chore(tests): add test for Pre-Depends SBOM generation

Urist-McGit · Urist-McGit · commit 2101a68c726e · 2026-03-02T14:53:26.000+01:00
Add a test that checks if Pre-Depends dependencies are included in
generated SBOMs.

Signed-off-by: Christoph Steiger &lt;christoph.steiger@siemens.com&gt;
diff --git a/tests/root/pre-depends/var/lib/dpkg/status b/tests/root/pre-depends/var/lib/dpkg/status
@@ -0,0 +1,28 @@
+Package: test-pre-depends
+Status: install ok installed
+Priority: optional
+Installed-Size: 1234
+Maintainer: Siemens <siemens@example.com>
+Architecture: amd64
+Version: 1.0.0-1
+Depends: depends (>= 1.2.3)
+Pre-Depends: pre-depends (>= 2.3.4)
+Description: Test Package for Pre-Depends
+
+Package: pre-depends
+Status: install ok installed
+Priority: optional
+Installed-Size: 1234
+Maintainer: Siemens <siemens@example.com>
+Architecture: amd64
+Version: 2.3.4
+Description: Pre-Depends Package
+
+Package: depends
+Status: install ok installed
+Priority: optional
+Installed-Size: 1234
+Maintainer: Siemens <siemens@example.com>
+Architecture: amd64
+Version: 1.2.3
+Description: Depends Package
diff --git a/tests/test_generation.py b/tests/test_generation.py
@@ -497,3 +497,37 @@ def test_virtual_package(tmpdir, sbom_generator):
                 found = True
                 break
         assert found
+
+
+def test_pre_depends(tmpdir, sbom_generator):
+    _spdx_tools = pytest.importorskip("spdx_tools")
+    _cyclonedx = pytest.importorskip("cyclonedx")
+
+    dbom = sbom_generator("tests/root/pre-depends")
+    outdir = Path(tmpdir)
+    dbom.generate(str(outdir / "sbom"), validate=True)
+    with open(outdir / "sbom.spdx.json") as file:
+        spdx_json = json.loads(file.read())
+        relationships = spdx_json["relationships"]
+        assert {
+            "spdxElementId": "SPDXRef-test-pre-depends-amd64",
+            "relatedSpdxElement": "SPDXRef-pre-depends-amd64",
+            "relationshipType": "DEPENDS_ON",
+        } in relationships
+        assert {
+            "spdxElementId": "SPDXRef-test-pre-depends-amd64",
+            "relatedSpdxElement": "SPDXRef-depends-amd64",
+            "relationshipType": "DEPENDS_ON",
+        } in relationships
+
+    with open(outdir / "sbom.cdx.json") as file:
+        spdx_json = json.loads(file.read())
+        dependencies = spdx_json["dependencies"]
+        assert {
+            "dependsOn": [
+                "pkg:deb/debian/depends@1.2.3?arch=amd64",
+                "pkg:deb/debian/pre-depends@2.3.4?arch=amd64",
+                "pkg:deb/debian/test-pre-depends@1.0.0-1?arch=source",
+            ],
+            "ref": "pkg:deb/debian/test-pre-depends@1.0.0-1?arch=amd64",
+        } in dependencies
