1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
from importlib import metadata
from pathlib import Path
from unittest.mock import call, patch
import pytest
from auditwheel._vendor.whichprovides import ProvidedBy
from auditwheel.sboms import create_sbom_for_wheel
def test_invalid_wheel_fname():
with pytest.raises(ValueError, match="Failed to parse wheel file name"):
create_sbom_for_wheel("not-a-wheel", [Path("path")])
@patch("auditwheel.sboms.whichprovides")
def test_create_sbom(whichprovides):
whichprovides.return_value = {
"path": ProvidedBy(
package_type="deb",
package_name="python3",
package_version="3.10.6",
distro="ubuntu",
),
}
auditwheel_version = metadata.version("auditwheel")
wheel_fname = "testpackage-0.0.1-py3-none-any.whl"
sbom = create_sbom_for_wheel(wheel_fname, [Path("path")])
assert whichprovides.call_args_list == [call(["path"])]
assert sbom == {
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"version": 1,
"metadata": {
"component": {
"type": "library",
"bom-ref": f"pkg:pypi/testpackage@0.0.1?file_name={wheel_fname}",
"name": "testpackage",
"version": "0.0.1",
"purl": f"pkg:pypi/testpackage@0.0.1?file_name={wheel_fname}",
},
"tools": [{"name": "auditwheel", "version": auditwheel_version}],
},
"components": [
{
"type": "library",
"bom-ref": f"pkg:pypi/testpackage@0.0.1?file_name={wheel_fname}",
"name": "testpackage",
"version": "0.0.1",
"purl": f"pkg:pypi/testpackage@0.0.1?file_name={wheel_fname}",
},
{
"type": "library",
"bom-ref": "pkg:deb/ubuntu/python3@3.10.6#a0af9f865bf637e6736817f4ce552e4cdf7b8c36ea75bc254c1d1f0af744b5bf", # noqa: E501
"name": "python3",
"version": "3.10.6",
"purl": "pkg:deb/ubuntu/python3@3.10.6",
},
],
"dependencies": [
{
"ref": f"pkg:pypi/testpackage@0.0.1?file_name={wheel_fname}",
"dependsOn": [
"pkg:deb/ubuntu/python3@3.10.6#a0af9f865bf637e6736817f4ce552e4cdf7b8c36ea75bc254c1d1f0af744b5bf",
],
},
{
"ref": "pkg:deb/ubuntu/python3@3.10.6#a0af9f865bf637e6736817f4ce552e4cdf7b8c36ea75bc254c1d1f0af744b5bf", # noqa: E501
},
],
}
|
