@cyclonedx/cdxgen
Version:
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
106 lines (99 loc) • 3.09 kB
JavaScript
import { assert, describe, it } from "poku";
import {
collectPyLockDependencyRelationships,
collectPyLockFileComponents,
collectPyLockTopLevelProperties,
getPyLockPackages,
isDefaultPypiRegistry,
isPyLockFile,
isPyLockObject,
normalizePyLockRegistry,
} from "./pylockutils.js";
describe("pylockutils", () => {
it("detects valid pylock file names", () => {
assert.ok(isPyLockFile("/tmp/pylock.toml"));
assert.ok(isPyLockFile("/tmp/pylock.api.toml"));
assert.ok(!isPyLockFile("/tmp/poetry.lock"));
});
it("detects pylock object shape and packages", () => {
const pylockData = {
"lock-version": "1.0",
packages: [{ name: "attrs", version: "1.0.0" }],
};
assert.ok(isPyLockObject(pylockData));
assert.deepStrictEqual(getPyLockPackages(pylockData).length, 1);
});
it("collects pylock top-level custom properties", () => {
const properties = collectPyLockTopLevelProperties({
"lock-version": "1.0",
"requires-python": ">=3.11",
"created-by": "uv",
});
assert.ok(
properties.some(
(p) => p.name === "cdx:pylock:lock_version" && p.value === "1.0",
),
);
assert.ok(
properties.some(
(p) => p.name === "cdx:pylock:requires_python" && p.value === ">=3.11",
),
);
assert.ok(
properties.some(
(p) => p.name === "cdx:pylock:created_by" && p.value === "uv",
),
);
});
it("normalizes registry URLs and semantic dependency relationships", () => {
assert.strictEqual(
normalizePyLockRegistry("https://pypi.org/simple/?token=secret#frag"),
"https://pypi.org/simple",
);
assert.strictEqual(
isDefaultPypiRegistry("https://pypi.org/simple/?token=secret"),
true,
);
assert.deepStrictEqual(
collectPyLockDependencyRelationships({
dependencies: ["httpx>=0.27.0"],
extras: { cli: ["rich>=13.0"] },
"dependency-groups": { dev: ["pytest>=8.0"] },
}),
[
{ name: "pytest", scope: "dependency-group" },
{ name: "rich", scope: "optional-extra" },
{ name: "httpx", scope: "required" },
],
);
});
it("creates artifact components with normalized distribution metadata", () => {
const components = collectPyLockFileComponents(
{
name: "demo",
wheels: [
{
url: "https://files.pythonhosted.org/packages/demo.whl?token=secret",
hashes: {
sha256: "abc",
sha256_digest: "abc",
blake2b_256: "def",
},
index: "https://custom.example/simple/",
},
],
},
"/tmp/pylock.toml",
);
assert.strictEqual(components.length, 1);
assert.strictEqual(
components[0].externalReferences?.[0]?.url,
"https://files.pythonhosted.org/packages/demo.whl",
);
assert.deepStrictEqual(components[0].hashes, [
{ alg: "BLAKE2B-256", content: "def" },
{ alg: "SHA-256", content: "abc" },
{ alg: "SHA-256_DIGEST", content: "abc" },
]);
});
});