Skip to content

Commit 1644688

Browse files
MarkAtwoodsameehj
authored andcommitted
test(sbom): expand coverage; CI hard-requires pcpp
Closes seven test-coverage gaps surfaced by the wolfssl-1zj review pass: * TestParseUserSettings.setUp now hard-fails on missing pcpp instead of silently skipping nine standalone-path tests. CI's unit job installs pcpp before running the suite, so the embedded entry point is verified at the cheapest gate (1zj.14). * TestDetectLicense (10 tests + 2 FSF preamble cases added by the gen-sbom commit): pins the SPDX licence ID emitted in licenseConcluded / licenseDeclared against the four real-world LICENSING shapes plus error paths. detect_license had zero coverage; a regex regression silently flipped the SBOM licence tag (1zj.15). * TestCliMutualExclusion: covers the --license-override LicenseRef-* / --license-text gate at the CLI rejection layer (subprocess-based, real argparse). The placeholder fallback in build_extracted_licensing_infos is unreachable from main(); this test pins that gate (1zj.17). * TestSha256File.test_chunked_read_path_matches_one_shot exercises the iter(f.read(65536), b'') loop body (the pre-existing empty-file vector skipped it entirely). Independent oracle: hashlib's one-shot SHA-256 (1zj.19). * TestCdxDepComponent / TestSpdxDepPackage / TestGenerateCdx / TestGenerateSpdx (21 tests): cover the four SBOM document generators that produce the JSON consumed by vulnerability scanners and CRA auditors. bom-ref derivation determinism, dependency-graph integrity, listed-id licence block shaping, NOASSERTION fallback, hasExtractedLicensingInfos plumbing, hash_kind annotation on the source-merkle path, DESCRIBES / DEPENDS_ON SPDX relationships, etc. (1zj.20). * test_pcpp_error_directive_is_fatal previously pinned the literal substrings 'pcpp' and 'return_code' in the error message. The contract being tested is fail-fast on #error, not the wording. Replace with a length-floor check that still catches an empty-message regression (1zj.21). Closes wolfssl-1zj.14, wolfssl-1zj.15, wolfssl-1zj.17, wolfssl-1zj.19, wolfssl-1zj.20, wolfssl-1zj.21
1 parent b66f191 commit 1644688

2 files changed

Lines changed: 636 additions & 6 deletions

File tree

.github/workflows/sbom.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,17 @@ jobs:
2727
- name: Syntax check
2828
run: python3 -m py_compile scripts/gen-sbom
2929

30+
- name: Install pcpp
31+
# pcpp is the in-Python C preprocessor that drives the
32+
# standalone --user-settings entry point. TestParseUserSettings
33+
# previously skipped here when pcpp was missing, leaving the
34+
# entire embedded entry point unverified at the cheapest CI
35+
# gate. The setUp now hard-fails on missing pcpp; this step
36+
# ensures it is present so all unit tests actually run.
37+
run: |
38+
python3 -m pip install --user pcpp
39+
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
40+
3041
- name: Unit tests
3142
run: python3 -W error::ResourceWarning -m unittest scripts/test_gen_sbom.py -v
3243

0 commit comments

Comments
 (0)