Add test for expand_from_images in test_analyze_docker_dockerfile.py

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

BSD 2-Clause "Simplified" License

957 stars 188 forks source link

Add test for expand_from_images in test_analyze_docker_dockerfile.py #567

Open rnjudge opened 4 years ago

rnjudge commented 4 years ago

Describe the Feature Add a test in tests/test_analyze_docker_dockerfile.py named testExpandFromImages that will test the functionality of the expand_from_images function. In order to implement this a few things will have to happen first. 1) Create base OS and upload to Tern dockerhub repository (super issue #638) 2) Write a new Dockerfile that uses above base OS as base image.

Use Cases This will hep increase the test code coverage.

Implementation Changes See description.

abhaykatheria commented 4 years ago

@rnjudge I would like to take up this issue

rnjudge commented 4 years ago

@abhaykatheria Before you can work on this issue we need to create and upload a base OS to Tern's dockerhub repo. This will take a little time as we are trying to focus on the next release in a few weeks. Once the necessary resources are in place for this issue to be worked on, I will followup to see if you are still interested :)

abhaykatheria commented 4 years ago

I was actually thinking of making my own docker image and uploading it to docker hub to temporarily test this but I got busy. So when I will test this Ill tell you the results. Happy Holi.

abhaykatheria commented 4 years ago

@rnjudge @nishakm Here's what i did I made a docker file called Debian

FROM abhaykatheria/tern_test:latest

in test_analyze_docker_dockerfile.py i added this test

def testExpandFromImages(self):
        dfobj = dockerfile.get_dockerfile_obj(self.debian)
        dockerfile.expand_from_images(dfobj)
        debian_base_image_with_digest = 'abhaykatheria/tern_test@sha256:e985f2e9c18edc21a9036bb3de4114d4c5d52a5d4ab59ce4ba9bbf0f484049cc'
        self.assertEqual(dfobj.parent_images[0],debian_base_image_with_digest)

The test is working fine on my image :)

abhaykatheria commented 4 years ago

the image is quiet big so i will overwrite with a small alpine image.

rnjudge commented 4 years ago

Hello @abhaykatheria, the tests themselves look good and achieve the main purpose of this issue. The issue right now is with the base image. We do not want to push an image to Tern's dockerhub repo until we have an SBoM and sources available for it. This will be difficult for Alpine and Debian images. Ideally, we would create our own basic linux OS, hence my comment a few days ago :) We appreciate your interest in this and once we have this base OS available, this issue is all yours to work on!