test: tidy up test beds (#333)

* test: consolidate imports
* test: recreate all fixtures
* test: docs

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

tests/__init__.py

@@ -17,6 +17,10 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
-from os import path
+from os import getenv, path
 
 FIXTURES_DIRECTORY = path.join(path.dirname(__file__), 'fixtures')
+
+RECREATE_SNAPSHOTS = bool(getenv('CDX_TEST_RECREATE_SNAPSHOTS'))
+if RECREATE_SNAPSHOTS:
+    print('!!! WILL RECREATE ALL SNAPSHOTS !!!')

tests/fixtures/README.md

@@ -0,0 +1,13 @@
+# TEST FIXTURES
+
+## RE-CREATION
+
+Some assets here can be (re-)created automatically, by setting the env var `CDX_TEST_RECREATE_SNAPSHOTS=1`.  
+It might also help to set `PYTHONHASHSEED=0`!  
+As a shortcut just run:
+
+```shell
+CDX_TEST_RECREATE_SNAPSHOTS=1 poetry run tox -e py
+```
+
+The files will be written as is, which might not be human-readable. feel free to reformat the files manually.

tests/fixtures/json/1.2/bom_dependencies.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "serialNumber": "urn:uuid:7ddbdb7d-6f51-4ea6-83c1-bf780cece8e2",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T11:40:00.491974+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-python-lib",
-        "version": "VERSION"
+        "version": "3.1.2"
       }
     ]
   },
@@ -28,23 +28,23 @@
       ],
       "purl": "pkg:pypi/[email protected]?extension=tar.gz"
     },
-     {
+    {
       "type": "library",
       "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz",
       "name": "toml",
       "version": "0.10.2",
-      "purl": "pkg:pypi/[email protected]?extension=tar.gz",
       "hashes": [
         {
           "alg": "SHA-256",
           "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
         }
       ],
+      "purl": "pkg:pypi/[email protected]?extension=tar.gz",
       "externalReferences": [
         {
-          "type": "distribution",
           "url": "https://cyclonedx.org",
-          "comment": "No comment"
+          "comment": "No comment",
+          "type": "distribution"
         }
       ]
     }
@@ -61,4 +61,4 @@
       "dependsOn": []
     }
   ]
-}
+}

tests/fixtures/json/1.2/bom_dependencies_component.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "serialNumber": "urn:uuid:d3c403f8-187f-4c3a-ae93-2d62f50689c0",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T11:40:00.538713+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-python-lib",
-        "version": "VERSION"
+        "version": "3.1.2"
       }
     ],
     "component": {
@@ -28,23 +28,23 @@
     }
   },
   "components": [
-     {
+    {
       "type": "library",
       "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz",
       "name": "toml",
       "version": "0.10.2",
-      "purl": "pkg:pypi/[email protected]?extension=tar.gz",
       "hashes": [
         {
           "alg": "SHA-256",
           "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
         }
       ],
+      "purl": "pkg:pypi/[email protected]?extension=tar.gz",
       "externalReferences": [
         {
-          "type": "distribution",
           "url": "https://cyclonedx.org",
-          "comment": "No comment"
+          "comment": "No comment",
+          "type": "distribution"
         }
       ]
     }
@@ -61,4 +61,4 @@
       "dependsOn": []
     }
   ]
-}
+}

tests/fixtures/json/1.2/bom_external_references.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "serialNumber": "urn:uuid:06480655-292f-4ab5-8d84-52ac0023a161",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T11:40:00.241228+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-python-lib",
-        "version": "VERSION"
+        "version": "3.1.2"
       }
     ]
   },
@@ -25,4 +25,4 @@
       "type": "website"
     }
   ]
-}
+}

tests/fixtures/json/1.2/bom_issue_275_components.json

@@ -1,64 +1,64 @@
 {
-    "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
-    "bomFormat": "CycloneDX",
-    "components": [
-        {
-            "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda",
-            "name": "comp_a",
-            "type": "library",
-            "version": "1.0.0"
-        },
-        {
-            "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857",
-            "components": [
-                {
-                    "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789",
-                    "name": "comp_c",
-                    "type": "library",
-                    "version": "1.0.0"
-                }
-            ],
-            "name": "comp_b",
-            "type": "library",
-            "version": "1.0.0"
-        }
+  "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.2",
+  "serialNumber": "urn:uuid:d571cf4c-efeb-4603-b744-a58a3e95410a",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-01-07T11:40:00.654095+00:00",
+    "tools": [
+      {
+        "vendor": "CycloneDX",
+        "name": "cyclonedx-python-lib",
+        "version": "3.1.2"
+      }
     ],
-    "dependencies": [
-        {
-            "dependsOn": [
-                "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda",
-                "0b049d09-64c0-4490-a0f5-c84d9aacf857"
-            ],
-            "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3"
-        },
-        {
-            "dependsOn": [],
-            "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda"
-        },
+    "component": {
+      "type": "library",
+      "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3",
+      "name": "app",
+      "version": "1.0.0"
+    }
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda",
+      "name": "comp_a",
+      "version": "1.0.0"
+    },
+    {
+      "type": "library",
+      "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857",
+      "name": "comp_b",
+      "version": "1.0.0",
+      "components": [
         {
-            "dependsOn": [
-                "cd3e9c95-9d41-49e7-9924-8cf0465ae789"
-            ],
-            "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857"
+          "type": "library",
+          "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789",
+          "name": "comp_c",
+          "version": "1.0.0"
         }
-    ],
-    "metadata": {
-        "component": {
-            "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3",
-            "name": "app",
-            "type": "library",
-            "version": "1.0.0"
-        },
-        "timestamp": "2022-07-27T10:06:17.101289+00:00",
-        "tools": [
-            {
-                "name": "cyclonedx-python-lib",
-                "vendor": "CycloneDX",
-                "version": "0.11.0"
-            }
-        ]
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3",
+      "dependsOn": [
+        "0b049d09-64c0-4490-a0f5-c84d9aacf857",
+        "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda"
+      ]
+    },
+    {
+      "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda",
+      "dependsOn": []
     },
-    "serialNumber": "urn:uuid:b1d647c9-e4c5-4d8f-be8a-1751ac3ad4d5",
-    "specVersion": "1.2",
-    "version": 1
-}
+    {
+      "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857",
+      "dependsOn": [
+        "cd3e9c95-9d41-49e7-9924-8cf0465ae789"
+      ]
+    }
+  ]
+}

tests/fixtures/json/1.2/bom_services_complex.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "serialNumber": "urn:uuid:08037a6e-b713-4d63-87db-34e399d87a22",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T11:40:00.700266+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-python-lib",
-        "version": "VERSION"
+        "version": "3.1.2"
       }
     ],
     "component": {
@@ -24,20 +24,20 @@
     {
       "bom-ref": "my-specific-bom-ref-for-my-first-service",
       "provider": {
+        "name": "CycloneDX",
+        "url": [
+          "https://cyclonedx.org"
+        ],
         "contact": [
           {
-            "email": "[email protected]",
-            "name": "Paul Horton"
-          },
-          {
-            "email": "[email protected]",
             "name": "A N Other",
+            "email": "[email protected]",
             "phone": "+44 (0)1234 567890"
+          },
+          {
+            "name": "Paul Horton",
+            "email": "[email protected]"
           }
-        ],
-        "name": "CycloneDX",
-        "url": [
-          "https://cyclonedx.org"
         ]
       },
       "group": "a-group",
@@ -52,8 +52,8 @@
       "x-trust-boundary": true,
       "data": [
         {
-          "classification": "public",
-          "flow": "outbound"
+          "flow": "outbound",
+          "classification": "public"
         }
       ],
       "licenses": [
@@ -63,15 +63,15 @@
       ],
       "externalReferences": [
         {
+          "url": "https://cyclonedx.org",
           "comment": "No comment",
+          "type": "distribution",
           "hashes": [
             {
               "alg": "SHA-256",
               "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
             }
-          ],
-          "type": "distribution",
-          "url": "https://cyclonedx.org"
+          ]
         }
       ]
     },
@@ -86,4 +86,4 @@
       "dependsOn": []
     }
   ]
-}
+}