tests: test .builder.this.this_tool

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/builder/this.py

@@ -37,18 +37,23 @@ def this_component() -> Component:
         licenses=(DisjunctiveLicense(id='Apache-2.0',
                                      acknowledgement=LicenseAcknowledgement.DECLARED),),
         external_references=(
+            # let's assume this is not a fork
             ExternalReference(
-                type=ExternalReferenceType.BUILD_SYSTEM,
-                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/actions')
-            ),
-            ExternalReference(
-                type=ExternalReferenceType.DISTRIBUTION,
-                url=XsUri('https://pypi.org/project/cyclonedx-python-lib/')
+                type=ExternalReferenceType.WEBSITE,
+                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/#readme')
             ),
             ExternalReference(
                 type=ExternalReferenceType.DOCUMENTATION,
                 url=XsUri('https://cyclonedx-python-library.readthedocs.io/')
             ),
+            ExternalReference(
+                type=ExternalReferenceType.VCS,
+                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib')
+            ),
+            ExternalReference(
+                type=ExternalReferenceType.BUILD_SYSTEM,
+                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/actions')
+            ),
             ExternalReference(
                 type=ExternalReferenceType.ISSUE_TRACKER,
                 url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/issues')
@@ -61,13 +66,10 @@ def this_component() -> Component:
                 type=ExternalReferenceType.RELEASE_NOTES,
                 url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md')
             ),
+            # we cannot assert where the lib was fetched from, but we can give a hint
             ExternalReference(
-                type=ExternalReferenceType.VCS,
-                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib')
-            ),
-            ExternalReference(
-                type=ExternalReferenceType.WEBSITE,
-                url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/#readme')
+                type=ExternalReferenceType.DISTRIBUTION,
+                url=XsUri('https://pypi.org/project/cyclonedx-python-lib/')
             ),
         ),
         # to be extended...

pyproject.toml

@@ -95,6 +95,7 @@ pep8-naming = "0.14.1"
 isort = "5.13.2"
 autopep8 = "2.3.1"
 mypy = "1.11.2"
+toml = { version="0.10.2", python="<3.11"}
 tox = "4.18.0"
 xmldiff = "2.7.0"
 bandit = "1.7.9"

tests/__init__.py

@@ -14,13 +14,19 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import re
+import sys
 from os import getenv, path
-from os.path import basename, join, splitext
-from typing import TYPE_CHECKING, Any, Generator, Iterable, List, Optional, Tuple, TypeVar, Union
+from typing import TYPE_CHECKING, Any, Dict, Generator, Iterable, List, Optional, Tuple, TypeVar, Union
 from unittest import TestCase
 from uuid import UUID
 
+if sys.version_info >= (3, 11):
+    from tomllib import load as toml_load
+else:
+    from toml import load as toml_load
+
 from sortedcontainers import SortedSet
 
 from cyclonedx.output import BomRefDiscriminator as _BomRefDiscriminator
@@ -47,7 +53,7 @@ class SnapshotMixin:
 
     @staticmethod
     def getSnapshotFile(snapshot_name: str) -> str:  # noqa: N802
-        return join(SNAPSHOTS_DIRECTORY, f'{snapshot_name}.bin')
+        return path.join(SNAPSHOTS_DIRECTORY, f'{snapshot_name}.bin')
 
     @classmethod
     def writeSnapshot(cls, snapshot_name: str, data: str) -> None:  # noqa: N802
@@ -189,4 +195,9 @@ class DpTuple(Tuple[SchemaVersion, str]):
     @property
     def __name__(self) -> str:
         schema_version, test_data_file = self
-        return f'{schema_version.to_version()}-{splitext(basename(test_data_file))[0]}'
+        return f'{schema_version.to_version()}-{path.splitext(path.basename(test_data_file))[0]}'
+
+
+def load_pyproject() -> Dict[str, Any]:
+    with open(path.join(path.dirname(__file__), '..', 'pyproject.toml'), 'rb') as f:
+        return toml_load(f)

tests/test_builder_this.py

@@ -0,0 +1,79 @@
+# This file is part of CycloneDX Python Lib
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
+from typing import Any, Dict, Iterable, Tuple
+from unittest import TestCase
+
+from cyclonedx.builder.this import this_component, this_tool
+from cyclonedx.model import ExternalReference, ExternalReferenceType
+from cyclonedx.model.component import ComponentType
+from cyclonedx.model.license import License, LicenseAcknowledgement
+from tests import load_pyproject
+
+
+class TestThisBase(TestCase):
+
+    @staticmethod
+    def __first_ers_uri(t: ExternalReferenceType, ers: Iterable[ExternalReference]) -> str:
+        return next(filter(lambda r: r.type is t, ers)).url.uri
+
+    def assertExtRefs(self, p: Dict[str, Any], ers: Iterable[ExternalReference]) -> None:  # noqa:N802
+        self.assertEqual(p['tool']['poetry']['homepage'], self.__first_ers_uri(
+            ExternalReferenceType.WEBSITE, ers))
+        self.assertEqual(p['tool']['poetry']['repository'], self.__first_ers_uri(
+            ExternalReferenceType.VCS, ers))
+        self.assertEqual(p['tool']['poetry']['documentation'], self.__first_ers_uri(
+            ExternalReferenceType.DOCUMENTATION, ers))
+
+
+class TestThisComponent(TestThisBase):
+    def test_basics(self) -> None:
+        p = load_pyproject()
+        c = this_component()
+        self.assertIs(ComponentType.LIBRARY, c.type)
+        self.assertEqual('CycloneDX', c.group)
+        self.assertEqual(p['tool']['poetry']['name'], c.name)
+        self.assertEqual(p['tool']['poetry']['version'], c.version)
+        self.assertEqual(p['tool']['poetry']['description'], c.description)
+
+    def test_license(self) -> None:
+        p = load_pyproject()
+        ls: Tuple[License, ...] = tuple(this_component().licenses)
+        self.assertEqual(1, len(ls))
+        l = ls[0]  # noqa:E741
+        self.assertIs(LicenseAcknowledgement.DECLARED, l.acknowledgement)
+        # this uses the fact that poetry expect license declarations as valid SPDX-license-id
+        self.assertEqual(p['tool']['poetry']['license'], l.id)
+
+    def test_extrefs(self) -> None:
+        p = load_pyproject()
+        ers: Tuple[ExternalReference, ...] = tuple(this_component().external_references)
+        self.assertExtRefs(p, ers)
+
+
+class TestThisTool(TestThisBase):
+    def test_basics(self) -> None:
+        p = load_pyproject()
+        t = this_tool()
+        self.assertEqual('CycloneDX', t.vendor)
+        self.assertEqual(p['tool']['poetry']['name'], t.name)
+        self.assertEqual(p['tool']['poetry']['version'], t.version)
+
+    def test_extrefs(self) -> None:
+        p = load_pyproject()
+        ers: Tuple[ExternalReference, ...] = tuple(this_tool().external_references)
+        self.assertExtRefs(p, ers)