cyclonedx-core-java icon indicating copy to clipboard operation
cyclonedx-core-java copied to clipboard
verified publisher icon CycloneDX

Implement "Roundtrip" Tests to Improve Integrity

Open msymons opened this issue 1 year ago • 2 comments

The project should implement "roundtrip" tests in order to exercise validation and, hopefully, help prevent the defects that led to the need to release v9.01 and v9.02

  1. Parse BOM that is known to be valid
  2. Generate a BOM based on what has been parsed
  3. Compare input and output - Should be the same, otherwise either parsing or generation is broken
  4. Validate output against schema - Should be valid, otherwise generation is broken

msymons avatar Jun 10 '24 10:06 msymons

For reference, the Go and .NET implemenations do this:

  • https://github.com/nscuro/cyclonedx-dotnet-library/blob/main/tests/CycloneDX.Core.Tests/Json/v1.4/SerializationTests.cs
  • https://github.com/CycloneDX/cyclonedx-go/blob/master/roundtrip_test.go

nscuro avatar Jun 10 '24 13:06 nscuro

@msymons thanks, I am working on this, also adding some backward compatibility tests as well, once I have a better idea and changes on what I wanna do I will create a PR

mr-zepol avatar Jun 11 '24 02:06 mr-zepol