|
| 1 | +// Copyright 2024 OpenSSF Scorecard Authors |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | + |
| 15 | +package scorecard |
| 16 | + |
| 17 | +import ( |
| 18 | + "bytes" |
| 19 | + "encoding/json" |
| 20 | + "slices" |
| 21 | + "testing" |
| 22 | + "time" |
| 23 | + |
| 24 | + "github.com/ossf/scorecard/v5/finding" |
| 25 | +) |
| 26 | + |
| 27 | +func TestStatement(t *testing.T) { |
| 28 | + t.Parallel() |
| 29 | + // The intoto statement generation relies on the same generation as |
| 30 | + // the json output, so here we just check for correct assignments |
| 31 | + result := Result{ |
| 32 | + Repo: RepoInfo{ |
| 33 | + Name: "github.com/example/example", |
| 34 | + CommitSHA: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", |
| 35 | + }, |
| 36 | + Scorecard: ScorecardInfo{ |
| 37 | + Version: "1.2.3", |
| 38 | + CommitSHA: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", |
| 39 | + }, |
| 40 | + Date: time.Date(2024, time.February, 1, 13, 48, 0, 0, time.UTC), |
| 41 | + Findings: []finding.Finding{ |
| 42 | + { |
| 43 | + Probe: "check for X", |
| 44 | + Outcome: finding.OutcomeTrue, |
| 45 | + Message: "found X", |
| 46 | + Location: &finding.Location{ |
| 47 | + Path: "some/path/to/file", |
| 48 | + Type: finding.FileTypeText, |
| 49 | + }, |
| 50 | + }, |
| 51 | + { |
| 52 | + Probe: "check for Y", |
| 53 | + Outcome: finding.OutcomeFalse, |
| 54 | + Message: "did not find Y", |
| 55 | + }, |
| 56 | + }, |
| 57 | + } |
| 58 | + var w bytes.Buffer |
| 59 | + err := result.AsStatement(&w, jsonMockDocRead(), nil) |
| 60 | + if err != nil { |
| 61 | + t.Error("unexpected error: ", err) |
| 62 | + } |
| 63 | + |
| 64 | + // Unmarshal the written json to a generic map |
| 65 | + stmt := Statement{} |
| 66 | + if err := json.Unmarshal(w.Bytes(), &stmt); err != nil { |
| 67 | + t.Error("error unmarshaling statement", err) |
| 68 | + return |
| 69 | + } |
| 70 | + |
| 71 | + // Check the data |
| 72 | + if len(stmt.Subject) != 1 { |
| 73 | + t.Error("unexpected statement subject length") |
| 74 | + } |
| 75 | + if stmt.Subject[0].GetDigest()["sha1"] != result.Repo.CommitSHA { |
| 76 | + t.Error("mismatched statement subject digest") |
| 77 | + } |
| 78 | + if stmt.Subject[0].GetName() != result.Repo.Name { |
| 79 | + t.Error("mismatched statement subject name") |
| 80 | + } |
| 81 | + |
| 82 | + if stmt.PredicateType != PredicateType { |
| 83 | + t.Error("incorrect predicate type", stmt.PredicateType) |
| 84 | + } |
| 85 | + |
| 86 | + // Check the predicate |
| 87 | + if stmt.Predicate.Scorecard.Commit != result.Scorecard.CommitSHA { |
| 88 | + t.Error("mismatch in scorecard commit") |
| 89 | + } |
| 90 | + if stmt.Predicate.Scorecard.Version != result.Scorecard.Version { |
| 91 | + t.Error("mismatch in scorecard version") |
| 92 | + } |
| 93 | + if stmt.Predicate.Repo != nil { |
| 94 | + t.Error("repo should be null") |
| 95 | + } |
| 96 | + if !slices.Equal(stmt.Predicate.Metadata, result.Metadata) { |
| 97 | + t.Error("mismatched metadata") |
| 98 | + } |
| 99 | +} |
0 commit comments