|
11 | 11 | from app.domain.repo_analyzer.requirement_files.cyclonedx_sbom_analyzer import ( |
12 | 12 | CycloneDxSbomAnalyzer, |
13 | 13 | ) |
| 14 | +from app.domain.repo_analyzer.requirement_files.spdx_sbom_analyzer import ( |
| 15 | + SpdxSbomAnalyzer, |
| 16 | +) |
14 | 17 |
|
15 | 18 |
|
16 | 19 | class TestAnalyzerRegistrySbomDetection: |
@@ -201,3 +204,75 @@ def test_sbom_detection_with_different_cyclonedx_versions(self, registry, temp_d |
201 | 204 | result = registry.detect_sbom_format(f"sbom-{version}.json", temp_dir) |
202 | 205 |
|
203 | 206 | assert result == "cyclonedx", f"Failed for version {version}" |
| 207 | + |
| 208 | + def test_detect_spdx_json_format(self, registry, temp_dir): |
| 209 | + sbom_data = { |
| 210 | + "spdxVersion": "SPDX-2.3", |
| 211 | + "dataLicense": "CC0-1.0", |
| 212 | + "SPDXID": "SPDXRef-DOCUMENT", |
| 213 | + "name": "Test SBOM", |
| 214 | + "packages": [] |
| 215 | + } |
| 216 | + filepath = Path(temp_dir) / "sbom.spdx.json" |
| 217 | + with open(filepath, "w", encoding="utf-8") as f: |
| 218 | + json.dump(sbom_data, f) |
| 219 | + |
| 220 | + result = registry.detect_sbom_format("sbom.spdx.json", temp_dir) |
| 221 | + |
| 222 | + assert result == "spdx" |
| 223 | + |
| 224 | + def test_detect_spdx_xml_format(self, registry, temp_dir): |
| 225 | + root = Element("{http://spdx.org/rdf/terms}SpdxDocument") |
| 226 | + |
| 227 | + filepath = Path(temp_dir) / "sbom.spdx.xml" |
| 228 | + with open(filepath, "wb") as f: |
| 229 | + f.write(tostring(root, encoding="utf-8")) |
| 230 | + |
| 231 | + result = registry.detect_sbom_format("sbom.spdx.xml", temp_dir) |
| 232 | + |
| 233 | + assert result == "spdx" |
| 234 | + |
| 235 | + def test_get_analyzer_returns_spdx_for_valid_sbom_json(self, registry, temp_dir): |
| 236 | + sbom_data = { |
| 237 | + "spdxVersion": "SPDX-2.3", |
| 238 | + "dataLicense": "CC0-1.0", |
| 239 | + "SPDXID": "SPDXRef-DOCUMENT", |
| 240 | + "name": "Test SBOM", |
| 241 | + "packages": [] |
| 242 | + } |
| 243 | + filepath = Path(temp_dir) / "sbom.spdx.json" |
| 244 | + with open(filepath, "w", encoding="utf-8") as f: |
| 245 | + json.dump(sbom_data, f) |
| 246 | + |
| 247 | + analyzer = registry.get_analyzer("sbom.spdx.json", temp_dir) |
| 248 | + |
| 249 | + assert analyzer is not None |
| 250 | + assert isinstance(analyzer, SpdxSbomAnalyzer) |
| 251 | + |
| 252 | + def test_get_analyzer_returns_spdx_for_valid_sbom_xml(self, registry, temp_dir): |
| 253 | + root = Element("{http://spdx.org/rdf/terms}SpdxDocument") |
| 254 | + |
| 255 | + filepath = Path(temp_dir) / "sbom.spdx.xml" |
| 256 | + with open(filepath, "wb") as f: |
| 257 | + f.write(tostring(root, encoding="utf-8")) |
| 258 | + |
| 259 | + analyzer = registry.get_analyzer("sbom.spdx.xml", temp_dir) |
| 260 | + |
| 261 | + assert analyzer is not None |
| 262 | + assert isinstance(analyzer, SpdxSbomAnalyzer) |
| 263 | + |
| 264 | + def test_sbom_detection_with_different_spdx_versions(self, registry, temp_dir): |
| 265 | + for version in ["SPDX-2.2", "SPDX-2.3"]: |
| 266 | + sbom_data = { |
| 267 | + "spdxVersion": version, |
| 268 | + "dataLicense": "CC0-1.0", |
| 269 | + "SPDXID": "SPDXRef-DOCUMENT", |
| 270 | + "packages": [] |
| 271 | + } |
| 272 | + filepath = Path(temp_dir) / f"sbom-{version}.json" |
| 273 | + with open(filepath, "w", encoding="utf-8") as f: |
| 274 | + json.dump(sbom_data, f) |
| 275 | + |
| 276 | + result = registry.detect_sbom_format(f"sbom-{version}.json", temp_dir) |
| 277 | + |
| 278 | + assert result == "spdx", f"Failed for version {version}" |
0 commit comments