diff --git a/integration/client_server_test.go b/integration/client_server_test.go index 97a9f2384f..2a86dde8bb 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -402,6 +402,9 @@ func TestClientServerWithFormat(t *testing.T) { } func TestClientServerWithCycloneDX(t *testing.T) { + if *update { + t.Skipf("This test doesn't use golden files") + } tests := []struct { name string args csArgs diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go index 3dc3083091..9739c7fa10 100644 --- a/integration/docker_engine_test.go +++ b/integration/docker_engine_test.go @@ -18,6 +18,9 @@ import ( ) func TestDockerEngine(t *testing.T) { + if *update { + t.Skipf("This test doesn't update golden files") + } tests := []struct { name string imageTag string diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index b04764c524..f1606bf979 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "localhost:63577/alpine:3.10", + "ArtifactName": "localhost:32839/alpine:3.10", "ArtifactType": "container_image", "Metadata": { "OS": { @@ -13,10 +13,10 @@ "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" ], "RepoTags": [ - "localhost:63577/alpine:3.10" + "localhost:32839/alpine:3.10" ], "RepoDigests": [ - "localhost:63577/alpine@sha256:d9b1a0d4fab413443a22e550cb8720de487295cebca3f9b2fcbf8882192a9bf9" + "localhost:32839/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60" ], "ImageConfig": { "architecture": "amd64", @@ -55,7 +55,7 @@ }, "Results": [ { - "Target": "localhost:63577/alpine:3.10 (alpine 3.10.2)", + "Target": "localhost:32839/alpine:3.10 (alpine 3.10.2)", "Class": "os-pkgs", "Type": "alpine", "Vulnerabilities": [ @@ -66,7 +66,7 @@ "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", "Layer": { - "Digest": "sha256:3489774ebf88fb1f0b08e0abb45826a3cbd9d0eb6458d5fc54729197feddffb9", + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" }, "SeveritySource": "nvd", @@ -126,7 +126,7 @@ "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", "Layer": { - "Digest": "sha256:3489774ebf88fb1f0b08e0abb45826a3cbd9d0eb6458d5fc54729197feddffb9", + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" }, "SeveritySource": "nvd", @@ -196,7 +196,7 @@ "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", "Layer": { - "Digest": "sha256:3489774ebf88fb1f0b08e0abb45826a3cbd9d0eb6458d5fc54729197feddffb9", + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" }, "SeveritySource": "nvd", @@ -256,7 +256,7 @@ "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", "Layer": { - "Digest": "sha256:3489774ebf88fb1f0b08e0abb45826a3cbd9d0eb6458d5fc54729197feddffb9", + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" }, "SeveritySource": "nvd", @@ -322,4 +322,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden index fd5c5089c9..e3b11c4a31 100644 --- a/integration/testdata/busybox-with-lockfile.json.golden +++ b/integration/testdata/busybox-with-lockfile.json.golden @@ -54,8 +54,8 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-15542", - "PkgName": "ammonia", "PkgID": "ammonia@1.9.0", + "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 2.1.0", "Layer": { @@ -92,8 +92,8 @@ }, { "VulnerabilityID": "CVE-2021-38193", - "PkgName": "ammonia", "PkgID": "ammonia@1.9.0", + "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0", "Layer": { diff --git a/integration/testdata/centos-7-cyclonedx.json.golden b/integration/testdata/centos-7-cyclonedx.json.golden index bb3caae44e..cb0114f65d 100644 --- a/integration/testdata/centos-7-cyclonedx.json.golden +++ b/integration/testdata/centos-7-cyclonedx.json.golden @@ -3,7 +3,7 @@ "specVersion": "1.4", "version": 1, "metadata": { - "timestamp": "2022-08-14T12:39:11+00:00", + "timestamp": "2023-05-15T09:50:02+00:00", "tools": [ { "vendor": "aquasecurity", diff --git a/integration/testdata/cocoapods.json.golden b/integration/testdata/cocoapods.json.golden index 7a9be696ca..34a5838f72 100644 --- a/integration/testdata/cocoapods.json.golden +++ b/integration/testdata/cocoapods.json.golden @@ -27,7 +27,8 @@ "DependsOn": [ "AppCenter/Analytics/4.2.0", "AppCenter/Crashes/4.2.0" - ] + ], + "Layer": {} }, { "ID": "AppCenter/Analytics/4.2.0", @@ -35,12 +36,14 @@ "Version": "4.2.0", "DependsOn": [ "AppCenter/Core/4.2.0" - ] + ], + "Layer": {} }, { "ID": "AppCenter/Core/4.2.0", "Name": "AppCenter/Core", - "Version": "4.2.0" + "Version": "4.2.0", + "Layer": {} }, { "ID": "AppCenter/Crashes/4.2.0", @@ -48,12 +51,14 @@ "Version": "4.2.0", "DependsOn": [ "AppCenter/Core/4.2.0" - ] + ], + "Layer": {} }, { "ID": "KeychainAccess/4.2.1", "Name": "KeychainAccess", - "Version": "4.2.1" + "Version": "4.2.1", + "Layer": {} } ] } diff --git a/integration/testdata/composer.lock.json.golden b/integration/testdata/composer.lock.json.golden index c135829cfe..de199a8c84 100644 --- a/integration/testdata/composer.lock.json.golden +++ b/integration/testdata/composer.lock.json.golden @@ -24,14 +24,13 @@ "ID": "guzzlehttp/guzzle@7.4.4", "Name": "guzzlehttp/guzzle", "Version": "7.4.4", - "Indirect": false, - "Layer": {}, "Licenses": [ "MIT" ], "DependsOn": [ "guzzlehttp/psr7@1.8.3" ], + "Layer": {}, "Locations": [ { "StartLine": 9, @@ -43,11 +42,11 @@ "ID": "guzzlehttp/psr7@1.8.3", "Name": "guzzlehttp/psr7", "Version": "1.8.3", - "Indirect": true, - "Layer": {}, "Licenses": [ "MIT" ], + "Indirect": true, + "Layer": {}, "Locations": [ { "StartLine": 130, diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden index b9676e3eee..51d480ca78 100644 --- a/integration/testdata/conan.json.golden +++ b/integration/testdata/conan.json.golden @@ -2,6 +2,18 @@ "SchemaVersion": 2, "ArtifactName": "testdata/fixtures/fs/conan", "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, "Results": [ { "Target": "conan.lock", @@ -12,19 +24,22 @@ "ID": "bzip2/1.0.8", "Name": "bzip2", "Version": "1.0.8", - "Indirect": true + "Indirect": true, + "Layer": {} }, { "ID": "expat/2.4.8", "Name": "expat", "Version": "2.4.8", - "Indirect": true + "Indirect": true, + "Layer": {} }, { "ID": "openssl/1.1.1q", "Name": "openssl", "Version": "1.1.1q", - "Indirect": true + "Indirect": true, + "Layer": {} }, { "ID": "pcre/8.43", @@ -34,7 +49,8 @@ "DependsOn": [ "bzip2/1.0.8", "zlib/1.2.12" - ] + ], + "Layer": {} }, { "ID": "poco/1.9.4", @@ -46,19 +62,22 @@ "expat/2.4.8", "sqlite3/3.39.2", "openssl/1.1.1q" - ] + ], + "Layer": {} }, { "ID": "sqlite3/3.39.2", "Name": "sqlite3", "Version": "3.39.2", - "Indirect": true + "Indirect": true, + "Layer": {} }, { "ID": "zlib/1.2.12", "Name": "zlib", "Version": "1.2.12", - "Indirect": true + "Indirect": true, + "Layer": {} } ], "Vulnerabilities": [ @@ -68,6 +87,7 @@ "PkgName": "pcre", "InstalledVersion": "8.43", "FixedVersion": "8.45", + "Layer": {}, "Severity": "UNKNOWN" } ] diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index eb62776190..1b4fd4a009 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:4dd4cf4a-d4de-4ea0-b75f-ad617f31b5a9", + "serialNumber": "urn:uuid:c283a9bb-93f1-49fb-9605-110b5f005a74", "version": 1, "metadata": { - "timestamp": "2023-01-08T23:57:37+00:00", + "timestamp": "2023-05-15T09:49:59+00:00", "tools": [ { "vendor": "aquasecurity", @@ -13,7 +13,7 @@ } ], "component": { - "bom-ref": "582a7c6f-b30e-4b65-a911-f3f5034aa003", + "bom-ref": "6497c0eb-7ca3-401e-b1f6-29234b2ec32c", "type": "application", "name": "testdata/fixtures/fs/conda", "properties": [ @@ -72,7 +72,7 @@ ], "dependencies": [ { - "ref": "582a7c6f-b30e-4b65-a911-f3f5034aa003", + "ref": "6497c0eb-7ca3-401e-b1f6-29234b2ec32c", "dependsOn": [ "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json", "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json" @@ -80,4 +80,4 @@ } ], "vulnerabilities": [] -} \ No newline at end of file +} diff --git a/integration/testdata/conda-spdx.json.golden b/integration/testdata/conda-spdx.json.golden index 507a9f48e8..6f321987b0 100644 --- a/integration/testdata/conda-spdx.json.golden +++ b/integration/testdata/conda-spdx.json.golden @@ -3,26 +3,29 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "testdata/fixtures/fs/conda", + "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/fs/conda-f50748fc-93cb-48c4-87c5-25a03e4ddb00", "creationInfo": { "licenseListVersion": "", "creators": [ "Organization: aquasecurity", "Tool: trivy-dev" ], - "created": "2023-04-16T11:00:02Z" + "created": "2023-05-16T05:26:41Z" }, "packages": [ { "name": "conda-pkg", "SPDXID": "SPDXRef-Application-ee5ef1aa4ac89125", "downloadLocation": "NONE", - "primaryPackagePurpose": "APPLICATION", - "sourceInfo": "Conda" + "sourceInfo": "Conda", + "copyrightText": "", + "primaryPackagePurpose": "APPLICATION" }, { "name": "openssl", "SPDXID": "SPDXRef-Package-b1088cb4090e3a55", "versionInfo": "1.1.1q", + "supplier": "NOASSERTION", "downloadLocation": "NONE", "licenseConcluded": "OpenSSL", "licenseDeclared": "OpenSSL", @@ -35,7 +38,6 @@ } ], "primaryPackagePurpose": "LIBRARY", - "supplier": "NOASSERTION", "files": [ { "fileName": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json", @@ -45,7 +47,8 @@ "algorithm": "SHA1", "checksumValue": "237db0da53131e4548cb1181337fa0f420299e1f" } - ] + ], + "copyrightText": "" } ] }, @@ -53,9 +56,11 @@ "name": "pip", "SPDXID": "SPDXRef-Package-6b677e82217fb5bd", "versionInfo": "22.2.2", + "supplier": "NOASSERTION", "downloadLocation": "NONE", "licenseConcluded": "MIT", "licenseDeclared": "MIT", + "copyrightText": "", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", @@ -64,7 +69,6 @@ } ], "primaryPackagePurpose": "LIBRARY", - "supplier": "NOASSERTION", "files": [ { "fileName": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json", @@ -74,7 +78,8 @@ "algorithm": "SHA1", "checksumValue": "a6a2db7668f1ad541d704369fc66c96a4415aa24" } - ] + ], + "copyrightText": "" } ] }, @@ -82,10 +87,11 @@ "name": "testdata/fixtures/fs/conda", "SPDXID": "SPDXRef-Filesystem-6e0ac6a0fab50ab4", "downloadLocation": "NONE", - "primaryPackagePurpose": "SOURCE", + "copyrightText": "", "attributionTexts": [ "SchemaVersion: 2" - ] + ], + "primaryPackagePurpose": "SOURCE" } ], "relationships": [ diff --git a/integration/testdata/dotnet.json.golden b/integration/testdata/dotnet.json.golden index 739aad7ec9..86a5c312e7 100644 --- a/integration/testdata/dotnet.json.golden +++ b/integration/testdata/dotnet.json.golden @@ -23,6 +23,7 @@ { "Name": "Newtonsoft.Json", "Version": "9.0.1", + "Layer": {}, "Locations": [ { "StartLine": 8, diff --git a/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden b/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden index c14117b086..c65d9fbe98 100644 --- a/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden @@ -3,7 +3,7 @@ "specVersion": "1.4", "version": 1, "metadata": { - "timestamp": "2022-08-14T12:39:11+00:00", + "timestamp": "2023-05-15T09:50:02+00:00", "tools": [ { "vendor": "aquasecurity", diff --git a/integration/testdata/mix.lock.json.golden b/integration/testdata/mix.lock.json.golden index 53cf0e1ab8..3893c125cd 100644 --- a/integration/testdata/mix.lock.json.golden +++ b/integration/testdata/mix.lock.json.golden @@ -30,7 +30,7 @@ "StartLine": 2, "EndLine": 2 } - ] + ] }, { "ID": "jason@1.4.0", @@ -42,7 +42,7 @@ "StartLine": 3, "EndLine": 3 } - ] + ] }, { "ID": "phoenix@1.6.13", @@ -54,7 +54,7 @@ "StartLine": 4, "EndLine": 4 } - ] + ] }, { "ID": "phoenix_html@3.2.0", @@ -66,7 +66,7 @@ "StartLine": 5, "EndLine": 5 } - ] + ] }, { "ID": "phoenix_pubsub@2.1.1", @@ -78,7 +78,7 @@ "StartLine": 6, "EndLine": 6 } - ] + ] }, { "ID": "phoenix_template@1.0.0", @@ -90,7 +90,7 @@ "StartLine": 7, "EndLine": 7 } - ] + ] }, { "ID": "phoenix_view@2.0.1", @@ -102,7 +102,7 @@ "StartLine": 8, "EndLine": 8 } - ] + ] }, { "ID": "plug@1.14.0", @@ -114,7 +114,7 @@ "StartLine": 9, "EndLine": 9 } - ] + ] }, { "ID": "plug_crypto@1.2.3", @@ -126,7 +126,7 @@ "StartLine": 10, "EndLine": 10 } - ] + ] }, { "ID": "telemetry@1.1.0", @@ -138,14 +138,14 @@ "StartLine": 11, "EndLine": 11 } - ] + ] } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2022-42975", - "PkgName": "phoenix", "PkgID": "phoenix@1.6.13", + "PkgName": "phoenix", "InstalledVersion": "1.6.13", "FixedVersion": "1.6.14", "Layer": {}, diff --git a/integration/testdata/npm.json.golden b/integration/testdata/npm.json.golden index 4ab43682c0..0f70af8f2d 100644 --- a/integration/testdata/npm.json.golden +++ b/integration/testdata/npm.json.golden @@ -37,11 +37,11 @@ "ID": "jquery@3.3.9", "Name": "jquery", "Version": "3.3.9", - "Indirect": true, - "Layer": {}, "Licenses": [ "MIT" ], + "Indirect": true, + "Layer": {}, "Locations": [ { "StartLine": 11, @@ -95,14 +95,14 @@ "ID": "promise@8.0.3", "Name": "promise", "Version": "8.0.3", + "Licenses": [ + "MIT" + ], "Indirect": true, "DependsOn": [ "asap@2.0.6" ], "Layer": {}, - "Licenses": [ - "MIT" - ], "Locations": [ { "StartLine": 34, @@ -132,6 +132,9 @@ "ID": "react@16.8.6", "Name": "react", "Version": "16.8.6", + "Licenses": [ + "MIT" + ], "Indirect": true, "DependsOn": [ "loose-envify@1.4.0", @@ -140,9 +143,6 @@ "scheduler@0.13.6" ], "Layer": {}, - "Licenses": [ - "MIT" - ], "Locations": [ { "StartLine": 52, @@ -154,11 +154,11 @@ "ID": "react-is@16.8.6", "Name": "react-is", "Version": "16.8.6", - "Indirect": true, - "Layer": {}, "Licenses": [ "MIT" ], + "Indirect": true, + "Layer": {}, "Locations": [ { "StartLine": 63, @@ -170,15 +170,15 @@ "ID": "redux@4.0.1", "Name": "redux", "Version": "4.0.1", + "Licenses": [ + "MIT" + ], "Indirect": true, "DependsOn": [ "loose-envify@1.4.0", "symbol-observable@1.2.0" ], "Layer": {}, - "Licenses": [ - "MIT" - ], "Locations": [ { "StartLine": 68, diff --git a/integration/testdata/nuget.json.golden b/integration/testdata/nuget.json.golden index eac2b797b1..c0e649ccd2 100644 --- a/integration/testdata/nuget.json.golden +++ b/integration/testdata/nuget.json.golden @@ -30,29 +30,29 @@ "StartLine": 5, "EndLine": 10 } - ] + ] }, { "ID": "NuGet.Frameworks@5.7.0", "Name": "NuGet.Frameworks", "Version": "5.7.0", - "Layer": {}, "DependsOn": [ "Newtonsoft.Json@12.0.3" ], + "Layer": {}, "Locations": [ { "StartLine": 11, "EndLine": 19 } - ] + ] } ], "Vulnerabilities": [ { "VulnerabilityID": "GHSA-5crp-9r3c-p9vr", - "PkgName": "Newtonsoft.Json", "PkgID": "Newtonsoft.Json@12.0.3", + "PkgName": "Newtonsoft.Json", "InstalledVersion": "12.0.3", "FixedVersion": "13.0.1", "Layer": {}, diff --git a/integration/testdata/pubspec.lock.json.golden b/integration/testdata/pubspec.lock.json.golden index f26e76b111..7bc7069284 100644 --- a/integration/testdata/pubspec.lock.json.golden +++ b/integration/testdata/pubspec.lock.json.golden @@ -23,20 +23,22 @@ { "ID": "http@0.13.2", "Name": "http", - "Version": "0.13.2" + "Version": "0.13.2", + "Layer": {} }, { "ID": "shelf@1.3.1", "Name": "shelf", "Version": "1.3.1", - "Indirect": true + "Indirect": true, + "Layer": {} } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2020-35669", - "PkgName": "http", "PkgID": "http@0.13.2", + "PkgName": "http", "InstalledVersion": "0.13.2", "FixedVersion": "0.13.3", "Layer": {}, diff --git a/integration/testdata/secrets.json.golden b/integration/testdata/secrets.json.golden index 58b3300f48..c982894967 100644 --- a/integration/testdata/secrets.json.golden +++ b/integration/testdata/secrets.json.golden @@ -69,7 +69,6 @@ ] }, "Match": "export AWS_ACCESS_KEY_ID=********************", - "Deleted": false, "Layer": {} }, { @@ -113,7 +112,6 @@ ] }, "Match": "echo ********", - "Deleted": false, "Layer": {} } ] diff --git a/integration/testdata/yarn.json.golden b/integration/testdata/yarn.json.golden index da61fd44bb..e29f85a62d 100644 --- a/integration/testdata/yarn.json.golden +++ b/integration/testdata/yarn.json.golden @@ -36,7 +36,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-11358", - "PkgId": "jquery@3.2.1", + "PkgID": "jquery@3.2.1", "PkgName": "jquery", "InstalledVersion": "3.2.1", "FixedVersion": "3.4.0", diff --git a/magefiles/magefile.go b/magefiles/magefile.go index eb4c17d0fc..69372528fe 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -194,6 +194,11 @@ func (Test) GenerateExampleModules() error { return nil } +// UpdateGolden updates golden files for integration tests +func (Test) UpdateGolden() error { + return sh.RunWithV(ENV, "go", "test", "-tags=integration", "./integration/...", "./pkg/fanal/test/integration/...", "-update") +} + func compileWasmModules(pattern string) error { goFiles, err := filepath.Glob(pattern) if err != nil { diff --git a/pkg/fanal/test/integration/library_test.go b/pkg/fanal/test/integration/library_test.go index 4b96290699..e2cf24d545 100644 --- a/pkg/fanal/test/integration/library_test.go +++ b/pkg/fanal/test/integration/library_test.go @@ -183,8 +183,7 @@ func TestFanal_Library_DockerMode(t *testing.T) { // Disable updating golden files because local images don't have compressed layer digests, // and updating golden files in this function results in incomplete files. if *update { - *update = false - defer func() { *update = true }() + t.Skipf("This test creates wrong golden file") } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {