mirror of
https://github.com/syntrex-lab/gomcp.git
synced 2026-05-10 20:12:36 +02:00
Release prep: 54 engines, self-hosted signatures, i18n, dashboard updates
This commit is contained in:
DmitrL-dev
parent
694e32be26
commit
41cbfd6e0a
178 changed files with 36008 additions and 399 deletions
83
internal/infrastructure/sbom/sbom_test.go
Normal file
83
internal/infrastructure/sbom/sbom_test.go
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
package sbom
|
||||
|
||||
import (
|
||||
"crypto/ed25519"
|
||||
"encoding/json"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestNewGenerator(t *testing.T) {
|
||||
g := NewGenerator("SENTINEL", "2.1.0")
|
||||
if g.productName != "SENTINEL" {
|
||||
t.Errorf("product = %s", g.productName)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGenerateSPDX(t *testing.T) {
|
||||
g := NewGenerator("SENTINEL AI SOC", "2.1.0")
|
||||
g.AddDependency("golang.org/x/crypto", "v0.21.0", "BSD-3-Clause")
|
||||
g.AddDependency("gopkg.in/yaml.v3", "v3.0.1", "Apache-2.0")
|
||||
|
||||
doc, err := g.GenerateSPDX()
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateSPDX: %v", err)
|
||||
}
|
||||
|
||||
if doc.SPDXVersion != "SPDX-2.3" {
|
||||
t.Errorf("version = %s", doc.SPDXVersion)
|
||||
}
|
||||
// Product + 2 deps = 3 packages.
|
||||
if len(doc.Packages) != 3 {
|
||||
t.Errorf("packages = %d, want 3", len(doc.Packages))
|
||||
}
|
||||
if len(doc.Relationships) != 2 {
|
||||
t.Errorf("relationships = %d, want 2", len(doc.Relationships))
|
||||
}
|
||||
}
|
||||
|
||||
func TestExportJSON(t *testing.T) {
|
||||
g := NewGenerator("test", "1.0.0")
|
||||
g.AddDependency("dep1", "v1.0.0", "MIT")
|
||||
doc, _ := g.GenerateSPDX()
|
||||
|
||||
data, err := ExportJSON(doc)
|
||||
if err != nil {
|
||||
t.Fatalf("ExportJSON: %v", err)
|
||||
}
|
||||
|
||||
var parsed SPDXDocument
|
||||
if err := json.Unmarshal(data, &parsed); err != nil {
|
||||
t.Fatalf("parse JSON: %v", err)
|
||||
}
|
||||
if parsed.DocumentName != "test-1.0.0" {
|
||||
t.Errorf("name = %s", parsed.DocumentName)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSignAndVerifyRelease(t *testing.T) {
|
||||
pub, priv, _ := ed25519.GenerateKey(nil)
|
||||
|
||||
exe, _ := os.Executable()
|
||||
sig, err := SignRelease(exe, "2.1.0", priv, "release-key-1")
|
||||
if err != nil {
|
||||
t.Fatalf("SignRelease: %v", err)
|
||||
}
|
||||
|
||||
if sig.Version != "2.1.0" {
|
||||
t.Errorf("version = %s", sig.Version)
|
||||
}
|
||||
if sig.Hash == "" || sig.Signature == "" {
|
||||
t.Error("hash/signature empty")
|
||||
}
|
||||
|
||||
if !VerifyRelease(sig, pub) {
|
||||
t.Error("verification failed for valid signature")
|
||||
}
|
||||
|
||||
// Tamper with hash.
|
||||
sig.Hash = "0000000000000000000000000000000000000000000000000000000000000000"
|
||||
if VerifyRelease(sig, pub) {
|
||||
t.Error("verification should fail for tampered hash")
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue