diff options
| author | Steve Winslow <steve@swinslow.net> | 2020-06-14 15:28:11 -0400 |
|---|---|---|
| committer | Steve Winslow <steve@swinslow.net> | 2020-06-14 15:28:11 -0400 |
| commit | aa88812312f0f42b5e3646d5bab8e3144614557f (patch) | |
| tree | 0dc989b906c652d2c50f66647507df6fe339bf8d | |
| parent | 0545df6836f5ff6c31734849f7fcbf36c47a7189 (diff) | |
| download | spdx-tools-aa88812312f0f42b5e3646d5bab8e3144614557f.tar.gz | |
Add builder and tests for 2.2
Signed-off-by: Steve Winslow <steve@swinslow.net>
| -rw-r--r-- | builder/build.go | 67 | ||||
| -rw-r--r-- | builder/build_test.go | 355 | ||||
| -rw-r--r-- | builder/builder2v2/build_creation_info.go | 59 | ||||
| -rw-r--r-- | builder/builder2v2/build_creation_info_test.go | 167 | ||||
| -rw-r--r-- | builder/builder2v2/build_file.go | 44 | ||||
| -rw-r--r-- | builder/builder2v2/build_file_test.go | 61 | ||||
| -rw-r--r-- | builder/builder2v2/build_package.go | 58 | ||||
| -rw-r--r-- | builder/builder2v2/build_package_test.go | 145 | ||||
| -rw-r--r-- | builder/builder2v2/build_relationship.go | 23 | ||||
| -rw-r--r-- | builder/builder2v2/build_relationship_test.go | 33 |
10 files changed, 1011 insertions, 1 deletions
diff --git a/builder/build.go b/builder/build.go index fdce184..f70f911 100644 --- a/builder/build.go +++ b/builder/build.go @@ -6,9 +6,12 @@ package builder import ( "github.com/spdx/tools-golang/builder/builder2v1" + "github.com/spdx/tools-golang/builder/builder2v2" "github.com/spdx/tools-golang/spdx" ) +// ===== 2.1 builder ===== + // Config2_1 is a collection of configuration settings for builder // (for version 2.1 SPDX Documents). A few mandatory fields are set here // so that they can be repeatedly reused in multiple calls to Build2_1. @@ -70,3 +73,67 @@ func Build2_1(packageName string, dirRoot string, config *Config2_1) (*spdx.Docu return doc, nil } + +// ===== 2.2 builder ===== + +// Config2_2 is a collection of configuration settings for builder +// (for version 2.2 SPDX Documents). A few mandatory fields are set here +// so that they can be repeatedly reused in multiple calls to Build2_2. +type Config2_2 struct { + // NamespacePrefix should be a URI representing a prefix for the + // namespace with which the SPDX Document will be associated. + // It will be used in the DocumentNamespace field in the CreationInfo + // section, followed by the per-Document package name and a random UUID. + NamespacePrefix string + + // CreatorType should be one of "Person", "Organization" or "Tool". + // If not one of those strings, it will be interpreted as "Person". + CreatorType string + + // Creator will be filled in for the given CreatorType. + Creator string + + // PathsIgnored lists certain paths to be omitted from the built document. + // Each string should be a path, relative to the package's dirRoot, + // to a specific file or (for all files in a directory) ending in a slash. + // Prefix the string with "**" to omit all instances of that file / + // directory, regardless of where it is in the file tree. + PathsIgnored []string + + // TestValues is used to pass fixed values for testing purposes + // only, and should be set to nil for production use. It is only + // exported so that it will be accessible within builder2v2. + TestValues map[string]string +} + +// Build2_2 creates an SPDX Document (version 2.2), returning that document or +// error if any is encountered. Arguments: +// - packageName: name of package / directory +// - dirRoot: path to directory to be analyzed +// - config: Config object +func Build2_2(packageName string, dirRoot string, config *Config2_2) (*spdx.Document2_2, error) { + // build Package section first -- will include Files and make the + // package verification code available + pkg, err := builder2v2.BuildPackageSection2_2(packageName, dirRoot, config.PathsIgnored) + if err != nil { + return nil, err + } + + ci, err := builder2v2.BuildCreationInfoSection2_2(packageName, pkg.PackageVerificationCode, config.NamespacePrefix, config.CreatorType, config.Creator, config.TestValues) + if err != nil { + return nil, err + } + + rln, err := builder2v2.BuildRelationshipSection2_2(packageName) + if err != nil { + return nil, err + } + + doc := &spdx.Document2_2{ + CreationInfo: ci, + Packages: map[spdx.ElementID]*spdx.Package2_2{pkg.PackageSPDXIdentifier: pkg}, + Relationships: []*spdx.Relationship2_2{rln}, + } + + return doc, nil +} diff --git a/builder/build_test.go b/builder/build_test.go index 6407f97..cf59d45 100644 --- a/builder/build_test.go +++ b/builder/build_test.go @@ -9,7 +9,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -// ===== Builder top-level Document test ===== +// ===== 2.1 Builder top-level Document test ===== func TestBuild2_1CreatesDocument(t *testing.T) { dirRoot := "../testdata/project1/" @@ -361,3 +361,356 @@ func TestBuild2_1CanIgnoreFiles(t *testing.T) { t.Errorf("expected %v, got %v", want, got) } } + +// ===== 2.2 Builder top-level Document test ===== +func TestBuild2_2CreatesDocument(t *testing.T) { + dirRoot := "../testdata/project1/" + + config := &Config2_2{ + NamespacePrefix: "https://github.com/swinslow/spdx-docs/spdx-go/testdata-", + CreatorType: "Person", + Creator: "John Doe", + TestValues: make(map[string]string), + } + config.TestValues["Created"] = "2018-10-19T04:38:00Z" + + wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + + doc, err := Build2_2("project1", dirRoot, config) + if err != nil { + t.Errorf("expected nil error, got %v", err) + } + if doc == nil { + t.Fatalf("expected non-nil Document, got nil") + } + + // check CI section + if doc.CreationInfo == nil { + t.Fatalf("expected non-nil CreationInfo section, got nil") + } + if doc.CreationInfo.SPDXVersion != "SPDX-2.2" { + t.Errorf("expected %s, got %s", "SPDX-2.2", doc.CreationInfo.SPDXVersion) + } + if doc.CreationInfo.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", doc.CreationInfo.DataLicense) + } + if doc.CreationInfo.SPDXIdentifier != spdx.ElementID("DOCUMENT") { + t.Errorf("expected %s, got %v", "DOCUMENT", doc.CreationInfo.SPDXIdentifier) + } + if doc.CreationInfo.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", doc.CreationInfo.DocumentName) + } + wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-project1-%s", wantVerificationCode) + if doc.CreationInfo.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, doc.CreationInfo.DocumentNamespace) + } + if len(doc.CreationInfo.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorPersons)) + } + if doc.CreationInfo.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", doc.CreationInfo.CreatorPersons[0]) + } + if len(doc.CreationInfo.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorTools)) + } + if doc.CreationInfo.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", doc.CreationInfo.CreatorTools[0]) + } + if doc.CreationInfo.Created != "2018-10-19T04:38:00Z" { + t.Errorf("expected %s, got %s", "2018-10-19T04:38:00Z", doc.CreationInfo.Created) + } + + // check Package section + if doc.Packages == nil { + t.Fatalf("expected non-nil doc.Packages, got nil") + } + if len(doc.Packages) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.Packages)) + } + pkg := doc.Packages[spdx.ElementID("Package-project1")] + if pkg == nil { + t.Fatalf("expected non-nil pkg, got nil") + } + if pkg.PackageName != "project1" { + t.Errorf("expected %v, got %v", "project1", pkg.PackageName) + } + if pkg.PackageSPDXIdentifier != spdx.ElementID("Package-project1") { + t.Errorf("expected %v, got %v", "Package-project1", pkg.PackageSPDXIdentifier) + } + if pkg.PackageDownloadLocation != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation) + } + if pkg.FilesAnalyzed != true { + t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) + } + if pkg.PackageVerificationCode != wantVerificationCode { + t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) + } + if pkg.PackageLicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseConcluded) + } + if len(pkg.PackageLicenseInfoFromFiles) != 0 { + t.Errorf("expected %v, got %v", 0, len(pkg.PackageLicenseInfoFromFiles)) + } + if pkg.PackageLicenseDeclared != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseDeclared) + } + if pkg.PackageCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageCopyrightText) + } + + // check Files section + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + + // files should be in order of identifier, which is numeric, + // created based on alphabetical order of files: + // emptyfile, file1, file3, folder/file4, lastfile + + // check emptyfile.testdata.txt + fileEmpty := pkg.Files[spdx.ElementID("File0")] + if fileEmpty == nil { + t.Fatalf("expected non-nil file, got nil") + } + if fileEmpty.FileName != "/emptyfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/emptyfile.testdata.txt", fileEmpty.FileName) + } + if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { + t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) + } + if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + } + if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + } + if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + } + if fileEmpty.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) + } + if len(fileEmpty.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(fileEmpty.LicenseInfoInFile)) + } + if fileEmpty.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.FileCopyrightText) + } + + // check file1.testdata.txt + file1 := pkg.Files[spdx.ElementID("File1")] + if file1 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file1.FileName != "/file1.testdata.txt" { + t.Errorf("expected %v, got %v", "/file1.testdata.txt", file1.FileName) + } + if file1.FileSPDXIdentifier != spdx.ElementID("File1") { + t.Errorf("expected %v, got %v", "File1", file1.FileSPDXIdentifier) + } + if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) + } + if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) + } + if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + } + if file1.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) + } + if len(file1.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file1.LicenseInfoInFile)) + } + if file1.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.FileCopyrightText) + } + + // check file3.testdata.txt + file3 := pkg.Files[spdx.ElementID("File2")] + if file3 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file3.FileName != "/file3.testdata.txt" { + t.Errorf("expected %v, got %v", "/file3.testdata.txt", file3.FileName) + } + if file3.FileSPDXIdentifier != spdx.ElementID("File2") { + t.Errorf("expected %v, got %v", "File2", file3.FileSPDXIdentifier) + } + if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { + t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) + } + if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) + } + if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { + t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) + } + if file3.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) + } + if len(file3.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file3.LicenseInfoInFile)) + } + if file3.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.FileCopyrightText) + } + + // check folder1/file4.testdata.txt + file4 := pkg.Files[spdx.ElementID("File3")] + if file4 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file4.FileName != "/folder1/file4.testdata.txt" { + t.Errorf("expected %v, got %v", "folder1/file4.testdata.txt", file4.FileName) + } + if file4.FileSPDXIdentifier != spdx.ElementID("File3") { + t.Errorf("expected %v, got %v", "File3", file4.FileSPDXIdentifier) + } + if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) + } + if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) + } + if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { + t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) + } + if file4.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) + } + if len(file4.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file4.LicenseInfoInFile)) + } + if file4.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.FileCopyrightText) + } + + // check lastfile.testdata.txt + lastfile := pkg.Files[spdx.ElementID("File4")] + if lastfile == nil { + t.Fatalf("expected non-nil file, got nil") + } + if lastfile.FileName != "/lastfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/lastfile.testdata.txt", lastfile.FileName) + } + if lastfile.FileSPDXIdentifier != spdx.ElementID("File4") { + t.Errorf("expected %v, got %v", "File4", lastfile.FileSPDXIdentifier) + } + if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) + } + if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) + } + if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { + t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) + } + if lastfile.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) + } + if len(lastfile.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(lastfile.LicenseInfoInFile)) + } + if lastfile.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.FileCopyrightText) + } + + // check Relationship section -- should be a relationship for doc DESCRIBES pkg + if doc.Relationships == nil { + t.Fatalf("expected non-nil Relationships section, got nil") + } + if len(doc.Relationships) == 0 { + t.Fatalf("expected %v, got %v", 0, len(doc.Relationships)) + } + rln := doc.Relationships[0] + if rln == nil { + t.Fatalf("expected non-nil Relationship, got nil") + } + if rln.RefA != spdx.MakeDocElementID("", "DOCUMENT") { + t.Errorf("expected %v, got %v", "DOCUMENT", rln.RefA) + } + if rln.RefB != spdx.MakeDocElementID("", "Package-project1") { + t.Errorf("expected %v, got %v", "Package-project1", rln.RefB) + } + if rln.Relationship != "DESCRIBES" { + t.Errorf("expected %v, got %v", "DESCRIBES", rln.Relationship) + } + + // and check that other sections are present, but empty + if doc.OtherLicenses != nil { + t.Fatalf("expected nil OtherLicenses section, got non-nil") + } + if doc.Annotations != nil { + t.Fatalf("expected nil Annotations section, got non-nil") + } + if doc.Reviews != nil { + t.Fatalf("expected nil Reviews section, got non-nil") + } + +} + +func TestBuild2_2CanIgnoreFiles(t *testing.T) { + dirRoot := "../testdata/project3/" + + config := &Config2_2{ + NamespacePrefix: "https://github.com/swinslow/spdx-docs/spdx-go/testdata-", + CreatorType: "Person", + Creator: "John Doe", + PathsIgnored: []string{ + "**/ignoredir/", + "/excludedir/", + "**/ignorefile.txt", + "/alsoEXCLUDEthis.txt", + }, + TestValues: make(map[string]string), + } + config.TestValues["Created"] = "2018-10-19T04:38:00Z" + + doc, err := Build2_2("project1", dirRoot, config) + if err != nil { + t.Errorf("expected nil error, got %v", err) + } + pkg := doc.Packages[spdx.ElementID("Package-project1")] + if pkg == nil { + t.Fatalf("expected non-nil pkg, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected len %d, got %d", 5, len(pkg.Files)) + } + + want := "/dontscan.txt" + got := pkg.Files[spdx.ElementID("File0")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep/keep.txt" + got = pkg.Files[spdx.ElementID("File1")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep.txt" + got = pkg.Files[spdx.ElementID("File2")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/dontscan.txt" + got = pkg.Files[spdx.ElementID("File3")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/keep.txt" + got = pkg.Files[spdx.ElementID("File4")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } +} diff --git a/builder/builder2v2/build_creation_info.go b/builder/builder2v2/build_creation_info.go new file mode 100644 index 0000000..89e1b3c --- /dev/null +++ b/builder/builder2v2/build_creation_info.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "fmt" + "time" + + "github.com/spdx/tools-golang/spdx" +) + +// BuildCreationInfoSection2_2 creates an SPDX Package (version 2.2), returning that +// package or error if any is encountered. Arguments: +// - packageName: name of package / directory +// - code: verification code from Package +// - namespacePrefix: prefix for DocumentNamespace (packageName and code will be added) +// - creatorType: one of Person, Organization or Tool +// - creator: creator string +// - testValues: for testing only; call with nil when using in production +func BuildCreationInfoSection2_2(packageName string, code string, namespacePrefix string, creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_2, error) { + // build creator slices + cPersons := []string{} + cOrganizations := []string{} + cTools := []string{} + // add builder as a tool + cTools = append(cTools, "github.com/spdx/tools-golang/builder") + + switch creatorType { + case "Person": + cPersons = append(cPersons, creator) + case "Organization": + cOrganizations = append(cOrganizations, creator) + case "Tool": + cTools = append(cTools, creator) + default: + cPersons = append(cPersons, creator) + } + + // use test Created time if passing test values + location, _ := time.LoadLocation("UTC") + locationTime := time.Now().In(location) + created := locationTime.Format("2006-01-02T15:04:05Z") + if testVal := testValues["Created"]; testVal != "" { + created = testVal + } + + ci := &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: packageName, + DocumentNamespace: fmt.Sprintf("%s%s-%s", namespacePrefix, packageName, code), + CreatorPersons: cPersons, + CreatorOrganizations: cOrganizations, + CreatorTools: cTools, + Created: created, + } + return ci, nil +} diff --git a/builder/builder2v2/build_creation_info_test.go b/builder/builder2v2/build_creation_info_test.go new file mode 100644 index 0000000..188bd74 --- /dev/null +++ b/builder/builder2v2/build_creation_info_test.go @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "fmt" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== CreationInfo section builder tests ===== +func TestBuilder2_2CanBuildCreationInfoSection(t *testing.T) { + + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Organization" + creator := "Jane Doe LLC" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if ci.SPDXVersion != "SPDX-2.2" { + t.Errorf("expected %s, got %s", "SPDX-2.2", ci.SPDXVersion) + } + if ci.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", ci.DataLicense) + } + if ci.SPDXIdentifier != spdx.ElementID("DOCUMENT") { + t.Errorf("expected %s, got %v", "DOCUMENT", ci.SPDXIdentifier) + } + if ci.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", ci.DocumentName) + } + wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-project1-%s", verificationCode) + if ci.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, ci.DocumentNamespace) + } + if len(ci.CreatorPersons) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) + } + if len(ci.CreatorOrganizations) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorOrganizations)) + } + if ci.CreatorOrganizations[0] != "Jane Doe LLC" { + t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.CreatorOrganizations[0]) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } + if ci.Created != "2018-10-20T16:48:00Z" { + t.Errorf("expected %s, got %s", "2018-10-20T16:48:00Z", ci.Created) + } +} + +func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Person" + creator := "John Doe" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) + } + if ci.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } +} + +func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Tool" + creator := "some-other-tool-2.1" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } + if ci.CreatorTools[1] != "some-other-tool-2.1" { + t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.CreatorTools[1]) + } +} + +func TestBuilder2_2CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Whatever" + creator := "John Doe" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) + } + if ci.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } +} diff --git a/builder/builder2v2/build_file.go b/builder/builder2v2/build_file.go new file mode 100644 index 0000000..8042992 --- /dev/null +++ b/builder/builder2v2/build_file.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "fmt" + "path/filepath" + + "github.com/spdx/tools-golang/spdx" + "github.com/spdx/tools-golang/utils" +) + +// BuildFileSection2_2 creates an SPDX File (version 2.2), returning that +// file or error if any is encountered. Arguments: +// - filePath: path to file, relative to prefix +// - prefix: relative directory for filePath +// - fileNumber: integer index (unique within package) to use in identifier +func BuildFileSection2_2(filePath string, prefix string, fileNumber int) (*spdx.File2_2, error) { + // build the full file path + p := filepath.Join(prefix, filePath) + + // make sure we can get the file and its hashes + ssha1, ssha256, smd5, err := utils.GetHashesForFilePath(p) + if err != nil { + return nil, err + } + + // build the identifier + i := fmt.Sprintf("File%d", fileNumber) + + // now build the File section + f := &spdx.File2_2{ + FileName: filePath, + FileSPDXIdentifier: spdx.ElementID(i), + FileChecksumSHA1: ssha1, + FileChecksumSHA256: ssha256, + FileChecksumMD5: smd5, + LicenseConcluded: "NOASSERTION", + LicenseInfoInFile: []string{}, + FileCopyrightText: "NOASSERTION", + } + + return f, nil +} diff --git a/builder/builder2v2/build_file_test.go b/builder/builder2v2/build_file_test.go new file mode 100644 index 0000000..bd74421 --- /dev/null +++ b/builder/builder2v2/build_file_test.go @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== File section builder tests ===== +func TestBuilder2_2CanBuildFileSection(t *testing.T) { + filePath := "/file1.testdata.txt" + prefix := "../../testdata/project1/" + fileNumber := 17 + + file1, err := BuildFileSection2_2(filePath, prefix, fileNumber) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if file1 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file1.FileName != "/file1.testdata.txt" { + t.Errorf("expected %v, got %v", "/file1.testdata.txt", file1.FileName) + } + if file1.FileSPDXIdentifier != spdx.ElementID("File17") { + t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier) + } + if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) + } + if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) + } + if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + } + if file1.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) + } + if len(file1.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file1.LicenseInfoInFile)) + } + if file1.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.FileCopyrightText) + } + +} + +func TestBuilder2_2BuildFileSectionFailsForInvalidFilePath(t *testing.T) { + filePath := "/file1.testdata.txt" + prefix := "oops/wrong/path" + fileNumber := 11 + + _, err := BuildFileSection2_2(filePath, prefix, fileNumber) + if err == nil { + t.Fatalf("expected non-nil error, got nil") + } +} diff --git a/builder/builder2v2/build_package.go b/builder/builder2v2/build_package.go new file mode 100644 index 0000000..35c0a86 --- /dev/null +++ b/builder/builder2v2/build_package.go @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "fmt" + + "github.com/spdx/tools-golang/spdx" + "github.com/spdx/tools-golang/utils" +) + +// BuildPackageSection2_2 creates an SPDX Package (version 2.2), returning +// that package or error if any is encountered. Arguments: +// - packageName: name of package / directory +// - dirRoot: path to directory to be analyzed +// - pathsIgnore: slice of strings for filepaths to ignore +func BuildPackageSection2_2(packageName string, dirRoot string, pathsIgnore []string) (*spdx.Package2_2, error) { + // build the file section first, so we'll have it available + // for calculating the package verification code + filepaths, err := utils.GetAllFilePaths(dirRoot, pathsIgnore) + if err != nil { + return nil, err + } + + files := map[spdx.ElementID]*spdx.File2_2{} + fileNumber := 0 + for _, fp := range filepaths { + newFile, err := BuildFileSection2_2(fp, dirRoot, fileNumber) + if err != nil { + return nil, err + } + files[newFile.FileSPDXIdentifier] = newFile + fileNumber++ + } + + // get the verification code + code, err := utils.GetVerificationCode2_2(files, "") + if err != nil { + return nil, err + } + + // now build the package section + pkg := &spdx.Package2_2{ + PackageName: packageName, + PackageSPDXIdentifier: spdx.ElementID(fmt.Sprintf("Package-%s", packageName)), + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: code, + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{}, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: files, + } + + return pkg, nil +} diff --git a/builder/builder2v2/build_package_test.go b/builder/builder2v2/build_package_test.go new file mode 100644 index 0000000..c7e4dc3 --- /dev/null +++ b/builder/builder2v2/build_package_test.go @@ -0,0 +1,145 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Package section builder tests ===== +func TestBuilder2_2CanBuildPackageSection(t *testing.T) { + packageName := "project1" + dirRoot := "../../testdata/project1/" + + wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + + pkg, err := BuildPackageSection2_2(packageName, dirRoot, nil) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if pkg == nil { + t.Fatalf("expected non-nil Package, got nil") + } + if pkg.PackageName != "project1" { + t.Errorf("expected %v, got %v", "project1", pkg.PackageName) + } + if pkg.PackageSPDXIdentifier != spdx.ElementID("Package-project1") { + t.Errorf("expected %v, got %v", "Package-project1", pkg.PackageSPDXIdentifier) + } + if pkg.PackageDownloadLocation != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation) + } + if pkg.FilesAnalyzed != true { + t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) + } + if pkg.IsFilesAnalyzedTagPresent != true { + t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent) + } + if pkg.PackageVerificationCode != wantVerificationCode { + t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) + } + if pkg.PackageLicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseConcluded) + } + if len(pkg.PackageLicenseInfoFromFiles) != 0 { + t.Errorf("expected %v, got %v", 0, len(pkg.PackageLicenseInfoFromFiles)) + } + if pkg.PackageLicenseDeclared != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseDeclared) + } + if pkg.PackageCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageCopyrightText) + } + + // and make sure we got the right number of files, and check the first one + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + fileEmpty := pkg.Files[spdx.ElementID("File0")] + if fileEmpty == nil { + t.Fatalf("expected non-nil file, got nil") + } + if fileEmpty.FileName != "/emptyfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/emptyfile.testdata.txt", fileEmpty.FileName) + } + if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { + t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) + } + if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + } + if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + } + if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + } + if fileEmpty.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) + } + if len(fileEmpty.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(fileEmpty.LicenseInfoInFile)) + } + if fileEmpty.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.FileCopyrightText) + } +} + +func TestBuilder2_2CanIgnoreFiles(t *testing.T) { + packageName := "project3" + dirRoot := "../../testdata/project3/" + pathsIgnored := []string{ + "**/ignoredir/", + "/excludedir/", + "**/ignorefile.txt", + "/alsoEXCLUDEthis.txt", + } + pkg, err := BuildPackageSection2_2(packageName, dirRoot, pathsIgnored) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + // make sure we got the right files + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + + want := "/dontscan.txt" + got := pkg.Files[spdx.ElementID("File0")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep/keep.txt" + got = pkg.Files[spdx.ElementID("File1")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep.txt" + got = pkg.Files[spdx.ElementID("File2")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/dontscan.txt" + got = pkg.Files[spdx.ElementID("File3")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/keep.txt" + got = pkg.Files[spdx.ElementID("File4")].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } +} diff --git a/builder/builder2v2/build_relationship.go b/builder/builder2v2/build_relationship.go new file mode 100644 index 0000000..5eaf9de --- /dev/null +++ b/builder/builder2v2/build_relationship.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +// BuildRelationshipSection2_2 creates an SPDX Relationship (version 2.2) +// solely for the document "DESCRIBES" package relationship, returning that +// relationship or error if any is encountered. Arguments: +// - packageName: name of package / directory +func BuildRelationshipSection2_2(packageName string) (*spdx.Relationship2_2, error) { + rln := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", fmt.Sprintf("Package-%s", packageName)), + Relationship: "DESCRIBES", + } + + return rln, nil +} diff --git a/builder/builder2v2/build_relationship_test.go b/builder/builder2v2/build_relationship_test.go new file mode 100644 index 0000000..4e8ba99 --- /dev/null +++ b/builder/builder2v2/build_relationship_test.go @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v2 + +import ( + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Relationship section builder tests ===== +func TestBuilder2_2CanBuildRelationshipSection(t *testing.T) { + packageName := "project17" + + rln, err := BuildRelationshipSection2_2(packageName) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if rln == nil { + t.Fatalf("expected non-nil relationship, got nil") + } + if rln.RefA != spdx.MakeDocElementID("", "DOCUMENT") { + t.Errorf("expected %v, got %v", "DOCUMENT", rln.RefA) + } + if rln.RefB != spdx.MakeDocElementID("", "Package-project17") { + t.Errorf("expected %v, got %v", "Package-project17", rln.RefB) + } + if rln.Relationship != "DESCRIBES" { + t.Errorf("expected %v, got %v", "DESCRIBES", rln.Relationship) + } + +} |