Added-unit-test

Author: basel1322

commands/curation/curationaudit_test.go

@@ -427,7 +427,7 @@ func TestDoCurationAudit(t *testing.T) {
 			cleanUp := createCurationTestEnv(t, basePathToTests, tt, config)
 			defer cleanUp()
 			// Create audit command, and run it
-			results, err := createCurationCmdAndRun(tt)
+			results, err := createCurationCmdAndRun(tt, config)
 			// Validate the results
 			if tt.requestToError == nil {
 				assert.NoError(t, err)
@@ -505,14 +505,19 @@ func runPreTestExec(t *testing.T, basePathToTests string, testCase testCase) {
 	callbackPreTest()
 }
 
-func createCurationCmdAndRun(tt testCase) (cmdResults map[string]*CurationReport, err error) {
+func createCurationCmdAndRun(tt testCase, serverDetails *config.ServerDetails) (cmdResults map[string]*CurationReport, err error) {
 	curationCmd := NewCurationAuditCommand()
 	curationCmd.SetIsCurationCmd(true)
 	curationCmd.parallelRequests = 3
 	// For tests, we use localhost http server (nuget have issues without setting insecureTls)
 	curationCmd.SetInsecureTls(true)
 	curationCmd.SetIgnoreConfigFile(tt.shouldIgnoreConfigFile)
 	curationCmd.SetInsecureTls(tt.allowInsecureTls)
+	if tt.dockerImageName != "" {
+		curationCmd.SetDockerImageName(tt.dockerImageName)
+		// Docker requires server details to be set explicitly
+		curationCmd.SetServerDetails(serverDetails)
+	}
 	cmdResults = map[string]*CurationReport{}
 	err = curationCmd.doCurateAudit(cmdResults)
 	return
@@ -568,6 +573,7 @@ type testCase struct {
 	tech                     techutils.Technology
 	createServerWithoutCreds bool
 	allowInsecureTls         bool
+	dockerImageName          string
 }
 
 func (tc testCase) getPathToTests() string {
@@ -983,6 +989,43 @@ func getTestCasesForDoCurationAudit() []testCase {
 			},
 			allowInsecureTls: true,
 		},
+		{
+			name:            "docker tree - one blocked package",
+			tech:            techutils.Docker,
+			pathToProject:   filepath.Join("projects", "package-managers", "docker", "curation-project"),
+			dockerImageName: "repo-test-docker/dweomer/nginx-auth-ldap:1.13.5-on-alpine-3.5",
+			requestToFail: map[string]bool{
+				"/api/docker/repo-test-docker/v2/dweomer/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5": true,
+			},
+			expectedRequest: map[string]bool{
+				"/api/docker/repo-test-docker/v2/dweomer/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5": false,
+			},
+			expectedResp: map[string]*CurationReport{
+				"root:latest": {
+					packagesStatus: []*PackageStatus{
+						{
+							Action:            "blocked",
+							ParentName:        "dweomer/nginx-auth-ldap",
+							ParentVersion:     "1.13.5-on-alpine-3.5",
+							BlockedPackageUrl: "/api/docker/repo-test-docker/v2/dweomer/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5",
+							PackageName:       "dweomer/nginx-auth-ldap",
+							PackageVersion:    "1.13.5-on-alpine-3.5",
+							DepRelation:       "direct",
+							PkgType:           "docker",
+							BlockingReason:    "Policy violations",
+							Policy: []Policy{
+								{
+									Policy:    "pol1",
+									Condition: "cond1",
+								},
+							},
+						},
+					},
+					totalNumberOfPackages: 0,
+				},
+			},
+			allowInsecureTls: true,
+		},
 	}
 	return tests
 }
@@ -1185,6 +1228,99 @@ func Test_getGemNameScopeAndVersion(t *testing.T) {
 	}
 }
 
+func Test_getDockerNameScopeAndVersion(t *testing.T) {
+	tests := []struct {
+		name             string
+		id               string
+		artiUrl          string
+		repo             string
+		wantDownloadUrls []string
+		wantName         string
+		wantScope        string
+		wantVersion      string
+	}{
+		{
+			name:             "Basic docker image with tag",
+			id:               "docker://nginx:1.21.0",
+			artiUrl:          "http://test.jfrog.io/artifactory",
+			repo:             "docker-remote",
+			wantDownloadUrls: []string{"http://test.jfrog.io/artifactory/api/docker/docker-remote/v2/nginx/manifests/1.21.0"},
+			wantName:         "nginx",
+			wantScope:        "",
+			wantVersion:      "1.21.0",
+		},
+		{
+			name:             "Docker image with registry prefix",
+			id:               "docker://registry.example.com/nginx:1.21.0",
+			artiUrl:          "http://test.jfrog.io/artifactory",
+			repo:             "docker-remote",
+			wantDownloadUrls: []string{"http://test.jfrog.io/artifactory/api/docker/docker-remote/v2/registry.example.com/nginx/manifests/1.21.0"},
+			wantName:         "registry.example.com/nginx",
+			wantScope:        "",
+			wantVersion:      "1.21.0",
+		},
+		{
+			name:             "Docker image with sha256 digest",
+			id:               "docker://nginx:sha256:abc123def456",
+			artiUrl:          "http://test.jfrog.io/artifactory",
+			repo:             "docker-remote",
+			wantDownloadUrls: []string{"http://test.jfrog.io/artifactory/api/docker/docker-remote/v2/nginx/manifests/sha256:abc123def456"},
+			wantName:         "nginx",
+			wantScope:        "",
+			wantVersion:      "sha256:abc123def456",
+		},
+		{
+			name:             "Docker image without version defaults to latest",
+			id:               "docker://nginx",
+			artiUrl:          "http://test.jfrog.io/artifactory",
+			repo:             "docker-remote",
+			wantDownloadUrls: []string{"http://test.jfrog.io/artifactory/api/docker/docker-remote/v2/nginx/manifests/latest"},
+			wantName:         "nginx",
+			wantScope:        "",
+			wantVersion:      "latest",
+		},
+		{
+			name:             "Empty id returns empty values",
+			id:               "",
+			artiUrl:          "http://test.jfrog.io/artifactory",
+			repo:             "docker-remote",
+			wantDownloadUrls: nil,
+			wantName:         "",
+			wantScope:        "",
+			wantVersion:      "",
+		},
+		{
+			name:             "Without artiUrl and repo, no download URL",
+			id:               "docker://nginx:1.21.0",
+			artiUrl:          "",
+			repo:             "",
+			wantDownloadUrls: nil,
+			wantName:         "nginx",
+			wantScope:        "",
+			wantVersion:      "1.21.0",
+		},
+		{
+			name:             "Artifactory URL with trailing slash",
+			id:               "docker://nginx:1.21.0",
+			artiUrl:          "http://test.jfrog.io/artifactory/",
+			repo:             "docker-remote",
+			wantDownloadUrls: []string{"http://test.jfrog.io/artifactory/api/docker/docker-remote/v2/nginx/manifests/1.21.0"},
+			wantName:         "nginx",
+			wantScope:        "",
+			wantVersion:      "1.21.0",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotDownloadUrls, gotName, gotScope, gotVersion := getDockerNameScopeAndVersion(tt.id, tt.artiUrl, tt.repo)
+			assert.Equal(t, tt.wantDownloadUrls, gotDownloadUrls, "downloadUrls mismatch")
+			assert.Equal(t, tt.wantName, gotName, "name mismatch")
+			assert.Equal(t, tt.wantScope, gotScope, "scope mismatch")
+			assert.Equal(t, tt.wantVersion, gotVersion, "version mismatch")
+		})
+	}
+}
+
 func Test_getNugetNameScopeAndVersion(t *testing.T) {
 	tests := []struct {
 		name        string

sca/bom/buildinfo/technologies/docker/docker_test.go

@@ -0,0 +1,150 @@
+package docker
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	coreCommonTests "github.com/jfrog/jfrog-cli-core/v2/common/tests"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo/technologies"
+)
+
+func TestBuildDependencyTree(t *testing.T) {
+	tests := []struct {
+		name               string
+		dockerImageName    string
+		expectedUniqueDeps []string
+		expectError        bool
+	}{
+		{
+			name:               "Valid docker image with repo and tag",
+			dockerImageName:    "my-repo/my-image:v1.0.0",
+			expectedUniqueDeps: []string{"docker://my-image:v1.0.0"},
+			expectError:        false,
+		},
+		{
+			name:               "Docker image with library prefix",
+			dockerImageName:    "my-repo/library/my-image:latest",
+			expectedUniqueDeps: []string{"docker://my-image:latest"},
+			expectError:        false,
+		},
+		{
+			name:               "Docker image without tag (defaults to latest)",
+			dockerImageName:    "my-repo/my-image",
+			expectedUniqueDeps: []string{"docker://my-image:latest"},
+			expectError:        false,
+		},
+		{
+			name:               "Empty docker image name",
+			dockerImageName:    "",
+			expectedUniqueDeps: nil,
+			expectError:        true,
+		},
+		{
+			name:               "Invalid format - no repo",
+			dockerImageName:    "image:tag",
+			expectedUniqueDeps: nil,
+			expectError:        true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			params := technologies.BuildInfoBomGeneratorParams{
+				DockerImageName: tt.dockerImageName,
+			}
+			_, uniqueDeps, err := BuildDependencyTree(params)
+
+			if tt.expectError {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+				assert.ElementsMatch(t, uniqueDeps, tt.expectedUniqueDeps, "Unique dependencies mismatch. First is actual, Second is Expected")
+			}
+		})
+	}
+}
+func TestBuildDependencyTree_MultiArch(t *testing.T) {
+	manifestListResponse := `{
+		"schemaVersion": 2,
+		"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
+		"manifests": [
+			{
+				"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+				"size": 2413,
+				"digest": "sha256:3446f171923148a8e1ef9ed402f6eefcf69811c2b25cd969e13ef175a310836d",
+				"platform": {
+					"architecture": "amd64",
+					"os": "linux"
+				}
+			},
+			{
+				"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+				"size": 2413,
+				"digest": "sha256:cb7bf93be94a38ca93a8dbca4468ce86079c6c83aacc8d603090db29fcaaf7b8",
+				"platform": {
+					"architecture": "arm64",
+					"os": "linux"
+				}
+			},
+			{
+				"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+				"size": 2412,
+				"digest": "sha256:27ac676b8471b951f257b1349c6f69b5f8738499494f89270f48b3c798beada4",
+				"platform": {
+					"architecture": "arm",
+					"os": "linux",
+					"variant": "v7"
+				}
+			}
+		]
+	}`
+
+	serverMock, serverDetails, _ := coreCommonTests.CreateRtRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodHead {
+			if strings.Contains(r.RequestURI, "/api/docker/") && strings.Contains(r.RequestURI, "/manifests/") {
+				w.Header().Set("Content-Type", "application/vnd.docker.distribution.manifest.list.v2+json")
+				w.WriteHeader(http.StatusOK)
+			}
+		}
+		if r.Method == http.MethodGet {
+			if strings.Contains(r.RequestURI, "/api/docker/") && strings.Contains(r.RequestURI, "/manifests/") {
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(http.StatusOK)
+				w.Write([]byte(manifestListResponse))
+			}
+		}
+	})
+	defer serverMock.Close()
+
+	serverDetails.ArtifactoryUrl = serverDetails.Url + "artifactory"
+
+	params := technologies.BuildInfoBomGeneratorParams{
+		DockerImageName: "my-repo/my-image:v1.0.0",
+		ServerDetails:   serverDetails,
+	}
+
+	trees, uniqueDeps, err := BuildDependencyTree(params)
+	assert.NoError(t, err)
+	assert.NotNil(t, trees)
+
+	expectedUniqueDeps := []string{
+		"docker://my-image:sha256:3446f171923148a8e1ef9ed402f6eefcf69811c2b25cd969e13ef175a310836d",
+		"docker://my-image:sha256:cb7bf93be94a38ca93a8dbca4468ce86079c6c83aacc8d603090db29fcaaf7b8",
+		"docker://my-image:sha256:27ac676b8471b951f257b1349c6f69b5f8738499494f89270f48b3c798beada4",
+	}
+	assert.ElementsMatch(t, uniqueDeps, expectedUniqueDeps, "Unique dependencies mismatch. First is actual, Second is Expected")
+
+	require.Len(t, trees, 1)
+	assert.Equal(t, "root", trees[0].Id)
+	assert.Len(t, trees[0].Nodes, 3)
+
+	nodeIds := make([]string, 0, len(trees[0].Nodes))
+	for _, node := range trees[0].Nodes {
+		nodeIds = append(nodeIds, node.Id)
+	}
+	assert.ElementsMatch(t, nodeIds, expectedUniqueDeps)
+}