test: deactivate spdxjson tests

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
ckotzbauer · Dec 4, 2022 · 4c74f0d · 4c74f0d
1 parent a57737b
commit 4c74f0d
Show file tree

Hide file tree

Showing 10 changed files with 193 additions and 35 deletions.
diff --git a/internal/syft/fixtures/alpine.cyclonedx b/internal/syft/fixtures/alpine.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:25c5b431-22ca-4fa3-810a-bf1703b1627c" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:d597a0ae-e9c7-40bd-8dd2-d6972ecdac08" version="1">
   <metadata>
-    <timestamp>2022-11-21T16:47:34+01:00</timestamp>
+    <timestamp>2022-12-03T11:59:25+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.1</version>
+        <version>0.62.3</version>
       </tool>
     </tools>
     <component bom-ref="241b78ecbec7d4b6" type="container">
@@ -169,6 +169,18 @@
         <property name="syft:metadata:size">120973</property>
       </properties>
     </component>
+    <component bom-ref="d49bb0510b7c7ca7" type="library">
+      <name>busybox</name>
+      <version>1.35.0</version>
+      <cpe>cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*</cpe>
+      <properties>
+        <property name="syft:package:language">binary</property>
+        <property name="syft:package:metadataType">BinaryMetadata</property>
+        <property name="syft:package:type">binary</property>
+        <property name="syft:location:0:layerID">sha256:af57c4b7f0528a43b8203bc339c656496635b7ce67b94c3f034b00a62e6fdf82</property>
+        <property name="syft:location:0:path">/bin/busybox</property>
+      </properties>
+    </component>
     <component bom-ref="pkg:alpine/busybox@1.35.0-r27?arch=x86_64&amp;upstream=busybox&amp;distro=alpine-3.17.0_rc1&amp;package-id=757a346b43f898cc" type="library">
       <publisher>Sören Tempel &lt;soeren+alpine@soeren-tempel.net&gt;</publisher>
       <name>busybox</name>

diff --git a/internal/syft/fixtures/alpine.json b/internal/syft/fixtures/alpine.json
@@ -1078,6 +1078,31 @@
     ]
    }
   },
+  {
+   "id": "d49bb0510b7c7ca7",
+   "name": "busybox",
+   "version": "1.35.0",
+   "type": "binary",
+   "foundBy": "",
+   "locations": [
+    {
+     "path": "/bin/busybox",
+     "layerID": "sha256:af57c4b7f0528a43b8203bc339c656496635b7ce67b94c3f034b00a62e6fdf82"
+    }
+   ],
+   "licenses": [],
+   "language": "binary",
+   "cpes": [
+    "cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*"
+   ],
+   "purl": "",
+   "metadataType": "BinaryMetadata",
+   "metadata": {
+    "classifier": "busybox-binary",
+    "realPath": "/bin/busybox",
+    "virtualPath": "/bin/busybox"
+   }
+  },
   {
    "id": "757a346b43f898cc",
    "name": "busybox",
@@ -2401,6 +2426,16 @@
    "child": "a21cea1ea334e33",
    "type": "contains"
   },
+  {
+   "parent": "757a346b43f898cc",
+   "child": "d49bb0510b7c7ca7",
+   "type": "ownership-by-file-overlap",
+   "metadata": {
+    "files": [
+     "/bin/busybox"
+    ]
+   }
+  },
   {
    "parent": "757a346b43f898cc",
    "child": "e3e2f3630e2006e6",
@@ -2556,6 +2591,11 @@
    "child": "94014313cfcd2b71",
    "type": "contains"
   },
+  {
+   "parent": "9dd89930b3a7cc289bb4c70b85b7a910acb21240f52c405e586ca54db078a0c5",
+   "child": "d49bb0510b7c7ca7",
+   "type": "contains"
+  },
   {
    "parent": "9dd89930b3a7cc289bb4c70b85b7a910acb21240f52c405e586ca54db078a0c5",
    "child": "d9700f02cf26e8b8",
@@ -3254,7 +3294,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.62.1",
+  "version": "0.62.3",
   "configuration": {
    "configPath": "",
    "verbosity": 0,

diff --git a/internal/syft/fixtures/alpine.spdxjson b/internal/syft/fixtures/alpine.spdxjson
@@ -3,14 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "alpine@sha256:36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61",
- "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61-8b4ae823-46e6-4466-9c95-a562563f44d3",
+ "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61-fd4343a9-fd0b-4530-b314-688fbdb3c9ea",
  "creationInfo": {
   "licenseListVersion": "3.18",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.62.1"
+   "Tool: syft-0.62.3"
   ],
-  "created": "2022-11-21T15:47:36Z",
+  "created": "2022-12-03T10:59:28Z",
   "comment": ""
  },
  "packages": [
@@ -262,6 +262,24 @@
     }
    ]
   },
+  {
+   "name": "busybox",
+   "SPDXID": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
+   "versionInfo": "1.35.0",
+   "downloadLocation": "NOASSERTION",
+   "sourceInfo": "acquired package info from the following paths: /bin/busybox",
+   "licenseConcluded": "NONE",
+   "licenseDeclared": "NONE",
+   "copyrightText": "NOASSERTION",
+   "externalRefs": [
+    {
+     "referenceCategory": "SECURITY",
+     "referenceType": "cpe23Type",
+     "referenceLocator": "cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*",
+     "comment": ""
+    }
+   ]
+  },
   {
    "name": "busybox",
    "SPDXID": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
@@ -1637,6 +1655,12 @@
    "relatedSpdxElement": "SPDXRef-a21cea1ea334e33",
    "relationshipType": "CONTAINS"
   },
+  {
+   "spdxElementId": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
+   "relatedSpdxElement": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
+   "relationshipType": "OTHER",
+   "comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
+  },
   {
    "spdxElementId": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
    "relatedSpdxElement": "SPDXRef-e3e2f3630e2006e6",

diff --git a/internal/syft/fixtures/mysql.cyclonedx b/internal/syft/fixtures/mysql.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:0c37d1b9-5883-4555-9f61-b574de3063a0" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:669f13fa-9256-491d-bdbb-9732df286324" version="1">
   <metadata>
-    <timestamp>2022-11-21T16:49:02+01:00</timestamp>
+    <timestamp>2022-12-03T12:00:51+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.1</version>
+        <version>0.62.3</version>
       </tool>
     </tools>
     <component bom-ref="ff873208b8358031" type="container">
@@ -2706,6 +2706,18 @@
         <property name="syft:location:3:path">/usr/lib/mysqlsh/lib/python3.9/site-packages/pycparser-2.21.dist-info/top_level.txt</property>
       </properties>
     </component>
+    <component bom-ref="ec4390d0c580e6b" type="library">
+      <name>python</name>
+      <version>3.9.13</version>
+      <cpe>cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*</cpe>
+      <properties>
+        <property name="syft:package:language">binary</property>
+        <property name="syft:package:metadataType">BinaryMetadata</property>
+        <property name="syft:package:type">binary</property>
+        <property name="syft:location:0:layerID">sha256:8848f79a3581bf86a7e56316dabb50874edc82861eded7258656f43d55aecb00</property>
+        <property name="syft:location:0:path">/usr/lib64/libpython3.9.so.1.0</property>
+      </properties>
+    </component>
     <component bom-ref="pkg:pypi/python-dateutil@2.8.2?package-id=a3914181c2fbe0c5" type="library">
       <author>Gustavo Niemeyer &lt;gustavo@niemeyer.net&gt;</author>
       <name>python-dateutil</name>

diff --git a/internal/syft/fixtures/mysql.json b/internal/syft/fixtures/mysql.json
@@ -242805,6 +242805,31 @@
     }
    }
   },
+  {
+   "id": "9efef1e832eed7c1",
+   "name": "python",
+   "version": "3.9.13",
+   "type": "binary",
+   "foundBy": "",
+   "locations": [
+    {
+     "path": "/usr/lib64/libpython3.9.so.1.0",
+     "layerID": "sha256:8848f79a3581bf86a7e56316dabb50874edc82861eded7258656f43d55aecb00"
+    }
+   ],
+   "licenses": [],
+   "language": "binary",
+   "cpes": [
+    "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*"
+   ],
+   "purl": "",
+   "metadataType": "BinaryMetadata",
+   "metadata": {
+    "classifier": "python-binary-lib",
+    "realPath": "/usr/lib64/libpython3.9.so.1.0",
+    "virtualPath": "/usr/lib64/libpython3.9.so.1.0"
+   }
+  },
   {
    "id": "a3914181c2fbe0c5",
    "name": "python-dateutil",
@@ -314313,6 +314338,11 @@
    "child": "9e4edc9305f3ce74",
    "type": "contains"
   },
+  {
+   "parent": "3fdbc2ee9a80a661f4aa7009ea5b4f0680094a0ad3d89582cb6cbc558691daaa",
+   "child": "9efef1e832eed7c1",
+   "type": "contains"
+  },
   {
    "parent": "3fdbc2ee9a80a661f4aa7009ea5b4f0680094a0ad3d89582cb6cbc558691daaa",
    "child": "9f58facbe8be5402",
@@ -321153,6 +321183,16 @@
    "child": "9ef3a72f63b2567",
    "type": "contains"
   },
+  {
+   "parent": "571b92f4521dba95",
+   "child": "9efef1e832eed7c1",
+   "type": "ownership-by-file-overlap",
+   "metadata": {
+    "files": [
+     "/usr/lib64/libpython3.9.so.1.0"
+    ]
+   }
+  },
   {
    "parent": "571b92f4521dba95",
    "child": "9f1704afc4eaa4d0",
@@ -471698,7 +471738,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.62.1",
+  "version": "0.62.3",
   "configuration": {
    "configPath": "",
    "verbosity": 0,

diff --git a/internal/syft/fixtures/mysql.spdxjson b/internal/syft/fixtures/mysql.spdxjson
@@ -3,14 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "mysql@sha256:96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492",
- "documentNamespace": "https://anchore.com/syft/image/mysql@sha256-96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492-1aaedfdd-2e79-43bf-a448-0fa630b8b4de",
+ "documentNamespace": "https://anchore.com/syft/image/mysql@sha256-96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492-b0a207ad-780b-4940-9904-540b6cf5e45e",
  "creationInfo": {
   "licenseListVersion": "3.18",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.62.1"
+   "Tool: syft-0.62.3"
   ],
-  "created": "2022-11-21T15:49:41Z",
+  "created": "2022-12-03T11:01:30Z",
   "comment": ""
  },
  "packages": [
@@ -6028,6 +6028,24 @@
     }
    ]
   },
+  {
+   "name": "python",
+   "SPDXID": "SPDXRef-Package-binary-python-ec4390d0c580e6b",
+   "versionInfo": "3.9.13",
+   "downloadLocation": "NOASSERTION",
+   "sourceInfo": "acquired package info from the following paths: /usr/lib64/libpython3.9.so.1.0",
+   "licenseConcluded": "NONE",
+   "licenseDeclared": "NONE",
+   "copyrightText": "NOASSERTION",
+   "externalRefs": [
+    {
+     "referenceCategory": "SECURITY",
+     "referenceType": "cpe23Type",
+     "referenceLocator": "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*",
+     "comment": ""
+    }
+   ]
+  },
   {
    "name": "python-dateutil",
    "SPDXID": "SPDXRef-Package-python-python-dateutil-a3914181c2fbe0c5",
@@ -131783,6 +131801,12 @@
    "relatedSpdxElement": "SPDXRef-ec2d735286e78374",
    "relationshipType": "CONTAINS"
   },
+  {
+   "spdxElementId": "SPDXRef-Package-rpm-python39-libs-571b92f4521dba95",
+   "relatedSpdxElement": "SPDXRef-Package-binary-python-ec4390d0c580e6b",
+   "relationshipType": "OTHER",
+   "comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
+  },
   {
    "spdxElementId": "SPDXRef-Package-rpm-python39-libs-571b92f4521dba95",
    "relatedSpdxElement": "SPDXRef-ec859c95d532b5ed",

diff --git a/internal/syft/fixtures/node.cyclonedx b/internal/syft/fixtures/node.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:b314087e-a2df-4253-81b3-7c60f9b54a48" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:da6e5297-482c-4b5d-b0fb-e4b200052743" version="1">
   <metadata>
-    <timestamp>2022-11-21T16:50:16+01:00</timestamp>
+    <timestamp>2022-12-03T12:02:10+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.1</version>
+        <version>0.62.3</version>
       </tool>
     </tools>
     <component bom-ref="36cc3d123ca150cc" type="container">
@@ -6829,12 +6829,12 @@
         <property name="syft:location:0:path">/usr/local/lib/node_modules/npm/node_modules/negotiator/package.json</property>
       </properties>
     </component>
-    <component bom-ref="2f43fea7157cf4ce" type="library">
+    <component bom-ref="pkg:generic/node@16.13.2?package-id=e66b7829ad2d00a0" type="library">
       <name>node</name>
       <version>16.13.2</version>
       <cpe>cpe:2.3:a:nodejs:node.js:16.13.2:*:*:*:*:*:*:*</cpe>
+      <purl>pkg:generic/node@16.13.2</purl>
       <properties>
-        <property name="syft:package:foundBy">node-binary-cataloger</property>
         <property name="syft:package:language">javascript</property>
         <property name="syft:package:metadataType">BinaryMetadata</property>
         <property name="syft:package:type">binary</property>