brew/Library/Homebrew/test/sbom_spec.rb

# frozen_string_literal: true

require "sbom"

RSpec.describe SBOM do
  describe "#schema_validation_errors" do
    subject(:sbom) { described_class.create(f, tab) }

    before { ENV.delete("HOMEBREW_ENFORCE_SBOM") }

    let(:f) { formula { url "foo-1.0" } }
    let(:tab) { Tab.new }

    it "returns true if valid" do
      expect(sbom.schema_validation_errors).to be_empty
    end

    it "returns true if valid when bottling" do
      expect(sbom.schema_validation_errors(bottling: true)).to be_empty
    end

    context "with a maximal SBOM" do
      let(:f) do
        formula do
          homepage "https://brew.sh"

          url "https://brew.sh/test-0.1.tbz"
          sha256 TEST_SHA256

          patch do
            url "patch_macos"
          end

          bottle do
            sha256 all: "9befdad158e59763fb0622083974a6252878019702d8c961e1bec3a5f5305339"
          end

          # some random dependencies to test with
          depends_on "cmake" => :build
          depends_on "beanstalkd"

          uses_from_macos "python" => :build
          uses_from_macos "zlib"
        end
      end
      let(:tab) do
        beanstalkd = formula "beanstalkd" do
          url "one-1.1"

          bottle do
            sha256 all: "ac4c0330b70dae06eaa8065bfbea78dda277699d1ae8002478017a1bd9cf1908"
          end
        end

        zlib = formula "zlib" do
          url "two-1.1"

          bottle do
            sha256 all: "6a4642964fe5c4d1cc8cd3507541736d5b984e34a303a814ef550d4f2f8242f9"
          end
        end

        runtime_dependencies = [beanstalkd, zlib]
        runtime_deps_hash = runtime_dependencies.map do |dep|
          {
            "full_name"         => dep.full_name,
            "version"           => dep.version.to_s,
            "revision"          => dep.revision,
            "pkg_version"       => dep.pkg_version.to_s,
            "declared_directly" => true,
          }
        end
        allow(Tab).to receive(:runtime_deps_hash).and_return(runtime_deps_hash)
        tab = Tab.create(f, DevelopmentTools.default_compiler, :libcxx)

        allow(Formulary).to receive(:factory).with("beanstalkd").and_return(beanstalkd)
        allow(Formulary).to receive(:factory).with("zlib").and_return(zlib)

        tab
      end

      it "returns true if valid" do
        expect(sbom.schema_validation_errors).to be_empty
      end

      it "returns true if valid when bottling" do
        expect(sbom.schema_validation_errors(bottling: true)).to be_empty
      end
    end

    context "with an invalid SBOM" do
      before do
        allow(sbom).to receive(:to_spdx_sbom).and_return({}) # fake an empty SBOM
      end

      it "returns false" do
        expect(sbom.schema_validation_errors).not_to be_empty
      end

      it "returns false when bottling" do
        expect(sbom.schema_validation_errors(bottling: true)).not_to be_empty
      end
    end
  end
end
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00			`# frozen_string_literal: true`

			`require "sbom"`

Vendor SBOM schema 2024-08-07 17:24:31 +01:00			`RSpec.describe SBOM do`
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`describe "#schema_validation_errors" do`
			`subject(:sbom) { described_class.create(f, tab) }`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`before { ENV.delete("HOMEBREW_ENFORCE_SBOM") }`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`let(:f) { formula { url "foo-1.0" } }`
			`let(:tab) { Tab.new }`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`it "returns true if valid" do`
			`expect(sbom.schema_validation_errors).to be_empty`
			`end`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`it "returns true if valid when bottling" do`
			`expect(sbom.schema_validation_errors(bottling: true)).to be_empty`
			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`context "with a maximal SBOM" do`
			`let(:f) do`
			`formula do`
			`homepage "https://brew.sh"`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`url "https://brew.sh/test-0.1.tbz"`
			`sha256 TEST_SHA256`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`patch do`
			`url "patch_macos"`
			`end`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`bottle do`
			`sha256 all: "9befdad158e59763fb0622083974a6252878019702d8c961e1bec3a5f5305339"`
			`end`

			`# some random dependencies to test with`
			`depends_on "cmake" => :build`
			`depends_on "beanstalkd"`

			`uses_from_macos "python" => :build`
			`uses_from_macos "zlib"`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00			`end`
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`let(:tab) do`
			`beanstalkd = formula "beanstalkd" do`
			`url "one-1.1"`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`bottle do`
			`sha256 all: "ac4c0330b70dae06eaa8065bfbea78dda277699d1ae8002478017a1bd9cf1908"`
			`end`
			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`zlib = formula "zlib" do`
			`url "two-1.1"`

			`bottle do`
			`sha256 all: "6a4642964fe5c4d1cc8cd3507541736d5b984e34a303a814ef550d4f2f8242f9"`
			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00			`end`

sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`runtime_dependencies = [beanstalkd, zlib]`
			`runtime_deps_hash = runtime_dependencies.map do \|dep\|`
			`{`
			`"full_name" => dep.full_name,`
			`"version" => dep.version.to_s,`
			`"revision" => dep.revision,`
			`"pkg_version" => dep.pkg_version.to_s,`
			`"declared_directly" => true,`
			`}`
			`end`
			`allow(Tab).to receive(:runtime_deps_hash).and_return(runtime_deps_hash)`
			`tab = Tab.create(f, DevelopmentTools.default_compiler, :libcxx)`

			`allow(Formulary).to receive(:factory).with("beanstalkd").and_return(beanstalkd)`
			`allow(Formulary).to receive(:factory).with("zlib").and_return(zlib)`

			`tab`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00			`end`

sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`it "returns true if valid" do`
			`expect(sbom.schema_validation_errors).to be_empty`
			`end`
SBOM improvements - write a schema when installing formulae (if not already present) - cache the schema on disk rather than downloading it every time - make more methods/attributes `private` - allow validation to be optional, only enable for Homebrew developers at installation time - use the tab for more, correct information - ensure that dependencies/bottles are written correctly - use new SBOM 3 schema URL - improve test coverage 2024-05-09 13:10:35 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`it "returns true if valid when bottling" do`
			`expect(sbom.schema_validation_errors(bottling: true)).to be_empty`
			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00			`end`
Fix SBOM schema validation 2024-08-08 02:20:03 +01:00
sbom: fix errors, improve reproducibility, tests. - Remove/change data from bottle SBOM to avoid harming reproduciblity - Add `schema_validation_errors` method to provide nicer test failures - Add tests more tests for SBOM when bottling - Cleanup SBOM tests to use more typical RSpec form and be DRYer 2024-08-08 09:34:32 +01:00			`context "with an invalid SBOM" do`
			`before do`
			`allow(sbom).to receive(:to_spdx_sbom).and_return({}) # fake an empty SBOM`
			`end`

			`it "returns false" do`
			`expect(sbom.schema_validation_errors).not_to be_empty`
			`end`

			`it "returns false when bottling" do`
			`expect(sbom.schema_validation_errors(bottling: true)).not_to be_empty`
			`end`
Fix SBOM schema validation 2024-08-08 02:20:03 +01:00			`end`
feat: add generated SPDX file on bottling 2024-02-05 17:42:27 +01:00			`end`
			`end`