diff --git a/tests/features/licenseexport_cdx.feature b/tests/features/licenseexport_cdx.feature index 5b01f5b..d737afb 100644 --- a/tests/features/licenseexport_cdx.feature +++ b/tests/features/licenseexport_cdx.feature @@ -36,38 +36,115 @@ Scenario: User Downloads license information for CycloneDX SBOM from SBOM Explor Scenario: Verify the files on downloaded CycloneDX SBOM license ZIP Given User has Downloaded the License information for CycloneDX SBOM When User extracts the Downloaded license ZIP file - Then Extracted files should contain two CSVs, one for Package License combination and another one for License reference + Then Extracted files should contain two CSVs, one for Package license information and another one for License reference Scenario: Verify the headers on CycloneDX SBOM package License CSV file Given User extracted the CycloneDX SBOM license compressed file - When User Opens the package license combination file - Then The file should have the following headers - name, namespace, group, version, package reference, license, license name and alternate package reference + When User Opens the package license information file + Then The file should have the following headers - name, namespace, group, version, package reference, license id, license name, license expression and alternate package reference Scenario: Verify the headers on CycloneDX SBOM License reference CSV file Given User extracted the CycloneDX SBOM license compressed file When User Opens the license reference file Then The file should have the following headers - licenseId, name, extracted text and comment -Scenario: Verify the license information for a package on the CycloneDX SBOM with single license - Given User is on package license combination file - When User selects a package with Single license information - Then name column should contain the value of component.name field from SBOM json - And namespace column should be empty - And group column should contain the value of component.group field from SBOM json - And version column should contain the value of component.version field from SBOM json - And package reference column should contain the value of components.purl from SBOM json - And license column should contain the value of components.license.id field from SBOM json - And license name column should contain the value of components.license.name field from SBOM json - And alternate package reference column should be empty - -Scenario: Verify the license information for a package on the CycloneDX SBOM with multiple licenses - Given User is on package license combination file - When User selects a package with multiple license information - Then Package should have Rows equivalent to number of licenses - And All the package rows should be loaded with identical values for the columns name, namespace, group, version, package - And License column should be loaded with the unique licenses of the package from SBOM json - Scenario: Verify the contents on CycloneDX SBOM license reference CSV file Given User is on license reference file - When User selects a license from the list of licenses Then The License reference CSV should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license id + Given User is on SBOM license information file + When User selects a package with Single license id + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match "metadata.component.version" from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license id" column should match "components.license.id" from SBOM + And The columns "namespace", "license name", "license expression", "alternate package reference" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license id with alternate package reference + Given User is on SBOM license information file + When User selects a package with Single license id with cpe information + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match metadata.component.version from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license id" column should match "components.license.id" from SBOM + And "alternate package reference" column should match "components.cpe" from SBOM + And The columns "namespace", "license name", "license expression" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license name + Given User is on SBOM license information file + When User selects a package with Single license name + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match metadata.component.version from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license name" column should match "components.license.name" from SBOM + And The columns "namespace", "license id", "license expression", "alternate package reference" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license name with alternate package reference + Given User is on SBOM license information file + When User selects a package with Single license id with cpe information + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match metadata.component.version from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license name" column should match "components.license.name" from SBOM + And "alternate package reference" column should match "components.cpe" from SBOM + And The columns "namespace", "license id", "license expression" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license expression + Given User is on SBOM license information file + When User selects a package with Single license name + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match metadata.component.version from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license expression" column should match "components.license.name" from SBOM + And The columns "namespace", "license id", "license name", "alternate package reference" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with single license expression with alternate package reference + Given User is on SBOM license information file + When User selects a package with Single license name + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match metadata.component.version from SBOM + And "package reference" column should match "components.purl" from SBOM + And "license expression" column should match "components.license.name" from SBOM + And "alternate package reference" column should match "components.cpe" from SBOM + And The columns "namespace", "license id", "license name" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with multiple license ids + Given User is on SBOM license information file + When User selects a package with multiple license sections + Then The report should have multiple rows for the same package corresponding to each license section + And Values on columns "name", "group", "version", "package reference" should be same for all the rows from SBOM + And "license id" for each row should match the value from the components.license.id field of the corresponding license section + And The columns "namespace", "license name", "license expression", "alternate package reference" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with multiple license names + Given User is on SBOM license information file + When User selects a package with multiple license sections + Then The report should have multiple rows for the same package corresponding to each license section + And Values on columns "name", "group", "version", "package reference", "alternate package reference" should be same for all the rows from SBOM + And "license id" for each row should match the value from the components.license.id field of the corresponding license section + And The columns "namespace", "license name", "license expression" should be empty + +Scenario: Verify the license information for a package on the CycloneDX SBOM with license id and license name + Given User is on SBOM license information file + When User selects a package with multiple license sections + Then The report should have multiple rows for the same package corresponding to each license section + And Values on columns "name", "group", "version", "package reference" should be same for all the rows from SBOM + And Column "license id" should match "components.license.id" on one row and on the same row license.name column should be empty + And Column "license name" should match the "components.license.name" on another row and on the same row license.id column should be empty + And The columns "namespace","license expression", "alternate package reference" should be empty + +Scenario: Verify CycloneDX SBOM level license information on license export + Given User is on SBOM license information file + Then "name" column should match "metadata.component.name" from SBOM + And "group" column should match "metadata.component.group" from SBOM + And "version" column should match "metadata.component.version" from SBOM + And "package reference" column should match "metadata.component.purl" from SBOM + And "license id" column should match "metadata.component.licenses.license.id" from SBOM + And The columns "namespace", "license name", "license expression", "alternate package reference" should be empty diff --git a/tests/features/licenseexport_spdx.feature b/tests/features/licenseexport_spdx.feature index 0a67649..8a82ce6 100644 --- a/tests/features/licenseexport_spdx.feature +++ b/tests/features/licenseexport_spdx.feature @@ -36,12 +36,12 @@ Scenario: User Downloads license information for SPDX SBOM from SBOM Explorer pa Scenario: Verify the files on downloaded SPDX SBOM license ZIP Given User has Downloaded the License information for SPDX SBOM When User extracts the Downloaded license ZIP file - Then Extracted files should contain two CSVs, one for Package License combination and another one for License reference + Then Extracted files should contain two CSVs, one for Package license information and another one for License reference Scenario: Verify the headers on SPDX SBOM package License CSV file Given User extracted the SPDX SBOM license compressed file - When User Opens the package license combination file - Then The file should have the following headers - name, namespace, group, version, package reference, license, license name and alternate package reference + When User Opens the package license information file + Then The file should have the following headers - name, namespace, group, version, package reference, license id, license name, license expression and alternate package reference Scenario: Verify the headers on SPDX SBOM License reference CSV file Given User extracted the SPDX SBOM license compressed file @@ -49,28 +49,43 @@ Scenario: Verify the headers on SPDX SBOM License reference CSV file Then The file should have the following headers - licenseId, name, extracted text and comment Scenario: Verify the license information for a package with single license - Given User is on package license combination file + Given User is on SBOM license information file When User selects a package with Single license information - Then name column should contain the value of name field from SBOM json - And namespace column should contain the value of documentNamespace field from SBOM json - And group column should be empty - And version column should be empty - And package reference column should contain the value of packages.externalRefs.referenceLocator field for purl referenceType from SBOM json - And license column should contain the value of packages.licenseDeclared field from SBOM json - And license name column should be populated in reference to license reference CSV file - And alternate package reference column should contain the arrays of values of packages.externalRefs.referenceLocator field for referenceType other than purl + Then "name" column should match "name" from SBOM + And "namespace" column should match "documentNamespace" from SBOM + And "package reference" column should match "packages.externalRefs.referenceLocator" of "packages.externalRefs.referenceType" type purl from SBOM + And "license expression" column should match "packages.licenseDeclared" from SBOM + And The columns "group", "version", "license id", "license name", "alternate package reference" should be empty -Scenario: Verify the license information for a package with multiple licenses - Given User is on package license combination file - When User selects a package with multiple license information - Then Package should have Rows equivalent to number of licenses - And All the package rows should be loaded with identical values for the columns name, namespace, group, version, package - And License column should be loaded with the unique licenses of the package from SBOM json +Scenario: Verify the license information for a package with single license with alternate package reference referenceLocator + Given User is on SBOM license information file + When User selects a package with Single license information + Then "name" column should match "name" from SBOM + And "namespace" column should match "documentNamespace" from SBOM + And "package reference" column should match "packages.externalRefs.referenceLocator" of "packages.externalRefs.referenceType" purl from SBOM + And "license expression" column should match "packages.licenseDeclared" from SBOM + And "alternate package reference" column should match "packages.externalRefs.referenceLocator" of "packages.externalRefs.referenceType" type cpe from SBOM json + And The columns "group", "version", "license id", "license name" should be empty + +Scenario: Verify the license information for a package with multiple licenses with alternate package reference referenceLocator + Given User is on SBOM license information file + When User selects a package with Single license information + Then "name" column should match "name" from SBOM + And "namespace" column should match "documentNamespace" from SBOM + And "package reference" column should match "packages.externalRefs.referenceLocator" of "packages.externalRefs.referenceType" purl from SBOM + And "license expression" column should match the whole value of "packages.licenseDeclared" from SBOM in a single row + And "alternate package reference" column should match "packages.externalRefs.referenceLocator" of "packages.externalRefs.referenceType" type cpe from SBOM json + And The columns "group", "version", "license id", "license name" should be empty + +Scenario: Verify SPDX SBOM level license information on license export + Given User is on SBOM license information file + Then "name" column should match "name" from SBOM + And "namespace" column should match "documentNamespace" from SBOM + And "license expression" column should match the whole value from "packages.licenseDeclared" in a single row of the SBOM information under packages section + And "alternate package reference" column should contain the value of "packages.externalRefs.referenceLocator" field for cpe "packages.externalRefs.referenceType" from SBOM json + And The columns "group", "version", "package reference", "license id", "license name" should be empty Scenario: Verify the contents on SPDX SBOM license reference CSV file Given User is on license reference file When User selects a license from the list of licenses - Then The unique values of licenceDeclared field from SPDX SBOM file should be listed - And licenseId column should be loaded with unique license id - And license column should be loaded with the name of the license - And extracted text and comment columns should be loaded in reference to the template file + Then Values hasExtractedLicensingInfos section of the SPDX SBOM json should be listed under the Reference CSV file