pubkey/3abb34f8-5ffd890e
+rpm/gpgme/1.13.1-11.el8
+rpm/grep/3.1-6.el8
+rpm/gzip/1.9-13.el8_5
+rpm/hostname/3.20-6.el8
+rpm/ima-evm-utils/1.3.2-12.el8
+rpm/info/6.5-7.el8
+rpm/iputils/20180629-11.el8
+rpm/json-c/0.13.1-3.el8
+rpm/keyutils-libs/1.5.10-9.el8
+rpm/kmod-libs/25-19.el8
+rpm/krb5-libs/1.18.2-26.el8_9
+rpm/langpacks-en/1.0-12.el8
+rpm/less/530-1.el8
+rpm/libacl/2.2.53-1.el8
+rpm/libarchive/3.3.3-5.el8
+rpm/libassuan/2.5.1-3.el8
+rpm/libattr/2.4.48-3.el8
+rpm/libblkid/2.32.1-43.el8
+rpm/libcap/2.48-5.el8_8
+rpm/libcap-ng/0.7.11-1.el8
+rpm/libcom_err/1.45.6-5.el8
+rpm/libcomps/0.1.18-1.el8
+pypi/libcomps/0.1.18 /usr/lib64/python3.6/site-packages/libcomps-0.1.18-py3.6.egg-info/PKG-INFO
+rpm/libcurl-minimal/7.61.1-33.el8
+rpm/libdb/5.3.28-42.el8_4
+rpm/libdb-utils/5.3.28-42.el8_4
+rpm/libdnf/0.63.0-17.el8_9.alma
+rpm/libfdisk/2.32.1-43.el8
+rpm/libffi/3.1-24.el8
+rpm/libgcc/8.5.0-20.el8.alma
+rpm/libgcrypt/1.8.5-7.el8_6
+rpm/libgpg-error/1.31-1.el8
+rpm/libidn2/2.2.0-1.el8
+rpm/libksba/1.3.5-9.el8_7
+rpm/libmodulemd/2.13.0-1.el8
+rpm/libmount/2.32.1-43.el8
+rpm/libnghttp2/1.33.0-5.el8_9
+rpm/libnsl2/1.2.0-2.20180605git4a062cf.el8
+rpm/libpwquality/1.4.4-6.el8
+rpm/librepo/1.14.2-4.el8
+rpm/libreport-filesystem/2.9.5-15.el8.alma.1
+rpm/libseccomp/2.5.2-1.el8
+rpm/libselinux/2.9-8.el8
+rpm/libsemanage/2.9-9.el8_6
+rpm/libsepol/2.9-3.el8
+rpm/libsigsegv/2.11-5.el8
+rpm/libsmartcols/2.32.1-43.el8
+rpm/libsolv/0.7.20-6.el8
+rpm/libstdc++/8.5.0-20.el8.alma
+rpm/libtasn1/4.13-4.el8_7
+rpm/libtirpc/1.1.4-8.el8
+rpm/libunistring/0.9.9-3.el8
+rpm/libusbx/1.0.23-4.el8
+rpm/libutempter/1.1.6-14.el8
+rpm/libuuid/2.32.1-43.el8
+rpm/libverto/0.3.2-2.el8
+rpm/libxcrypt/4.1.1-6.el8
+rpm/libxml2/2.9.7-16.el8_8.1
+rpm/libyaml/0.1.7-5.el8
+rpm/libzstd/1.4.4-1.el8
+rpm/lua-libs/5.3.4-12.el8
+rpm/lz4-libs/1.8.3-3.el8_4
+rpm/mpfr/3.1.6-1.el8
+rpm/ncurses-base/6.1-10.20180224.el8
+rpm/ncurses-libs/6.1-10.20180224.el8
+rpm/nettle/3.4.1-7.el8
+rpm/npth/1.5-4.el8
+rpm/openldap/2.4.46-18.el8
+rpm/openssl-libs/1:1.1.1k-9.el8_7
+rpm/p11-kit/0.23.22-1.el8
+rpm/p11-kit-trust/0.23.22-1.el8
+rpm/pam/1.3.1-27.el8
+rpm/pcre/8.42-6.el8
+rpm/pcre2/10.32-3.el8_6
+rpm/platform-python/3.6.8-56.el8_9.alma.1
+rpm/platform-python-setuptools/39.2.0-7.el8
+rpm/popt/1.18-1.el8
+rpm/python3-dnf/4.7.0-19.el8.alma
+rpm/python3-gpg/1.13.1-11.el8
+rpm/python3-hawkey/0.63.0-17.el8_9.alma
+rpm/python3-libcomps/0.1.18-1.el8
+rpm/python3-libdnf/0.63.0-17.el8_9.alma
+rpm/python3-libs/3.6.8-56.el8_9.alma.1
+rpm/python3-pip-wheel/9.0.3-23.el8
+rpm/python3-rpm/4.14.3-26.el8
+rpm/python3-setuptools-wheel/39.2.0-7.el8
+rpm/readline/7.0-10.el8
+rpm/rootfiles/8.1-22.el8
+rpm/rpm/4.14.3-26.el8
+pypi/rpm/4.14.3 /usr/lib64/python3.6/site-packages/rpm-4.14.3-py3.6.egg-info
+rpm/rpm-build-libs/4.14.3-26.el8
+rpm/rpm-libs/4.14.3-26.el8
+rpm/sed/4.5-5.el8
+rpm/setup/2.12.2-9.el8
+pypi/setuptools/39.2.0 /usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA
+pypi/setuptools/39.2.0 /usr/lib/python3.6/site-packages/setuptools-39.2.0.dist-info/METADATA
+rpm/shadow-utils/2:4.6-19.el8
+rpm/sqlite-libs/3.26.0-18.el8_8
+rpm/systemd/239-78.el8
+rpm/systemd-libs/239-78.el8
+rpm/systemd-pam/239-78.el8
+rpm/tar/2:1.30-9.el8
+rpm/tpm2-tss/2.3.2-5.el8
+rpm/tzdata/2023c-1.el8
+rpm/util-linux/2.32.1-43.el8
+rpm/vim-minimal/2:8.0.1763-19.el8_6.4
+rpm/xz/5.2.4-4.el8_6
+rpm/xz-libs/5.2.4-4.el8_6
+rpm/yum/4.7.0-19.el8.alma
+rpm/zlib/1.2.11-25.el8
+