Feature: e2e tests for sbomqs

[viveksahu26]

closes: #30

This PR brings following changes:

• Added E2E test for score command covering all the NTIA cases.
• Added a separate dir test/data which contains the sbom files. And these has been used for test. These files has been take from here.
• Refractor score command functionalities.
  • I did this because earlier the name of the function and functionalities of that doesn't make a proper sense.
  • For wrting function wise test, it should return values. Currently the workflow or design of score command is forward way, that means it continue calling one after other function and at the end it prints out the result. Whereas now after making changes, we return the value and print the report at the starting it self. For more to understand this diagram will help:

• It also fix the issue of not able to handle and score SBOM files present under subdir. Now it fixes this issue: handlePaths() function does not handle subdirectories correctly #296

FUTURE WORK:

• To run these test as the Pull Request is made. This would help to identify that the changes made by contributor doesn't fails test. If test fails it ensure that the changes made by the contributor changed the core functionality, which shouldn't.
• Add package wise test. To be more concise, add function wise test for each package.
• Lastly, to add the codecov CI which will tell how much test it covers, and many more things.

Doing all these will fulfil the requirement of ScoreCard CI test.

More detail about changes:

• Added test for Score command core functionalities:
  • Added test for ValidateFile function covering below cases: This function validate all files and return files.
    • File does not exist
    • File exists
    • File exists but cannot be opened
  • Added Tests for HandlePaths function: This function return all files retrieve from Paths
    • Directory containing sub-dir and files
    • Non-existent path
    • Non-existent path
  • Added Tests for GetDocsAndScore function: This function returns docs, score, etc.
    • Valid SBOM file
• Tests for NTIA category features using SBOM files:
  • Missing author
  • Missing component name
  • Missing component version
  • Missing dependencies
  • Missing component supplier name
  • Missing timestamp
  • Missing component Unique IDs

[viveksahu26]

Hey @riteshnoronha please have a look at it. And if you want, we can discuss more about it.