add CycloneDX, SARIF skip upload tests

JeffResc · JeffResc · commit 7840eb979d29 · 2025-11-10T13:48:24.000-05:00
Signed-off-by: Jeff Rescignano &lt;jeffr@defenseunicorns.com&gt;
diff --git a/pkg/attestation/crafter/materials/cyclonedxjson_test.go b/pkg/attestation/crafter/materials/cyclonedxjson_test.go
@@ -224,3 +224,70 @@ func TestCyclonedxJSONCraft(t *testing.T) {
 		})
 	}
 }
+
+func TestCycloneDXJSONCraft_SkipUpload(t *testing.T) {
+	testCases := []struct {
+		name       string
+		skipUpload bool
+		wantUpload bool
+	}{
+		{
+			name:       "upload enabled (default)",
+			skipUpload: false,
+			wantUpload: true,
+		},
+		{
+			name:       "upload skipped via contract",
+			skipUpload: true,
+			wantUpload: false,
+		},
+	}
+
+	ast := assert.New(t)
+	l := zerolog.Nop()
+	filePath := "./testdata/sbom.cyclonedx.json"
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			schema := &contractAPI.CraftingSchema_Material{
+				Name:       "test",
+				Type:       contractAPI.CraftingSchema_Material_SBOM_CYCLONEDX_JSON,
+				SkipUpload: tc.skipUpload,
+			}
+
+			// Mock uploader - only expect upload call if not skipped
+			uploader := mUploader.NewUploader(t)
+			if tc.wantUpload {
+				uploader.On("UploadFile", context.TODO(), filePath).
+					Return(&casclient.UpDownStatus{
+						Digest:   "deadbeef",
+						Filename: "sbom.cyclonedx.json",
+					}, nil)
+			}
+
+			backend := &casclient.CASBackend{Uploader: uploader}
+			crafter, err := materials.NewCyclonedxJSONCrafter(schema, backend, &l)
+			require.NoError(t, err)
+
+			got, err := crafter.Craft(context.TODO(), filePath)
+			require.NoError(t, err)
+
+			ast.Equal(contractAPI.CraftingSchema_Material_SBOM_CYCLONEDX_JSON.String(), got.MaterialType.String())
+
+			// Verify upload behavior matches expectation
+			if tc.wantUpload {
+				ast.True(got.UploadedToCas, "material should be uploaded when skip_upload is false")
+			} else {
+				ast.False(got.UploadedToCas, "material should not be uploaded when skip_upload is true")
+			}
+
+			// Verify digest is always computed regardless of upload
+			ast.Equal("sha256:16159bb881eb4ab7eb5d8afc5350b0feeed1e31c0a268e355e74f9ccbe885e0c", got.GetSbomArtifact().Artifact.Digest)
+			ast.Equal("sbom.cyclonedx.json", got.GetSbomArtifact().Artifact.Name)
+
+			// Verify main component extraction still works
+			ast.Equal(".", got.GetSbomArtifact().MainComponent.Name)
+			ast.Equal("file", got.GetSbomArtifact().MainComponent.Kind)
+		})
+	}
+}
diff --git a/pkg/attestation/crafter/materials/sarif_test.go b/pkg/attestation/crafter/materials/sarif_test.go
@@ -130,3 +130,66 @@ func TestSARIFCraft(t *testing.T) {
 		})
 	}
 }
+
+func TestSARIFCraft_SkipUpload(t *testing.T) {
+	testCases := []struct {
+		name       string
+		skipUpload bool
+		wantUpload bool
+	}{
+		{
+			name:       "upload enabled (default)",
+			skipUpload: false,
+			wantUpload: true,
+		},
+		{
+			name:       "upload skipped via contract",
+			skipUpload: true,
+			wantUpload: false,
+		},
+	}
+
+	assert := assert.New(t)
+	l := zerolog.Nop()
+	filePath := "./testdata/report.sarif"
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			schema := &contractAPI.CraftingSchema_Material{
+				Name:       "test",
+				Type:       contractAPI.CraftingSchema_Material_SARIF,
+				SkipUpload: tc.skipUpload,
+			}
+
+			// Mock uploader - only expect upload call if not skipped
+			uploader := mUploader.NewUploader(t)
+			if tc.wantUpload {
+				uploader.On("UploadFile", context.TODO(), filePath).
+					Return(&casclient.UpDownStatus{
+						Digest:   "deadbeef",
+						Filename: "report.sarif",
+					}, nil)
+			}
+
+			backend := &casclient.CASBackend{Uploader: uploader}
+			crafter, err := materials.NewSARIFCrafter(schema, backend, &l)
+			require.NoError(t, err)
+
+			got, err := crafter.Craft(context.TODO(), filePath)
+			require.NoError(t, err)
+
+			assert.Equal(contractAPI.CraftingSchema_Material_SARIF.String(), got.MaterialType.String())
+
+			// Verify upload behavior matches expectation
+			if tc.wantUpload {
+				assert.True(got.UploadedToCas, "material should be uploaded when skip_upload is false")
+			} else {
+				assert.False(got.UploadedToCas, "material should not be uploaded when skip_upload is true")
+			}
+
+			// Verify digest is always computed regardless of upload
+			assert.Equal("sha256:c4a63494f9289dd9fd44f841efb4f5b52765c2de6332f2d86e5f6c0340b40a95", got.GetArtifact().Digest)
+			assert.Equal("report.sarif", got.GetArtifact().Name)
+		})
+	}
+}
