diff options
| author | Ian Ling <ian@iancaling.com> | 2022-04-08 08:52:57 -0700 |
|---|---|---|
| committer | Ian Ling <ian@iancaling.com> | 2022-04-25 15:00:47 -0700 |
| commit | 460cf54ece7eba418c50407ee35544c5d63588a7 (patch) | |
| tree | 07ec7aaf51a92a1ae209e540f45241f990561919 | |
| parent | fa24fac85dd550a3f815896241081a1246810d2c (diff) | |
| download | spdx-tools-460cf54ece7eba418c50407ee35544c5d63588a7.tar.gz | |
Overhaul structs, refactor JSON parser and saver
Signed-off-by: Ian Ling <ian@iancaling.com>
165 files changed, 5264 insertions, 9735 deletions
@@ -26,8 +26,7 @@ tools-golang provides the following packages: * *tvloader* - tag-value document loader * *tvsaver* - tag-value document saver * *rdfloader* - RDF document loader -* *jsonloader* - JSON document loader -* *jsonsaver* - JSON document saver +* *json* - JSON document parser and writer * *builder* - builds "empty" SPDX document (with hashes) for directory contents * *idsearcher* - searches for [SPDX short-form IDs](https://spdx.org/ids/) and builds SPDX document * *licensediff* - compares concluded licenses between files in two packages diff --git a/builder/build.go b/builder/build.go index f70f911..235e91d 100644 --- a/builder/build.go +++ b/builder/build.go @@ -5,6 +5,7 @@ package builder import ( + "fmt" "github.com/spdx/tools-golang/builder/builder2v1" "github.com/spdx/tools-golang/builder/builder2v2" "github.com/spdx/tools-golang/spdx" @@ -55,7 +56,7 @@ func Build2_1(packageName string, dirRoot string, config *Config2_1) (*spdx.Docu return nil, err } - ci, err := builder2v1.BuildCreationInfoSection2_1(packageName, pkg.PackageVerificationCode, config.NamespacePrefix, config.CreatorType, config.Creator, config.TestValues) + ci, err := builder2v1.BuildCreationInfoSection2_1(config.CreatorType, config.Creator, config.TestValues) if err != nil { return nil, err } @@ -66,9 +67,14 @@ func Build2_1(packageName string, dirRoot string, config *Config2_1) (*spdx.Docu } doc := &spdx.Document2_1{ - CreationInfo: ci, - Packages: map[spdx.ElementID]*spdx.Package2_1{pkg.PackageSPDXIdentifier: pkg}, - Relationships: []*spdx.Relationship2_1{rln}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: packageName, + DocumentNamespace: fmt.Sprintf("%s%s-%s", config.NamespacePrefix, packageName, pkg.PackageVerificationCode), + CreationInfo: ci, + Packages: []*spdx.Package2_1{pkg}, + Relationships: []*spdx.Relationship2_1{rln}, } return doc, nil @@ -119,7 +125,7 @@ func Build2_2(packageName string, dirRoot string, config *Config2_2) (*spdx.Docu return nil, err } - ci, err := builder2v2.BuildCreationInfoSection2_2(packageName, pkg.PackageVerificationCode, config.NamespacePrefix, config.CreatorType, config.Creator, config.TestValues) + ci, err := builder2v2.BuildCreationInfoSection2_2(config.CreatorType, config.Creator, config.TestValues) if err != nil { return nil, err } @@ -130,9 +136,14 @@ func Build2_2(packageName string, dirRoot string, config *Config2_2) (*spdx.Docu } doc := &spdx.Document2_2{ - CreationInfo: ci, - Packages: map[spdx.ElementID]*spdx.Package2_2{pkg.PackageSPDXIdentifier: pkg}, - Relationships: []*spdx.Relationship2_2{rln}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: packageName, + DocumentNamespace: fmt.Sprintf("%s%s-%s", config.NamespacePrefix, packageName, pkg.PackageVerificationCode), + CreationInfo: ci, + Packages: []*spdx.Package2_2{pkg}, + Relationships: []*spdx.Relationship2_2{rln}, } return doc, nil diff --git a/builder/build_test.go b/builder/build_test.go index 62be42b..be4fd42 100644 --- a/builder/build_test.go +++ b/builder/build_test.go @@ -21,7 +21,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { } config.TestValues["Created"] = "2018-10-19T04:38:00Z" - wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + wantVerificationCode := spdx.PackageVerificationCode{Value: "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b"} doc, err := Build2_1("project1", dirRoot, config) if err != nil { @@ -35,33 +35,30 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if doc.CreationInfo == nil { t.Fatalf("expected non-nil CreationInfo section, got nil") } - if doc.CreationInfo.SPDXVersion != "SPDX-2.1" { - t.Errorf("expected %s, got %s", "SPDX-2.1", doc.CreationInfo.SPDXVersion) + if doc.SPDXVersion != "SPDX-2.1" { + t.Errorf("expected %s, got %s", "SPDX-2.1", doc.SPDXVersion) } - if doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("expected %s, got %s", "CC0-1.0", doc.CreationInfo.DataLicense) + if doc.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", doc.DataLicense) } - if doc.CreationInfo.SPDXIdentifier != spdx.ElementID("DOCUMENT") { - t.Errorf("expected %s, got %v", "DOCUMENT", doc.CreationInfo.SPDXIdentifier) + if doc.SPDXIdentifier != spdx.ElementID("DOCUMENT") { + t.Errorf("expected %s, got %v", "DOCUMENT", doc.SPDXIdentifier) } - if doc.CreationInfo.DocumentName != "project1" { - t.Errorf("expected %s, got %s", "project1", doc.CreationInfo.DocumentName) + if doc.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", doc.DocumentName) } wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-project1-%s", wantVerificationCode) - if doc.CreationInfo.DocumentNamespace != wantNamespace { - t.Errorf("expected %s, got %s", wantNamespace, doc.CreationInfo.DocumentNamespace) + if doc.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, doc.DocumentNamespace) } - if len(doc.CreationInfo.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorPersons)) + if len(doc.CreationInfo.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(doc.CreationInfo.Creators)) } - if doc.CreationInfo.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", doc.CreationInfo.CreatorPersons[0]) + if doc.CreationInfo.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %+v", "John Doe", doc.CreationInfo.Creators[1]) } - if len(doc.CreationInfo.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorTools)) - } - if doc.CreationInfo.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", doc.CreationInfo.CreatorTools[0]) + if doc.CreationInfo.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %+v", "github.com/spdx/tools-golang/builder", doc.CreationInfo.Creators[0]) } if doc.CreationInfo.Created != "2018-10-19T04:38:00Z" { t.Errorf("expected %s, got %s", "2018-10-19T04:38:00Z", doc.CreationInfo.Created) @@ -74,7 +71,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if len(doc.Packages) != 1 { t.Fatalf("expected %d, got %d", 1, len(doc.Packages)) } - pkg := doc.Packages[spdx.ElementID("Package-project1")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -90,7 +87,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if pkg.FilesAnalyzed != true { t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) } - if pkg.PackageVerificationCode != wantVerificationCode { + if pkg.PackageVerificationCode.Value != wantVerificationCode.Value { t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) } if pkg.PackageLicenseConcluded != "NOASSERTION" { @@ -119,7 +116,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { // emptyfile, file1, file3, folder/file4, lastfile // check emptyfile.testdata.txt - fileEmpty := pkg.Files[spdx.ElementID("File0")] + fileEmpty := pkg.Files[0] if fileEmpty == nil { t.Fatalf("expected non-nil file, got nil") } @@ -129,23 +126,32 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + + for _, checksum := range fileEmpty.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } } + if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } - if len(fileEmpty.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFile)) + if len(fileEmpty.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFiles)) } else { - if fileEmpty.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFile[0]) + if fileEmpty.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFiles[0]) } } if fileEmpty.FileCopyrightText != "NOASSERTION" { @@ -153,7 +159,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { } // check file1.testdata.txt - file1 := pkg.Files[spdx.ElementID("File1")] + file1 := pkg.Files[1] if file1 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -163,23 +169,31 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File1") { t.Errorf("expected %v, got %v", "File1", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + + for _, checksum := range file1.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } } if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) } - if len(file1.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFile)) + if len(file1.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFiles)) } else { - if file1.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFile[0]) + if file1.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFiles[0]) } } if file1.FileCopyrightText != "NOASSERTION" { @@ -187,7 +201,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { } // check file3.testdata.txt - file3 := pkg.Files[spdx.ElementID("File2")] + file3 := pkg.Files[2] if file3 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -197,23 +211,31 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if file3.FileSPDXIdentifier != spdx.ElementID("File2") { t.Errorf("expected %v, got %v", "File2", file3.FileSPDXIdentifier) } - if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { - t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) - } - if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { - t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) - } - if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { - t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) + + for _, checksum := range file3.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "a46114b70e163614f01c64adf44cdd438f158fce" { + t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "3e02d3ab9c58eec6911dbba37570934f" { + t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", checksum.Value) + } + } } if file3.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) } - if len(file3.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file3.LicenseInfoInFile)) + if len(file3.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file3.LicenseInfoInFiles)) } else { - if file3.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseInfoInFile[0]) + if file3.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseInfoInFiles[0]) } } if file3.FileCopyrightText != "NOASSERTION" { @@ -221,7 +243,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { } // check folder1/file4.testdata.txt - file4 := pkg.Files[spdx.ElementID("File3")] + file4 := pkg.Files[3] if file4 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -231,23 +253,31 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if file4.FileSPDXIdentifier != spdx.ElementID("File3") { t.Errorf("expected %v, got %v", "File3", file4.FileSPDXIdentifier) } - if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { - t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) - } - if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { - t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) - } - if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { - t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) + + for _, checksum := range file4.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "96e6a25d35df5b1c477710ef4d0c7210" { + t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", checksum.Value) + } + } } if file4.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) } - if len(file4.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file4.LicenseInfoInFile)) + if len(file4.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file4.LicenseInfoInFiles)) } else { - if file4.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseInfoInFile[0]) + if file4.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseInfoInFiles[0]) } } if file4.FileCopyrightText != "NOASSERTION" { @@ -255,7 +285,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) { } // check lastfile.testdata.txt - lastfile := pkg.Files[spdx.ElementID("File4")] + lastfile := pkg.Files[4] if lastfile == nil { t.Fatalf("expected non-nil file, got nil") } @@ -265,23 +295,31 @@ func TestBuild2_1CreatesDocument(t *testing.T) { if lastfile.FileSPDXIdentifier != spdx.ElementID("File4") { t.Errorf("expected %v, got %v", "File4", lastfile.FileSPDXIdentifier) } - if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { - t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) - } - if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { - t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) - } - if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { - t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) + + for _, checksum := range lastfile.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "f60baa793870d9085461ad6bbab50b7f" { + t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", checksum.Value) + } + } } if lastfile.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) } - if len(lastfile.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(lastfile.LicenseInfoInFile)) + if len(lastfile.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(lastfile.LicenseInfoInFiles)) } else { - if lastfile.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseInfoInFile[0]) + if lastfile.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseInfoInFiles[0]) } } if lastfile.FileCopyrightText != "NOASSERTION" { @@ -343,7 +381,7 @@ func TestBuild2_1CanIgnoreFiles(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - pkg := doc.Packages[spdx.ElementID("Package-project1")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -352,31 +390,31 @@ func TestBuild2_1CanIgnoreFiles(t *testing.T) { } want := "./dontscan.txt" - got := pkg.Files[spdx.ElementID("File0")].FileName + got := pkg.Files[0].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep/keep.txt" - got = pkg.Files[spdx.ElementID("File1")].FileName + got = pkg.Files[1].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep.txt" - got = pkg.Files[spdx.ElementID("File2")].FileName + got = pkg.Files[2].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/dontscan.txt" - got = pkg.Files[spdx.ElementID("File3")].FileName + got = pkg.Files[3].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/keep.txt" - got = pkg.Files[spdx.ElementID("File4")].FileName + got = pkg.Files[4].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } @@ -394,7 +432,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { } config.TestValues["Created"] = "2018-10-19T04:38:00Z" - wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + wantVerificationCode := spdx.PackageVerificationCode{Value: "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b"} doc, err := Build2_2("project1", dirRoot, config) if err != nil { @@ -408,33 +446,30 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if doc.CreationInfo == nil { t.Fatalf("expected non-nil CreationInfo section, got nil") } - if doc.CreationInfo.SPDXVersion != "SPDX-2.2" { - t.Errorf("expected %s, got %s", "SPDX-2.2", doc.CreationInfo.SPDXVersion) + if doc.SPDXVersion != "SPDX-2.2" { + t.Errorf("expected %s, got %s", "SPDX-2.2", doc.SPDXVersion) } - if doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("expected %s, got %s", "CC0-1.0", doc.CreationInfo.DataLicense) + if doc.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", doc.DataLicense) } - if doc.CreationInfo.SPDXIdentifier != spdx.ElementID("DOCUMENT") { - t.Errorf("expected %s, got %v", "DOCUMENT", doc.CreationInfo.SPDXIdentifier) + if doc.SPDXIdentifier != spdx.ElementID("DOCUMENT") { + t.Errorf("expected %s, got %v", "DOCUMENT", doc.SPDXIdentifier) } - if doc.CreationInfo.DocumentName != "project1" { - t.Errorf("expected %s, got %s", "project1", doc.CreationInfo.DocumentName) + if doc.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", doc.DocumentName) } wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-project1-%s", wantVerificationCode) - if doc.CreationInfo.DocumentNamespace != wantNamespace { - t.Errorf("expected %s, got %s", wantNamespace, doc.CreationInfo.DocumentNamespace) - } - if len(doc.CreationInfo.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorPersons)) + if doc.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, doc.DocumentNamespace) } - if doc.CreationInfo.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", doc.CreationInfo.CreatorPersons[0]) + if len(doc.CreationInfo.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(doc.CreationInfo.Creators)) } - if len(doc.CreationInfo.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorTools)) + if doc.CreationInfo.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %+v", "John Doe", doc.CreationInfo.Creators[1]) } - if doc.CreationInfo.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", doc.CreationInfo.CreatorTools[0]) + if doc.CreationInfo.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %+v", "github.com/spdx/tools-golang/builder", doc.CreationInfo.Creators[0]) } if doc.CreationInfo.Created != "2018-10-19T04:38:00Z" { t.Errorf("expected %s, got %s", "2018-10-19T04:38:00Z", doc.CreationInfo.Created) @@ -447,7 +482,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if len(doc.Packages) != 1 { t.Fatalf("expected %d, got %d", 1, len(doc.Packages)) } - pkg := doc.Packages[spdx.ElementID("Package-project1")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -463,7 +498,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if pkg.FilesAnalyzed != true { t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) } - if pkg.PackageVerificationCode != wantVerificationCode { + if pkg.PackageVerificationCode.Value != wantVerificationCode.Value { t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) } if pkg.PackageLicenseConcluded != "NOASSERTION" { @@ -492,7 +527,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { // emptyfile, file1, file3, folder/file4, lastfile // check emptyfile.testdata.txt - fileEmpty := pkg.Files[spdx.ElementID("File0")] + fileEmpty := pkg.Files[0] if fileEmpty == nil { t.Fatalf("expected non-nil file, got nil") } @@ -502,7 +537,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - for _, checksum := range fileEmpty.FileChecksums { + for _, checksum := range fileEmpty.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { @@ -521,11 +556,11 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } - if len(fileEmpty.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFile)) + if len(fileEmpty.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFiles)) } else { - if fileEmpty.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFile[0]) + if fileEmpty.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFiles[0]) } } if fileEmpty.FileCopyrightText != "NOASSERTION" { @@ -533,7 +568,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { } // check file1.testdata.txt - file1 := pkg.Files[spdx.ElementID("File1")] + file1 := pkg.Files[1] if file1 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -543,7 +578,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File1") { t.Errorf("expected %v, got %v", "File1", file1.FileSPDXIdentifier) } - for _, checksum := range file1.FileChecksums { + for _, checksum := range file1.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { @@ -562,11 +597,11 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) } - if len(file1.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFile)) + if len(file1.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFiles)) } else { - if file1.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFile[0]) + if file1.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFiles[0]) } } if file1.FileCopyrightText != "NOASSERTION" { @@ -574,7 +609,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { } // check file3.testdata.txt - file3 := pkg.Files[spdx.ElementID("File2")] + file3 := pkg.Files[2] if file3 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -584,7 +619,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file3.FileSPDXIdentifier != spdx.ElementID("File2") { t.Errorf("expected %v, got %v", "File2", file3.FileSPDXIdentifier) } - for _, checksum := range file3.FileChecksums { + for _, checksum := range file3.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "a46114b70e163614f01c64adf44cdd438f158fce" { @@ -603,11 +638,11 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file3.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) } - if len(file3.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file3.LicenseInfoInFile)) + if len(file3.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file3.LicenseInfoInFiles)) } else { - if file3.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseInfoInFile[0]) + if file3.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseInfoInFiles[0]) } } if file3.FileCopyrightText != "NOASSERTION" { @@ -615,7 +650,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { } // check folder1/file4.testdata.txt - file4 := pkg.Files[spdx.ElementID("File3")] + file4 := pkg.Files[3] if file4 == nil { t.Fatalf("expected non-nil file, got nil") } @@ -625,7 +660,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file4.FileSPDXIdentifier != spdx.ElementID("File3") { t.Errorf("expected %v, got %v", "File3", file4.FileSPDXIdentifier) } - for _, checksum := range file4.FileChecksums { + for _, checksum := range file4.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "e623d7d7d782a7c8323c4d436acee4afab34320f" { @@ -644,11 +679,11 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file4.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) } - if len(file4.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file4.LicenseInfoInFile)) + if len(file4.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file4.LicenseInfoInFiles)) } else { - if file4.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseInfoInFile[0]) + if file4.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseInfoInFiles[0]) } } if file4.FileCopyrightText != "NOASSERTION" { @@ -656,7 +691,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { } // check lastfile.testdata.txt - lastfile := pkg.Files[spdx.ElementID("File4")] + lastfile := pkg.Files[4] if lastfile == nil { t.Fatalf("expected non-nil file, got nil") } @@ -666,7 +701,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if lastfile.FileSPDXIdentifier != spdx.ElementID("File4") { t.Errorf("expected %v, got %v", "File4", lastfile.FileSPDXIdentifier) } - for _, checksum := range lastfile.FileChecksums { + for _, checksum := range lastfile.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "26d6221d682d9ba59116f9753a701f34271c8ce1" { @@ -685,11 +720,11 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if lastfile.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) } - if len(lastfile.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(lastfile.LicenseInfoInFile)) + if len(lastfile.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(lastfile.LicenseInfoInFiles)) } else { - if lastfile.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseInfoInFile[0]) + if lastfile.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseInfoInFiles[0]) } } if lastfile.FileCopyrightText != "NOASSERTION" { @@ -751,7 +786,7 @@ func TestBuild2_2CanIgnoreFiles(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - pkg := doc.Packages[spdx.ElementID("Package-project1")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -760,31 +795,31 @@ func TestBuild2_2CanIgnoreFiles(t *testing.T) { } want := "./dontscan.txt" - got := pkg.Files[spdx.ElementID("File0")].FileName + got := pkg.Files[0].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep/keep.txt" - got = pkg.Files[spdx.ElementID("File1")].FileName + got = pkg.Files[1].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep.txt" - got = pkg.Files[spdx.ElementID("File2")].FileName + got = pkg.Files[2].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/dontscan.txt" - got = pkg.Files[spdx.ElementID("File3")].FileName + got = pkg.Files[3].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/keep.txt" - got = pkg.Files[spdx.ElementID("File4")].FileName + got = pkg.Files[4].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } diff --git a/builder/builder2v1/build_creation_info.go b/builder/builder2v1/build_creation_info.go index 1d8c77f..c838b92 100644 --- a/builder/builder2v1/build_creation_info.go +++ b/builder/builder2v1/build_creation_info.go @@ -3,7 +3,6 @@ package builder2v1 import ( - "fmt" "time" "github.com/spdx/tools-golang/spdx" @@ -11,29 +10,21 @@ import ( // BuildCreationInfoSection2_1 creates an SPDX Package (version 2.1), returning that // package or error if any is encountered. Arguments: -// - packageName: name of package / directory -// - code: verification code from Package -// - namespacePrefix: prefix for DocumentNamespace (packageName and code will be added) // - creatorType: one of Person, Organization or Tool // - creator: creator string // - testValues: for testing only; call with nil when using in production -func BuildCreationInfoSection2_1(packageName string, code string, namespacePrefix string, creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_1, error) { +func BuildCreationInfoSection2_1(creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_1, error) { // build creator slices - cPersons := []string{} - cOrganizations := []string{} - cTools := []string{} - // add builder as a tool - cTools = append(cTools, "github.com/spdx/tools-golang/builder") - - switch creatorType { - case "Person": - cPersons = append(cPersons, creator) - case "Organization": - cOrganizations = append(cOrganizations, creator) - case "Tool": - cTools = append(cTools, creator) - default: - cPersons = append(cPersons, creator) + creators := []spdx.Creator{ + // add builder as a tool + { + Creator: "github.com/spdx/tools-golang/builder", + CreatorType: "Tool", + }, + { + Creator: creator, + CreatorType: creatorType, + }, } // use test Created time if passing test values @@ -45,15 +36,8 @@ func BuildCreationInfoSection2_1(packageName string, code string, namespacePrefi } ci := &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: packageName, - DocumentNamespace: fmt.Sprintf("%s%s-%s", namespacePrefix, packageName, code), - CreatorPersons: cPersons, - CreatorOrganizations: cOrganizations, - CreatorTools: cTools, - Created: created, + Creators: creators, + Created: created, } return ci, nil } diff --git a/builder/builder2v1/build_creation_info_test.go b/builder/builder2v1/build_creation_info_test.go index b45f2f0..9684fde 100644 --- a/builder/builder2v1/build_creation_info_test.go +++ b/builder/builder2v1/build_creation_info_test.go @@ -3,24 +3,17 @@ package builder2v1 import ( - "fmt" "testing" - - "github.com/spdx/tools-golang/spdx" ) // ===== CreationInfo section builder tests ===== func TestBuilder2_1CanBuildCreationInfoSection(t *testing.T) { - - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Organization" creator := "Jane Doe LLC" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_1(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -28,36 +21,14 @@ func TestBuilder2_1CanBuildCreationInfoSection(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if ci.SPDXVersion != "SPDX-2.1" { - t.Errorf("expected %s, got %s", "SPDX-2.1", ci.SPDXVersion) - } - if ci.DataLicense != "CC0-1.0" { - t.Errorf("expected %s, got %s", "CC0-1.0", ci.DataLicense) - } - if ci.SPDXIdentifier != spdx.ElementID("DOCUMENT") { - t.Errorf("expected %s, got %v", "DOCUMENT", ci.SPDXIdentifier) - } - if ci.DocumentName != "project1" { - t.Errorf("expected %s, got %s", "project1", ci.DocumentName) - } - wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-project1-%s", verificationCode) - if ci.DocumentNamespace != wantNamespace { - t.Errorf("expected %s, got %s", wantNamespace, ci.DocumentNamespace) - } - if len(ci.CreatorPersons) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) - } - if len(ci.CreatorOrganizations) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if ci.CreatorOrganizations[0] != "Jane Doe LLC" { - t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.CreatorOrganizations[0]) + if ci.Creators[1].Creator != "Jane Doe LLC" { + t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.Creators[1].Creator) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) - } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0].Creator) } if ci.Created != "2018-10-20T16:48:00Z" { t.Errorf("expected %s, got %s", "2018-10-20T16:48:00Z", ci.Created) @@ -65,15 +36,12 @@ func TestBuilder2_1CanBuildCreationInfoSection(t *testing.T) { } func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Person" creator := "John Doe" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_1(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -81,33 +49,24 @@ func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) - } - if ci.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if ci.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.Creators[1].Creator) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) - } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0].Creator) } } func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Tool" creator := "some-other-tool-2.1" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_1(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -115,33 +74,24 @@ func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) - } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorTools) != 2 { - t.Fatalf("expected %d, got %d", 2, len(ci.CreatorTools)) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0]) } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) - } - if ci.CreatorTools[1] != "some-other-tool-2.1" { - t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.CreatorTools[1]) + if ci.Creators[1].Creator != "some-other-tool-2.1" { + t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.Creators[1]) } } func TestBuilder2_1CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Whatever" creator := "John Doe" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_1(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -149,19 +99,13 @@ func TestBuilder2_1CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) - } - if ci.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) - } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + if ci.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.Creators[1]) } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0]) } } diff --git a/builder/builder2v1/build_file.go b/builder/builder2v1/build_file.go index b47268c..7e9e52e 100644 --- a/builder/builder2v1/build_file.go +++ b/builder/builder2v1/build_file.go @@ -32,11 +32,22 @@ func BuildFileSection2_1(filePath string, prefix string, fileNumber int) (*spdx. f := &spdx.File2_1{ FileName: filePath, FileSPDXIdentifier: spdx.ElementID(i), - FileChecksumSHA1: ssha1, - FileChecksumSHA256: ssha256, - FileChecksumMD5: smd5, + Checksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: ssha1, + }, + { + Algorithm: spdx.SHA256, + Value: ssha256, + }, + { + Algorithm: spdx.MD5, + Value: smd5, + }, + }, LicenseConcluded: "NOASSERTION", - LicenseInfoInFile: []string{"NOASSERTION"}, + LicenseInfoInFiles: []string{"NOASSERTION"}, FileCopyrightText: "NOASSERTION", } diff --git a/builder/builder2v1/build_file_test.go b/builder/builder2v1/build_file_test.go index 6ef157a..cea297b 100644 --- a/builder/builder2v1/build_file_test.go +++ b/builder/builder2v1/build_file_test.go @@ -28,23 +28,32 @@ func TestBuilder2_1CanBuildFileSection(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File17") { t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + + for _, checksum := range file1.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } } + if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) } - if len(file1.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFile)) + if len(file1.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFiles)) } else { - if file1.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFile[0]) + if file1.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFiles[0]) } } if file1.FileCopyrightText != "NOASSERTION" { diff --git a/builder/builder2v1/build_package.go b/builder/builder2v1/build_package.go index e59e676..f39bb53 100644 --- a/builder/builder2v1/build_package.go +++ b/builder/builder2v1/build_package.go @@ -35,7 +35,7 @@ func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []st dirRootLen = len(dirRoot) } - files := map[spdx.ElementID]*spdx.File2_1{} + files := []*spdx.File2_1{} fileNumber := 0 for _, fp := range filepaths { newFilePatch := "" @@ -48,7 +48,7 @@ func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []st if err != nil { return nil, err } - files[newFile.FileSPDXIdentifier] = newFile + files = append(files, newFile) fileNumber++ } // get the verification code diff --git a/builder/builder2v1/build_package_test.go b/builder/builder2v1/build_package_test.go index 7128834..1458637 100644 --- a/builder/builder2v1/build_package_test.go +++ b/builder/builder2v1/build_package_test.go @@ -13,7 +13,7 @@ func TestBuilder2_1CanBuildPackageSection(t *testing.T) { packageName := "project1" dirRoot := "../../testdata/project1/" - wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + wantVerificationCode := spdx.PackageVerificationCode{Value: "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b"} pkg, err := BuildPackageSection2_1(packageName, dirRoot, nil) if err != nil { @@ -38,7 +38,7 @@ func TestBuilder2_1CanBuildPackageSection(t *testing.T) { if pkg.IsFilesAnalyzedTagPresent != true { t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent) } - if pkg.PackageVerificationCode != wantVerificationCode { + if pkg.PackageVerificationCode.Value != wantVerificationCode.Value { t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) } if pkg.PackageLicenseConcluded != "NOASSERTION" { @@ -61,7 +61,7 @@ func TestBuilder2_1CanBuildPackageSection(t *testing.T) { if len(pkg.Files) != 5 { t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) } - fileEmpty := pkg.Files[spdx.ElementID("File0")] + fileEmpty := pkg.Files[0] if fileEmpty == nil { t.Fatalf("expected non-nil file, got nil") } @@ -71,23 +71,30 @@ func TestBuilder2_1CanBuildPackageSection(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + for _, checksum := range fileEmpty.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } } if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } - if len(fileEmpty.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFile)) + if len(fileEmpty.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFiles)) } else { - if fileEmpty.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFile[0]) + if fileEmpty.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFiles[0]) } } if fileEmpty.FileCopyrightText != "NOASSERTION" { @@ -118,31 +125,31 @@ func TestBuilder2_1CanIgnoreFiles(t *testing.T) { } want := "./dontscan.txt" - got := pkg.Files[spdx.ElementID("File0")].FileName + got := pkg.Files[0].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep/keep.txt" - got = pkg.Files[spdx.ElementID("File1")].FileName + got = pkg.Files[1].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep.txt" - got = pkg.Files[spdx.ElementID("File2")].FileName + got = pkg.Files[2].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/dontscan.txt" - got = pkg.Files[spdx.ElementID("File3")].FileName + got = pkg.Files[3].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/keep.txt" - got = pkg.Files[spdx.ElementID("File4")].FileName + got = pkg.Files[4].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } diff --git a/builder/builder2v2/build_creation_info.go b/builder/builder2v2/build_creation_info.go index 89e1b3c..c24d2d3 100644 --- a/builder/builder2v2/build_creation_info.go +++ b/builder/builder2v2/build_creation_info.go @@ -3,7 +3,6 @@ package builder2v2 import ( - "fmt" "time" "github.com/spdx/tools-golang/spdx" @@ -17,23 +16,18 @@ import ( // - creatorType: one of Person, Organization or Tool // - creator: creator string // - testValues: for testing only; call with nil when using in production -func BuildCreationInfoSection2_2(packageName string, code string, namespacePrefix string, creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_2, error) { +func BuildCreationInfoSection2_2(creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_2, error) { // build creator slices - cPersons := []string{} - cOrganizations := []string{} - cTools := []string{} - // add builder as a tool - cTools = append(cTools, "github.com/spdx/tools-golang/builder") - - switch creatorType { - case "Person": - cPersons = append(cPersons, creator) - case "Organization": - cOrganizations = append(cOrganizations, creator) - case "Tool": - cTools = append(cTools, creator) - default: - cPersons = append(cPersons, creator) + creators := []spdx.Creator{ + // add builder as a tool + { + Creator: "github.com/spdx/tools-golang/builder", + CreatorType: "Tool", + }, + { + Creator: creator, + CreatorType: creatorType, + }, } // use test Created time if passing test values @@ -45,15 +39,8 @@ func BuildCreationInfoSection2_2(packageName string, code string, namespacePrefi } ci := &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: packageName, - DocumentNamespace: fmt.Sprintf("%s%s-%s", namespacePrefix, packageName, code), - CreatorPersons: cPersons, - CreatorOrganizations: cOrganizations, - CreatorTools: cTools, - Created: created, + Creators: creators, + Created: created, } return ci, nil } diff --git a/builder/builder2v2/build_creation_info_test.go b/builder/builder2v2/build_creation_info_test.go index 188bd74..48a0654 100644 --- a/builder/builder2v2/build_creation_info_test.go +++ b/builder/builder2v2/build_creation_info_test.go @@ -3,24 +3,17 @@ package builder2v2 import ( - "fmt" "testing" - - "github.com/spdx/tools-golang/spdx" ) // ===== CreationInfo section builder tests ===== func TestBuilder2_2CanBuildCreationInfoSection(t *testing.T) { - - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Organization" creator := "Jane Doe LLC" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_2(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -28,36 +21,14 @@ func TestBuilder2_2CanBuildCreationInfoSection(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if ci.SPDXVersion != "SPDX-2.2" { - t.Errorf("expected %s, got %s", "SPDX-2.2", ci.SPDXVersion) - } - if ci.DataLicense != "CC0-1.0" { - t.Errorf("expected %s, got %s", "CC0-1.0", ci.DataLicense) - } - if ci.SPDXIdentifier != spdx.ElementID("DOCUMENT") { - t.Errorf("expected %s, got %v", "DOCUMENT", ci.SPDXIdentifier) - } - if ci.DocumentName != "project1" { - t.Errorf("expected %s, got %s", "project1", ci.DocumentName) - } - wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-project1-%s", verificationCode) - if ci.DocumentNamespace != wantNamespace { - t.Errorf("expected %s, got %s", wantNamespace, ci.DocumentNamespace) - } - if len(ci.CreatorPersons) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) - } - if len(ci.CreatorOrganizations) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if ci.CreatorOrganizations[0] != "Jane Doe LLC" { - t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.CreatorOrganizations[0]) + if ci.Creators[1].Creator != "Jane Doe LLC" { + t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.Creators[0].Creator) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) - } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[1].Creator) } if ci.Created != "2018-10-20T16:48:00Z" { t.Errorf("expected %s, got %s", "2018-10-20T16:48:00Z", ci.Created) @@ -65,15 +36,12 @@ func TestBuilder2_2CanBuildCreationInfoSection(t *testing.T) { } func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Person" creator := "John Doe" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_2(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -81,33 +49,24 @@ func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) - } - if ci.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if ci.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.Creators[0].Creator) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) - } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[1].Creator) } } func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Tool" creator := "some-other-tool-2.1" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_2(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -115,33 +74,24 @@ func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) - } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorTools) != 2 { - t.Fatalf("expected %d, got %d", 2, len(ci.CreatorTools)) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0]) } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) - } - if ci.CreatorTools[1] != "some-other-tool-2.1" { - t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.CreatorTools[1]) + if ci.Creators[1].Creator != "some-other-tool-2.1" { + t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.Creators[1]) } } func TestBuilder2_2CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { - namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" creatorType := "Whatever" creator := "John Doe" testValues := make(map[string]string) testValues["Created"] = "2018-10-20T16:48:00Z" - packageName := "project1" - verificationCode := "TESTCODE" - ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + ci, err := BuildCreationInfoSection2_2(creatorType, creator, testValues) if err != nil { t.Fatalf("expected nil error, got %v", err) } @@ -149,19 +99,13 @@ func TestBuilder2_2CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { if ci == nil { t.Fatalf("expected non-nil CreationInfo, got nil") } - if len(ci.CreatorPersons) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) - } - if ci.CreatorPersons[0] != "John Doe" { - t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) - } - if len(ci.CreatorOrganizations) != 0 { - t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + if len(ci.Creators) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.Creators)) } - if len(ci.CreatorTools) != 1 { - t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + if ci.Creators[1].Creator != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.Creators[1]) } - if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { - t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + if ci.Creators[0].Creator != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.Creators[0]) } } diff --git a/builder/builder2v2/build_file.go b/builder/builder2v2/build_file.go index ec59f6a..efdd979 100644 --- a/builder/builder2v2/build_file.go +++ b/builder/builder2v2/build_file.go @@ -32,23 +32,23 @@ func BuildFileSection2_2(filePath string, prefix string, fileNumber int) (*spdx. f := &spdx.File2_2{ FileName: filePath, FileSPDXIdentifier: spdx.ElementID(i), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: ssha1, }, - spdx.SHA256: spdx.Checksum{ + { Algorithm: spdx.SHA256, Value: ssha256, }, - spdx.MD5: spdx.Checksum{ + { Algorithm: spdx.MD5, Value: smd5, }, }, - LicenseConcluded: "NOASSERTION", - LicenseInfoInFile: []string{"NOASSERTION"}, - FileCopyrightText: "NOASSERTION", + LicenseConcluded: "NOASSERTION", + LicenseInfoInFiles: []string{"NOASSERTION"}, + FileCopyrightText: "NOASSERTION", } return f, nil diff --git a/builder/builder2v2/build_file_test.go b/builder/builder2v2/build_file_test.go index 8a1767e..74a6a6a 100644 --- a/builder/builder2v2/build_file_test.go +++ b/builder/builder2v2/build_file_test.go @@ -28,7 +28,8 @@ func TestBuilder2_2CanBuildFileSection(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File17") { t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier) } - for _, checksum := range file1.FileChecksums { + + for _, checksum := range file1.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { @@ -44,14 +45,15 @@ func TestBuilder2_2CanBuildFileSection(t *testing.T) { } } } + if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) } - if len(file1.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFile)) + if len(file1.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(file1.LicenseInfoInFiles)) } else { - if file1.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFile[0]) + if file1.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseInfoInFiles[0]) } } if file1.FileCopyrightText != "NOASSERTION" { diff --git a/builder/builder2v2/build_package.go b/builder/builder2v2/build_package.go index 640f9c7..9c460da 100644 --- a/builder/builder2v2/build_package.go +++ b/builder/builder2v2/build_package.go @@ -35,7 +35,7 @@ func BuildPackageSection2_2(packageName string, dirRoot string, pathsIgnore []st dirRootLen = len(dirRoot) } - files := map[spdx.ElementID]*spdx.File2_2{} + files := []*spdx.File2_2{} fileNumber := 0 for _, fp := range filepaths { newFilePatch := "" @@ -48,7 +48,7 @@ func BuildPackageSection2_2(packageName string, dirRoot string, pathsIgnore []st if err != nil { return nil, err } - files[newFile.FileSPDXIdentifier] = newFile + files = append(files, newFile) fileNumber++ } diff --git a/builder/builder2v2/build_package_test.go b/builder/builder2v2/build_package_test.go index 85f402e..3ab88d2 100644 --- a/builder/builder2v2/build_package_test.go +++ b/builder/builder2v2/build_package_test.go @@ -13,7 +13,7 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { packageName := "project1" dirRoot := "../../testdata/project1/" - wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + wantVerificationCode := spdx.PackageVerificationCode{Value: "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b"} pkg, err := BuildPackageSection2_2(packageName, dirRoot, nil) if err != nil { @@ -38,7 +38,7 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if pkg.IsFilesAnalyzedTagPresent != true { t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent) } - if pkg.PackageVerificationCode != wantVerificationCode { + if pkg.PackageVerificationCode.Value != wantVerificationCode.Value { t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) } if pkg.PackageLicenseConcluded != "NOASSERTION" { @@ -61,7 +61,7 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if len(pkg.Files) != 5 { t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) } - fileEmpty := pkg.Files[spdx.ElementID("File0")] + fileEmpty := pkg.Files[0] if fileEmpty == nil { t.Fatalf("expected non-nil file, got nil") } @@ -71,7 +71,7 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - for _, checksum := range fileEmpty.FileChecksums { + for _, checksum := range fileEmpty.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { @@ -90,11 +90,11 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } - if len(fileEmpty.LicenseInfoInFile) != 1 { - t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFile)) + if len(fileEmpty.LicenseInfoInFiles) != 1 { + t.Errorf("expected %v, got %v", 1, len(fileEmpty.LicenseInfoInFiles)) } else { - if fileEmpty.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFile[0]) + if fileEmpty.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseInfoInFiles[0]) } } if fileEmpty.FileCopyrightText != "NOASSERTION" { @@ -125,31 +125,31 @@ func TestBuilder2_2CanIgnoreFiles(t *testing.T) { } want := "./dontscan.txt" - got := pkg.Files[spdx.ElementID("File0")].FileName + got := pkg.Files[0].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep/keep.txt" - got = pkg.Files[spdx.ElementID("File1")].FileName + got = pkg.Files[1].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./keep.txt" - got = pkg.Files[spdx.ElementID("File2")].FileName + got = pkg.Files[2].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/dontscan.txt" - got = pkg.Files[spdx.ElementID("File3")].FileName + got = pkg.Files[3].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } want = "./subdir/keep/keep.txt" - got = pkg.Files[spdx.ElementID("File4")].FileName + got = pkg.Files[4].FileName if want != got { t.Errorf("expected %v, got %v", want, got) } diff --git a/examples/1-load/example_load.go b/examples/1-load/example_load.go index 12563d2..328d349 100644 --- a/examples/1-load/example_load.go +++ b/examples/1-load/example_load.go @@ -62,14 +62,26 @@ func main() { return } + if len(pkgIDs) == 0 { + return + } + // it does, so we'll go through each one - for _, pkgID := range pkgIDs { - pkg, ok := doc.Packages[pkgID] - if !ok { - fmt.Printf("Package %s has described relationship but ID not found\n", string(pkgID)) + for _, pkg := range doc.Packages { + var documentDescribesPackage bool + for _, describedPackageID := range pkgIDs { + if pkg.PackageSPDXIdentifier == describedPackageID { + documentDescribesPackage = true + break + } + } + + if !documentDescribesPackage { continue } + pkgID := pkg.PackageSPDXIdentifier + // check whether the package had its files analyzed if !pkg.FilesAnalyzed { fmt.Printf("Package %s (%s) had FilesAnalyzed: false\n", string(pkgID), pkg.PackageName) @@ -93,7 +105,7 @@ func main() { // from a map. if we care about order, we should first pull the // IDs into a slice, sort it, and then print the ordered files. fmt.Printf("- File %d: %s\n", i, f.FileName) - fmt.Printf(" License from file: %v\n", f.LicenseInfoInFile) + fmt.Printf(" License from file: %v\n", f.LicenseInfoInFiles) fmt.Printf(" License concluded: %v\n", f.LicenseConcluded) i++ if i > 50 { diff --git a/examples/10-jsonloader/example_json_loader.go b/examples/10-jsonloader/example_json_loader.go index a9422b1..4de9561 100644 --- a/examples/10-jsonloader/example_json_loader.go +++ b/examples/10-jsonloader/example_json_loader.go @@ -12,7 +12,7 @@ import ( "os" "strings" - "github.com/spdx/tools-golang/jsonloader" + "github.com/spdx/tools-golang/json" ) func main() { @@ -36,7 +36,7 @@ func main() { defer r.Close() // try to load the SPDX file's contents as a json file, version 2.2 - doc, err := jsonloader.Load2_2(r) + doc, err := spdx_json.Load2_2(r) if err != nil { fmt.Printf("Error while parsing %v: %v", args[1], err) return @@ -47,9 +47,9 @@ func main() { fmt.Println(strings.Repeat("=", 80)) fmt.Println("Some Attributes of the Document:") - fmt.Printf("Document Name: %s\n", doc.CreationInfo.DocumentName) - fmt.Printf("DataLicense: %s\n", doc.CreationInfo.DataLicense) - fmt.Printf("Document Namespace: %s\n", doc.CreationInfo.DocumentNamespace) - fmt.Printf("SPDX Version: %s\n", doc.CreationInfo.SPDXVersion) + fmt.Printf("Document Name: %s\n", doc.DocumentName) + fmt.Printf("DataLicense: %s\n", doc.DataLicense) + fmt.Printf("Document Namespace: %s\n", doc.DocumentNamespace) + fmt.Printf("SPDX Version: %s\n", doc.SPDXVersion) fmt.Println(strings.Repeat("=", 80)) } diff --git a/examples/4-search/example_search.go b/examples/4-search/example_search.go index 3f19596..52f8b07 100644 --- a/examples/4-search/example_search.go +++ b/examples/4-search/example_search.go @@ -120,7 +120,7 @@ func main() { // all file hashes and the package verification code have been filled in // appropriately by builder. // And, all files with "SPDX-License-Identifier:" tags have had their - // licenses extracted into LicenseInfoInFile and LicenseConcluded for + // licenses extracted into LicenseInfoInFiles and LicenseConcluded for // each file by idsearcher. The PackageLicenseInfoFromFiles field will // also be filled in with all license identifiers. fmt.Printf("Successfully created document and searched for IDs for package %s\n", packageName) diff --git a/examples/5-report/example_report.go b/examples/5-report/example_report.go index bd7971f..1197547 100644 --- a/examples/5-report/example_report.go +++ b/examples/5-report/example_report.go @@ -54,14 +54,26 @@ func main() { return } + if len(pkgIDs) == 0 { + return + } + // it does, so we'll go through each one - for _, pkgID := range pkgIDs { - pkg, ok := doc.Packages[pkgID] - if !ok { - fmt.Printf("Package %s has described relationship but ID not found\n", string(pkgID)) + for _, pkg := range doc.Packages { + var documentDescribesPackage bool + for _, describedPackageID := range pkgIDs { + if pkg.PackageSPDXIdentifier == describedPackageID { + documentDescribesPackage = true + break + } + } + + if !documentDescribesPackage { continue } + pkgID := pkg.PackageSPDXIdentifier + // check whether the package had its files analyzed if !pkg.FilesAnalyzed { fmt.Printf("Package %s (%s) had FilesAnalyzed: false\n", string(pkgID), pkg.PackageName) diff --git a/examples/6-licensediff/example_licensediff.go b/examples/6-licensediff/example_licensediff.go index 5205efa..49d7603 100644 --- a/examples/6-licensediff/example_licensediff.go +++ b/examples/6-licensediff/example_licensediff.go @@ -13,6 +13,7 @@ package main import ( "fmt" + "github.com/spdx/tools-golang/spdx" "os" "github.com/spdx/tools-golang/licensediff" @@ -85,13 +86,30 @@ func main() { // go through the first set first, report if they aren't in the second set for _, pkgID := range pkgIDsFirst { fmt.Printf("================================\n") - p1, okFirst := docFirst.Packages[pkgID] + + var p1, p2 *spdx.Package2_2 + var okFirst, okSecond bool + for _, pkg := range docFirst.Packages { + if pkg.PackageSPDXIdentifier == pkgID { + okFirst = true + p1 = pkg + break + } + } if !okFirst { fmt.Printf("Package %s has described relationship in first document but ID not found\n", string(pkgID)) continue } + fmt.Printf("Package %s (%s)\n", string(pkgID), p1.PackageName) - p2, okSecond := docSecond.Packages[pkgID] + + for _, pkg := range docSecond.Packages { + if pkg.PackageSPDXIdentifier == pkgID { + okSecond = true + p2 = pkg + break + } + } if !okSecond { fmt.Printf(" Found in first document, not found in second\n") continue @@ -121,13 +139,27 @@ func main() { // now report if there are any package IDs in the second set that aren't // in the first for _, pkgID := range pkgIDsSecond { - p2, okSecond := docSecond.Packages[pkgID] + var p2 *spdx.Package2_2 + var okFirst, okSecond bool + for _, pkg := range docSecond.Packages { + if pkg.PackageSPDXIdentifier == pkgID { + okSecond = true + p2 = pkg + break + } + } if !okSecond { fmt.Printf("================================\n") fmt.Printf("Package %s has described relationship in second document but ID not found\n", string(pkgID)) continue } - _, okFirst := docFirst.Packages[pkgID] + + for _, pkg := range docFirst.Packages { + if pkg.PackageSPDXIdentifier == pkgID { + okFirst = true + break + } + } if !okFirst { fmt.Printf("================================\n") fmt.Printf("Package %s (%s)\n", string(pkgID), p2.PackageName) diff --git a/examples/7-rdfloader/exampleRDFLoader.go b/examples/7-rdfloader/exampleRDFLoader.go index 4eae8c9..5258ac2 100644 --- a/examples/7-rdfloader/exampleRDFLoader.go +++ b/examples/7-rdfloader/exampleRDFLoader.go @@ -40,9 +40,9 @@ func main() { // Printing some of the document Information fmt.Println(strings.Repeat("=", 80)) fmt.Println("Some Attributes of the Document:") - fmt.Printf("Document Name: %s\n", doc.CreationInfo.DocumentName) - fmt.Printf("DataLicense: %s\n", doc.CreationInfo.DataLicense) - fmt.Printf("Document Namespace: %s\n", doc.CreationInfo.DocumentNamespace) - fmt.Printf("SPDX Version: %s\n", doc.CreationInfo.SPDXVersion) + fmt.Printf("Document Name: %s\n", doc.DocumentName) + fmt.Printf("DataLicense: %s\n", doc.DataLicense) + fmt.Printf("Document Namespace: %s\n", doc.DocumentNamespace) + fmt.Printf("SPDX Version: %s\n", doc.SPDXVersion) fmt.Println(strings.Repeat("=", 80)) } diff --git a/examples/8-jsontotv/examplejsontotv.go b/examples/8-jsontotv/examplejsontotv.go index 5ceccc0..9faadce 100644 --- a/examples/8-jsontotv/examplejsontotv.go +++ b/examples/8-jsontotv/examplejsontotv.go @@ -11,7 +11,7 @@ import ( "fmt" "os" - "github.com/spdx/tools-golang/jsonloader" + "github.com/spdx/tools-golang/json" "github.com/spdx/tools-golang/tvsaver" ) @@ -36,7 +36,7 @@ func main() { defer r.Close() // try to load the SPDX file's contents as a json file, version 2.2 - doc, err := jsonloader.Load2_2(r) + doc, err := spdx_json.Load2_2(r) if err != nil { fmt.Printf("Error while parsing %v: %v", args[1], err) return diff --git a/examples/9-tvtojson/exampletvtojson.go b/examples/9-tvtojson/exampletvtojson.go index e75afc4..fac1c98 100644 --- a/examples/9-tvtojson/exampletvtojson.go +++ b/examples/9-tvtojson/exampletvtojson.go @@ -11,7 +11,7 @@ import ( "fmt" "os" - "github.com/spdx/tools-golang/jsonsaver" + "github.com/spdx/tools-golang/json" "github.com/spdx/tools-golang/tvloader" ) @@ -57,7 +57,7 @@ func main() { defer w.Close() // try to save the document to disk as an SPDX json file, version 2.2 - err = jsonsaver.Save2_2(doc, w) + err = spdx_json.Save2_2(doc, w) if err != nil { fmt.Printf("Error while saving %v: %v", fileOut, err) return diff --git a/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json b/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json index 546e948..89171a1 100644 --- a/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json +++ b/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json @@ -1,277 +1,284 @@ -{
- "SPDXID" : "SPDXRef-DOCUMENT",
- "spdxVersion" : "SPDX-2.2",
- "creationInfo" : {
- "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.",
- "created" : "2010-01-29T18:30:22Z",
- "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ],
- "licenseListVersion" : "3.9"
- },
- "name" : "SPDX-Tools-v2.0",
- "dataLicense" : "CC0-1.0",
- "comment" : "This document was created using SPDX 2.0 using licenses from the web site.",
- "externalDocumentRefs" : [ {
- "externalDocumentId" : "DocumentRef-spdx-tool-1.2",
- "checksum" : {
- "algorithm" : "SHA1",
- "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2759"
- },
- "spdxDocument" : "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301"
- } ],
- "hasExtractedLicensingInfos" : [ {
- "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.",
- "licenseId" : "LicenseRef-Beerware-4.2"
- }, {
- "extractedText" : "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/",
- "licenseId" : "LicenseRef-4"
- }, {
- "comment" : "This is tye CyperNeko License",
- "extractedText" : "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
- "licenseId" : "LicenseRef-3",
- "name" : "CyberNeko License",
- "seeAlsos" : [ "http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com" ]
- }, {
- "extractedText" : "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
- "licenseId" : "LicenseRef-2"
- }, {
- "extractedText" : "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/",
- "licenseId" : "LicenseRef-1"
- } ],
- "annotations" : [ {
- "annotationDate" : "2010-01-29T18:30:22Z",
- "annotationType" : "OTHER",
- "annotator" : "Person: Jane Doe ()",
- "comment" : "Document level annotation"
- }, {
- "annotationDate" : "2011-03-13T00:00:00Z",
- "annotationType" : "REVIEW",
- "annotator" : "Person: Suzanne Reviewer",
- "comment" : "Another example reviewer."
- }, {
- "annotationDate" : "2010-02-10T00:00:00Z",
- "annotationType" : "REVIEW",
- "annotator" : "Person: Joe Reviewer",
- "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses"
- } ],
- "documentNamespace" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301",
- "documentDescribes" : [ "SPDXRef-File", "SPDXRef-Package" ],
- "packages" : [ {
- "SPDXID" : "SPDXRef-Package",
- "annotations" : [ {
- "annotationDate" : "2011-01-29T18:30:22Z",
- "annotationType" : "OTHER",
- "annotator" : "Person: Package Commenter",
- "comment" : "Package level annotation"
- } ],
- "attributionTexts" : [ "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." ],
- "checksums" : [ {
- "algorithm" : "SHA1",
- "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c"
- }, {
- "algorithm" : "MD5",
- "checksumValue" : "624c1abb3664f4b35547e7c73864ad24"
- }, {
- "algorithm" : "SHA256",
- "checksumValue" : "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd"
- } ],
- "copyrightText" : "Copyright 2008-2010 John Smith",
- "description" : "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.",
- "downloadLocation" : "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz",
- "externalRefs" : [ {
- "comment" : "This is the external ref for Acme",
- "referenceCategory" : "OTHER",
- "referenceLocator" : "acmecorp/acmenator/4.1.3-alpha",
- "referenceType" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge"
- }, {
- "referenceCategory" : "SECURITY",
- "referenceLocator" : "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*",
- "referenceType" : "http://spdx.org/rdf/references/cpe23Type"
- } ],
- "filesAnalyzed" : true,
- "hasFiles" : [ "SPDXRef-JenaLib", "SPDXRef-DoapSource", "SPDXRef-CommonsLangSrc" ],
- "homepage" : "http://ftp.gnu.org/gnu/glibc",
- "licenseComments" : "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.",
- "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-3)",
- "licenseDeclared" : "(LGPL-2.0-only AND LicenseRef-3)",
- "licenseInfoFromFiles" : [ "GPL-2.0-only", "LicenseRef-2", "LicenseRef-1" ],
- "name" : "glibc",
- "originator" : "Organization: ExampleCodeInspect (contact@example.com)",
- "packageFileName" : "glibc-2.11.1.tar.gz",
- "packageVerificationCode" : {
- "packageVerificationCodeExcludedFiles" : [ "./package.spdx" ],
- "packageVerificationCodeValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758"
- },
- "sourceInfo" : "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.",
- "summary" : "GNU C library.",
- "supplier" : "Person: Jane Doe (jane.doe@example.com)",
- "versionInfo" : "2.11.1"
- }, {
- "SPDXID" : "SPDXRef-fromDoap-1",
- "comment" : "This package was converted from a DOAP Project by the same name",
- "copyrightText" : "NOASSERTION",
- "downloadLocation" : "NOASSERTION",
- "filesAnalyzed" : false,
- "homepage" : "http://commons.apache.org/proper/commons-lang/",
- "licenseConcluded" : "NOASSERTION",
- "licenseDeclared" : "NOASSERTION",
- "name" : "Apache Commons Lang"
- }, {
- "SPDXID" : "SPDXRef-fromDoap-0",
- "comment" : "This package was converted from a DOAP Project by the same name",
- "copyrightText" : "NOASSERTION",
- "downloadLocation" : "NOASSERTION",
- "filesAnalyzed" : false,
- "homepage" : "http://www.openjena.org/",
- "licenseConcluded" : "NOASSERTION",
- "licenseDeclared" : "NOASSERTION",
- "name" : "Jena"
- }, {
- "SPDXID" : "SPDXRef-Saxon",
- "checksums" : [ {
- "algorithm" : "SHA1",
- "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c"
- } ],
- "copyrightText" : "Copyright Saxonica Ltd",
- "description" : "The Saxon package is a collection of tools for processing XML documents.",
- "downloadLocation" : "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download",
- "filesAnalyzed" : false,
- "homepage" : "http://saxon.sourceforge.net/",
- "licenseComments" : "Other versions available for a commercial license",
- "licenseConcluded" : "MPL-1.0",
- "licenseDeclared" : "MPL-1.0",
- "name" : "Saxon",
- "packageFileName" : "saxonB-8.8.zip",
- "versionInfo" : "8.8"
- } ],
- "files" : [ {
- "SPDXID" : "SPDXRef-DoapSource",
- "checksums" : [ {
- "algorithm" : "SHA1",
- "checksumValue" : "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
- } ],
- "copyrightText" : "Copyright 2010, 2011 Source Auditor Inc.",
- "fileContributors" : [ "Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c" ],
- "fileName" : "./src/org/spdx/parser/DOAPProject.java",
- "fileTypes" : [ "SOURCE" ],
- "licenseConcluded" : "Apache-2.0",
- "licenseInfoInFiles" : [ "Apache-2.0" ]
- }, {
- "SPDXID" : "SPDXRef-CommonsLangSrc",
- "checksums" : [ {
- "algorithm" : "SHA1",
- "checksumValue" : "c2b4e1c67a2d28fced849ee1bb76e7391b93f125"
- } ],
- "comment" : "This file is used by Jena",
- "copyrightText" : "Copyright 2001-2011 The Apache Software Foundation",
- "fileContributors" : [ "Apache Software Foundation" ],
- "fileName" : "./lib-source/commons-lang3-3.1-sources.jar",
- "fileTypes" : [ "ARCHIVE" ],
- "licenseConcluded" : "Apache-2.0",
- "licenseInfoInFiles" : [ "Apache-2.0" ],
- "noticeText" : "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())"
- }, {
- "SPDXID" : "SPDXRef-JenaLib",
- "checksums" : [ {
- "algorithm" : "SHA1",
- "checksumValue" : "3ab4e1c67a2d28fced849ee1bb76e7391b93f125"
- } ],
- "comment" : "This file belongs to Jena",
- "copyrightText" : "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP",
- "fileContributors" : [ "Apache Software Foundation", "Hewlett Packard Inc." ],
- "fileName" : "./lib-source/jena-2.6.3-sources.jar",
- "fileTypes" : [ "ARCHIVE" ],
- "licenseComments" : "This license is used by Jena",
- "licenseConcluded" : "LicenseRef-1",
- "licenseInfoInFiles" : [ "LicenseRef-1" ]
- }, {
- "SPDXID" : "SPDXRef-File",
- "annotations" : [ {
- "annotationDate" : "2011-01-29T18:30:22Z",
- "annotationType" : "OTHER",
- "annotator" : "Person: File Commenter",
- "comment" : "File level annotation"
- } ],
- "checksums" : [ {
- "algorithm" : "MD5",
- "checksumValue" : "624c1abb3664f4b35547e7c73864ad24"
- }, {
- "algorithm" : "SHA1",
- "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758"
- } ],
- "comment" : "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.",
- "copyrightText" : "Copyright 2008-2010 John Smith",
- "fileContributors" : [ "The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation" ],
- "fileName" : "./package/foo.c",
- "fileTypes" : [ "SOURCE" ],
- "licenseComments" : "The concluded license was taken from the package level that the file was included in.",
- "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-2)",
- "licenseInfoInFiles" : [ "GPL-2.0-only", "LicenseRef-2" ],
- "noticeText" : "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
- } ],
- "snippets" : [ {
- "SPDXID" : "SPDXRef-Snippet",
- "comment" : "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.",
- "copyrightText" : "Copyright 2008-2010 John Smith",
- "licenseComments" : "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.",
- "licenseConcluded" : "GPL-2.0-only",
- "licenseInfoInSnippets" : [ "GPL-2.0-only" ],
- "name" : "from linux kernel",
- "ranges" : [ {
- "endPointer" : {
- "lineNumber" : 23,
- "reference" : "SPDXRef-DoapSource"
- },
- "startPointer" : {
- "lineNumber" : 5,
- "reference" : "SPDXRef-DoapSource"
- }
- }, {
- "endPointer" : {
- "offset" : 420,
- "reference" : "SPDXRef-DoapSource"
- },
- "startPointer" : {
- "offset" : 310,
- "reference" : "SPDXRef-DoapSource"
- }
- } ],
- "snippetFromFile" : "SPDXRef-DoapSource"
- } ],
- "relationships" : [ {
- "spdxElementId" : "SPDXRef-DOCUMENT",
- "relatedSpdxElement" : "SPDXRef-Package",
- "relationshipType" : "CONTAINS"
- }, {
- "spdxElementId" : "SPDXRef-DOCUMENT",
- "relatedSpdxElement" : "SPDXRef-File",
- "relationshipType" : "DESCRIBES"
- }, {
- "spdxElementId" : "SPDXRef-DOCUMENT",
- "relatedSpdxElement" : "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement",
- "relationshipType" : "COPY_OF"
- }, {
- "spdxElementId" : "SPDXRef-DOCUMENT",
- "relatedSpdxElement" : "SPDXRef-Package",
- "relationshipType" : "DESCRIBES"
- }, {
- "spdxElementId" : "SPDXRef-Package",
- "relatedSpdxElement" : "SPDXRef-Saxon",
- "relationshipType" : "DYNAMIC_LINK"
- }, {
- "spdxElementId" : "SPDXRef-Package",
- "relatedSpdxElement" : "SPDXRef-JenaLib",
- "relationshipType" : "CONTAINS"
- }, {
- "spdxElementId" : "SPDXRef-CommonsLangSrc",
- "relatedSpdxElement" : "NOASSERTION",
- "relationshipType" : "GENERATED_FROM"
- }, {
- "spdxElementId" : "SPDXRef-JenaLib",
- "relatedSpdxElement" : "SPDXRef-Package",
- "relationshipType" : "CONTAINS"
- }, {
- "spdxElementId" : "SPDXRef-File",
- "relatedSpdxElement" : "SPDXRef-fromDoap-0",
- "relationshipType" : "GENERATED_FROM"
- } ]
-}
\ No newline at end of file +{ + "SPDXID" : "SPDXRef-DOCUMENT", + "spdxVersion" : "SPDX-2.2", + "creationInfo" : { + "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created" : "2010-01-29T18:30:22Z", + "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ], + "licenseListVersion" : "3.9" + }, + "name" : "SPDX-Tools-v2.0", + "dataLicense" : "CC0-1.0", + "comment" : "This document was created using SPDX 2.0 using licenses from the web site.", + "externalDocumentRefs" : [ { + "externalDocumentId" : "DocumentRef-spdx-tool-1.2", + "checksum" : { + "algorithm" : "SHA1", + "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2759" + }, + "spdxDocument" : "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + } ], + "hasExtractedLicensingInfos" : [ { + "licenseId" : "LicenseRef-1", + "extractedText" : "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/" + }, { + "licenseId" : "LicenseRef-2", + "extractedText" : "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + }, { + "licenseId" : "LicenseRef-4", + "extractedText" : "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/" + }, { + "licenseId" : "LicenseRef-Beerware-4.2", + "comment" : "The beerware license has a couple of other standard variants.", + "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp", + "name" : "Beer-Ware License (Version 42)", + "seeAlsos" : [ "http://people.freebsd.org/~phk/" ] + }, { + "licenseId" : "LicenseRef-3", + "comment" : "This is tye CyperNeko License", + "extractedText" : "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + "name" : "CyberNeko License", + "seeAlsos" : [ "http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com" ] + } ], + "annotations" : [ { + "annotationDate" : "2010-01-29T18:30:22Z", + "annotationType" : "OTHER", + "annotator" : "Person: Jane Doe ()", + "comment" : "Document level annotation" + }, { + "annotationDate" : "2010-02-10T00:00:00Z", + "annotationType" : "REVIEW", + "annotator" : "Person: Joe Reviewer", + "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" + }, { + "annotationDate" : "2011-03-13T00:00:00Z", + "annotationType" : "REVIEW", + "annotator" : "Person: Suzanne Reviewer", + "comment" : "Another example reviewer." + } ], + "documentNamespace" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "documentDescribes" : [ "SPDXRef-File", "SPDXRef-Package" ], + "packages" : [ { + "SPDXID" : "SPDXRef-Package", + "annotations" : [ { + "annotationDate" : "2011-01-29T18:30:22Z", + "annotationType" : "OTHER", + "annotator" : "Person: Package Commenter", + "comment" : "Package level annotation" + } ], + "attributionTexts" : [ "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." ], + "checksums" : [ { + "algorithm" : "MD5", + "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" + }, { + "algorithm" : "SHA1", + "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" + }, { + "algorithm" : "SHA256", + "checksumValue" : "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } ], + "copyrightText" : "Copyright 2008-2010 John Smith", + "description" : "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "downloadLocation" : "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "externalRefs" : [ { + "referenceCategory" : "SECURITY", + "referenceLocator" : "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + "referenceType" : "cpe23Type" + }, { + "comment" : "This is the external ref for Acme", + "referenceCategory" : "OTHER", + "referenceLocator" : "acmecorp/acmenator/4.1.3-alpha", + "referenceType" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" + } ], + "filesAnalyzed" : true, + "hasFiles" : [ "SPDXRef-CommonsLangSrc", "SPDXRef-JenaLib", "SPDXRef-DoapSource" ], + "homepage" : "http://ftp.gnu.org/gnu/glibc", + "licenseComments" : "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", + "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-3)", + "licenseDeclared" : "(LGPL-2.0-only AND LicenseRef-3)", + "licenseInfoFromFiles" : [ "GPL-2.0-only", "LicenseRef-2", "LicenseRef-1" ], + "name" : "glibc", + "originator" : "Organization: ExampleCodeInspect (contact@example.com)", + "packageFileName" : "glibc-2.11.1.tar.gz", + "packageVerificationCode" : { + "packageVerificationCodeExcludedFiles" : [ "./package.spdx" ], + "packageVerificationCodeValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + "sourceInfo" : "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", + "summary" : "GNU C library.", + "supplier" : "Person: Jane Doe (jane.doe@example.com)", + "versionInfo" : "2.11.1" + }, { + "SPDXID" : "SPDXRef-fromDoap-1", + "copyrightText" : "NOASSERTION", + "downloadLocation" : "NOASSERTION", + "filesAnalyzed" : false, + "homepage" : "http://commons.apache.org/proper/commons-lang/", + "licenseConcluded" : "NOASSERTION", + "licenseDeclared" : "NOASSERTION", + "name" : "Apache Commons Lang" + }, { + "SPDXID" : "SPDXRef-fromDoap-0", + "copyrightText" : "NOASSERTION", + "downloadLocation" : "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", + "externalRefs" : [ { + "referenceCategory" : "PACKAGE_MANAGER", + "referenceLocator" : "pkg:maven/org.apache.jena/apache-jena@3.12.0", + "referenceType" : "purl" + } ], + "filesAnalyzed" : false, + "homepage" : "http://www.openjena.org/", + "licenseConcluded" : "NOASSERTION", + "licenseDeclared" : "NOASSERTION", + "name" : "Jena", + "versionInfo" : "3.12.0" + }, { + "SPDXID" : "SPDXRef-Saxon", + "checksums" : [ { + "algorithm" : "SHA1", + "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" + } ], + "copyrightText" : "Copyright Saxonica Ltd", + "description" : "The Saxon package is a collection of tools for processing XML documents.", + "downloadLocation" : "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "filesAnalyzed" : false, + "homepage" : "http://saxon.sourceforge.net/", + "licenseComments" : "Other versions available for a commercial license", + "licenseConcluded" : "MPL-1.0", + "licenseDeclared" : "MPL-1.0", + "name" : "Saxon", + "packageFileName" : "saxonB-8.8.zip", + "versionInfo" : "8.8" + } ], + "files" : [ { + "SPDXID" : "SPDXRef-DoapSource", + "checksums" : [ { + "algorithm" : "SHA1", + "checksumValue" : "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } ], + "copyrightText" : "Copyright 2010, 2011 Source Auditor Inc.", + "fileContributors" : [ "Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c" ], + "fileName" : "./src/org/spdx/parser/DOAPProject.java", + "fileTypes" : [ "SOURCE" ], + "licenseConcluded" : "Apache-2.0", + "licenseInfoInFiles" : [ "Apache-2.0" ] + }, { + "SPDXID" : "SPDXRef-CommonsLangSrc", + "checksums" : [ { + "algorithm" : "SHA1", + "checksumValue" : "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } ], + "comment" : "This file is used by Jena", + "copyrightText" : "Copyright 2001-2011 The Apache Software Foundation", + "fileContributors" : [ "Apache Software Foundation" ], + "fileName" : "./lib-source/commons-lang3-3.1-sources.jar", + "fileTypes" : [ "ARCHIVE" ], + "licenseConcluded" : "Apache-2.0", + "licenseInfoInFiles" : [ "Apache-2.0" ], + "noticeText" : "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + }, { + "SPDXID" : "SPDXRef-JenaLib", + "checksums" : [ { + "algorithm" : "SHA1", + "checksumValue" : "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } ], + "comment" : "This file belongs to Jena", + "copyrightText" : "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "fileContributors" : [ "Apache Software Foundation", "Hewlett Packard Inc." ], + "fileName" : "./lib-source/jena-2.6.3-sources.jar", + "fileTypes" : [ "ARCHIVE" ], + "licenseComments" : "This license is used by Jena", + "licenseConcluded" : "LicenseRef-1", + "licenseInfoInFiles" : [ "LicenseRef-1" ] + }, { + "SPDXID" : "SPDXRef-File", + "annotations" : [ { + "annotationDate" : "2011-01-29T18:30:22Z", + "annotationType" : "OTHER", + "annotator" : "Person: File Commenter", + "comment" : "File level annotation" + } ], + "checksums" : [ { + "algorithm" : "SHA1", + "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, { + "algorithm" : "MD5", + "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" + } ], + "comment" : "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", + "copyrightText" : "Copyright 2008-2010 John Smith", + "fileContributors" : [ "The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation" ], + "fileName" : "./package/foo.c", + "fileTypes" : [ "SOURCE" ], + "licenseComments" : "The concluded license was taken from the package level that the file was included in.", + "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-2)", + "licenseInfoInFiles" : [ "GPL-2.0-only", "LicenseRef-2" ], + "noticeText" : "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } ], + "snippets" : [ { + "SPDXID" : "SPDXRef-Snippet", + "comment" : "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", + "copyrightText" : "Copyright 2008-2010 John Smith", + "licenseComments" : "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", + "licenseConcluded" : "GPL-2.0-only", + "licenseInfoInSnippets" : [ "GPL-2.0-only" ], + "name" : "from linux kernel", + "ranges" : [ { + "endPointer" : { + "offset" : 420, + "reference" : "SPDXRef-DoapSource" + }, + "startPointer" : { + "offset" : 310, + "reference" : "SPDXRef-DoapSource" + } + }, { + "endPointer" : { + "lineNumber" : 23, + "reference" : "SPDXRef-DoapSource" + }, + "startPointer" : { + "lineNumber" : 5, + "reference" : "SPDXRef-DoapSource" + } + } ], + "snippetFromFile" : "SPDXRef-DoapSource" + } ], + "relationships" : [ { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package", + "relationshipType" : "CONTAINS" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", + "relationshipType" : "COPY_OF" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-File", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-Package", + "relatedSpdxElement" : "SPDXRef-JenaLib", + "relationshipType" : "CONTAINS" + }, { + "spdxElementId" : "SPDXRef-Package", + "relatedSpdxElement" : "SPDXRef-Saxon", + "relationshipType" : "DYNAMIC_LINK" + }, { + "spdxElementId" : "SPDXRef-CommonsLangSrc", + "relatedSpdxElement" : "NOASSERTION", + "relationshipType" : "GENERATED_FROM" + }, { + "spdxElementId" : "SPDXRef-JenaLib", + "relatedSpdxElement" : "SPDXRef-Package", + "relationshipType" : "CONTAINS" + }, { + "spdxElementId" : "SPDXRef-File", + "relatedSpdxElement" : "SPDXRef-fromDoap-0", + "relationshipType" : "GENERATED_FROM" + } ] +} diff --git a/examples/sample-docs/tv/SPDXTagExample-v2.2.spdx b/examples/sample-docs/tv/SPDXTagExample-v2.2.spdx index 03ec653..e8f32eb 100644 --- a/examples/sample-docs/tv/SPDXTagExample-v2.2.spdx +++ b/examples/sample-docs/tv/SPDXTagExample-v2.2.spdx @@ -1,328 +1,329 @@ -SPDXVersion: SPDX-2.2
-DataLicense: CC0-1.0
-DocumentNamespace: http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301
-DocumentName: SPDX-Tools-v2.0
-SPDXID: SPDXRef-DOCUMENT
-DocumentComment: <text>This document was created using SPDX 2.0 using licenses from the web site.</text>
-
-## External Document References
-ExternalDocumentRef: DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759
-## Creation Information
-Creator: Tool: LicenseFind-1.0
-Creator: Organization: ExampleCodeInspect ()
-Creator: Person: Jane Doe ()
-Created: 2010-01-29T18:30:22Z
-CreatorComment: <text>This package has been shipped in source and binary form.
-The binaries were created with gcc 4.5.1 and expect to link to
-compatible system run time libraries.</text>
-LicenseListVersion: 3.9
-## Annotations
-Annotator: Person: Jane Doe ()
-AnnotationDate: 2010-01-29T18:30:22Z
-AnnotationComment: <text>Document level annotation</text>
-AnnotationType: OTHER
-SPDXREF: SPDXRef-DOCUMENT
-Annotator: Person: Joe Reviewer
-AnnotationDate: 2010-02-10T00:00:00Z
-AnnotationComment: <text>This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses</text>
-AnnotationType: REVIEW
-SPDXREF: SPDXRef-DOCUMENT
-Annotator: Person: Suzanne Reviewer
-AnnotationDate: 2011-03-13T00:00:00Z
-AnnotationComment: <text>Another example reviewer.</text>
-AnnotationType: REVIEW
-SPDXREF: SPDXRef-DOCUMENT
-## Relationships
-Relationship: SPDXRef-DOCUMENT CONTAINS SPDXRef-Package
-Relationship: SPDXRef-DOCUMENT COPY_OF DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement
-Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File
-Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package
-
-FileName: ./package/foo.c
-SPDXID: SPDXRef-File
-FileComment: <text>The concluded license was taken from the package level that the file was included in.
-This information was found in the COPYING.txt file in the xyz directory.</text>
-FileType: SOURCE
-FileChecksum: SHA1: d6a770ba38583ed4bb4525bd96e50461655d2758
-FileChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24
-LicenseConcluded: (LGPL-2.0-only OR LicenseRef-2)
-LicenseInfoInFile: GPL-2.0-only
-LicenseInfoInFile: LicenseRef-2
-LicenseComments: The concluded license was taken from the package level that the file was included in.
-FileCopyrightText: <text>Copyright 2008-2010 John Smith</text>
-FileNotice: <text>Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</text>
-FileContributor: The Regents of the University of California
-FileContributor: Modified by Paul Mundt lethal@linux-sh.org
-FileContributor: IBM Corporation
-## Annotations
-Annotator: Person: File Commenter
-AnnotationDate: 2011-01-29T18:30:22Z
-AnnotationComment: <text>File level annotation</text>
-AnnotationType: OTHER
-SPDXREF: SPDXRef-File
-## Relationships
-Relationship: SPDXRef-File GENERATED_FROM SPDXRef-fromDoap-0
-## Package Information
-PackageName: glibc
-SPDXID: SPDXRef-Package
-PackageVersion: 2.11.1
-PackageFileName: glibc-2.11.1.tar.gz
-PackageSupplier: Person: Jane Doe (jane.doe@example.com)
-PackageOriginator: Organization: ExampleCodeInspect (contact@example.com)
-PackageDownloadLocation: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz
-PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758(./package.spdx)
-PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24
-PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c
-PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd
-PackageHomePage: http://ftp.gnu.org/gnu/glibc
-PackageSourceInfo: <text>uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.</text>
-PackageLicenseConcluded: (LGPL-2.0-only OR LicenseRef-3)
-## License information from files
-PackageLicenseInfoFromFiles: GPL-2.0-only
-PackageLicenseInfoFromFiles: LicenseRef-2
-PackageLicenseInfoFromFiles: LicenseRef-1
-PackageLicenseDeclared: (LGPL-2.0-only AND LicenseRef-3)
-PackageLicenseComments: <text>The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.</text>
-PackageCopyrightText: <text>Copyright 2008-2010 John Smith</text>
-PackageSummary: <text>GNU C library.</text>
-PackageDescription: <text>The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.</text>
-PackageAttributionText: <text>The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.</text>
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
-ExternalRef: OTHER LocationRef-acmeforge acmecorp/acmenator/4.1.3-alpha
-ExternalRefComment: This is the external ref for Acme
-## Annotations
-Annotator: Person: Package Commenter
-AnnotationDate: 2011-01-29T18:30:22Z
-AnnotationComment: <text>Package level annotation</text>
-AnnotationType: OTHER
-SPDXREF: SPDXRef-Package
-## Relationships
-Relationship: SPDXRef-Package CONTAINS SPDXRef-JenaLib
-Relationship: SPDXRef-Package DYNAMIC_LINK SPDXRef-Saxon
-
-## File Information
-FileName: ./lib-source/commons-lang3-3.1-sources.jar
-SPDXID: SPDXRef-CommonsLangSrc
-FileComment: <text>This file is used by Jena</text>
-FileType: ARCHIVE
-FileChecksum: SHA1: c2b4e1c67a2d28fced849ee1bb76e7391b93f125
-LicenseConcluded: Apache-2.0
-LicenseInfoInFile: Apache-2.0
-FileCopyrightText: <text>Copyright 2001-2011 The Apache Software Foundation</text>
-FileNotice: <text>Apache Commons Lang
-Copyright 2001-2011 The Apache Software Foundation
-
-This product includes software developed by
-The Apache Software Foundation (http://www.apache.org/).
-
-This product includes software from the Spring Framework,
-under the Apache License 2.0 (see: StringUtils.containsWhitespace())</text>
-FileContributor: Apache Software Foundation
-## Relationships
-Relationship: SPDXRef-CommonsLangSrc GENERATED_FROM NOASSERTION
-
-FileName: ./lib-source/jena-2.6.3-sources.jar
-SPDXID: SPDXRef-JenaLib
-FileComment: <text>This file belongs to Jena</text>
-FileType: ARCHIVE
-FileChecksum: SHA1: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125
-LicenseConcluded: LicenseRef-1
-LicenseInfoInFile: LicenseRef-1
-LicenseComments: This license is used by Jena
-FileCopyrightText: <text>(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP</text>
-FileContributor: Apache Software Foundation
-FileContributor: Hewlett Packard Inc.
-## Relationships
-Relationship: SPDXRef-JenaLib CONTAINS SPDXRef-Package
-
-FileName: ./src/org/spdx/parser/DOAPProject.java
-SPDXID: SPDXRef-DoapSource
-FileType: SOURCE
-FileChecksum: SHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
-LicenseConcluded: Apache-2.0
-LicenseInfoInFile: Apache-2.0
-FileCopyrightText: <text>Copyright 2010, 2011 Source Auditor Inc.</text>
-FileContributor: Protecode Inc.
-FileContributor: SPDX Technical Team Members
-FileContributor: Open Logic Inc.
-FileContributor: Source Auditor Inc.
-FileContributor: Black Duck Software In.c
-
-## Package Information
-PackageName: Apache Commons Lang
-SPDXID: SPDXRef-fromDoap-1
-PackageDownloadLocation: NOASSERTION
-PackageHomePage: http://commons.apache.org/proper/commons-lang/
-PackageLicenseConcluded: NOASSERTION
-PackageLicenseDeclared: NOASSERTION
-PackageCopyrightText: <text>NOASSERTION</text>
-FilesAnalyzed: false
-
-## Package Information
-PackageName: Jena
-SPDXID: SPDXRef-fromDoap-0
-PackageVersion: 3.12.0
-PackageDownloadLocation: https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz
-PackageHomePage: http://www.openjena.org/
-PackageLicenseConcluded: NOASSERTION
-PackageLicenseDeclared: NOASSERTION
-PackageCopyrightText: <text>NOASSERTION</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:maven/org.apache.jena/apache-jena@3.12.0
-FilesAnalyzed: false
-
-## Package Information
-PackageName: Saxons
-SPDXID: SPDXRef-Saxonas
-PackageVersion: 8.8
-PackageFileName: saxonB-8.8.zip
-PackageDownloadLocation: https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download
-PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c
-PackageHomePage: http://saxon.sourceforge.net/
-PackageLicenseConcluded: MPL-1.0
-PackageLicenseDeclared: MPL-1.0
-PackageLicenseComments: <text>Other versions available for a commercial license</text>
-PackageCopyrightText: <text>Copyright Saxonica Ltd</text>
-PackageDescription: <text>The Saxon package is a collection of tools for processing XML documents.</text>
-FilesAnalyzed: false
-
-## Snippet Information
-SnippetSPDXID: SPDXRef-Snippet
-SnippetFromFileSPDXID: SPDXRef-DoapSource
-SnippetByteRange: 310:420
-SnippetLineRange: 5:23
-SnippetLicenseConcluded: GPL-2.0-only
-LicenseInfoInSnippet: GPL-2.0-only
-SnippetLicenseComments: The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.
-SnippetCopyrightText: Copyright 2008-2010 John Smith
-SnippetComment: This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.
-SnippetName: from linux kernel
-
-
-## License Information
-LicenseID: LicenseRef-1
-ExtractedText: <text>/*
- * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/</text>
-
-LicenseID: LicenseRef-2
-ExtractedText: <text>This package includes the GRDDL parser developed by Hewlett Packard under the following license:
-� Copyright 2007 Hewlett-Packard Development Company, LP
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</text>
-
-LicenseID: LicenseRef-4
-ExtractedText: <text>/*
- * (c) Copyright 2009 University of Bristol
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/</text>
-
-LicenseID: LicenseRef-Beerware-4.2
-ExtractedText: <text>"THE BEER-WARE LICENSE" (Revision 42):
-phk@FreeBSD.ORG wrote this file. As long as you retain this notice you
-can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp</text>
-LicenseName: Beer-Ware License (Version 42)
-LicenseCrossReference: http://people.freebsd.org/~phk/
-LicenseComment: The beerware license has a couple of other standard variants.
-
-LicenseID: LicenseRef-3
-ExtractedText: <text>The CyberNeko Software License, Version 1.0
-
-
-(C) Copyright 2002-2005, Andy Clark. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
-
-3. The end-user documentation included with the redistribution,
- if any, must include the following acknowledgment:
- "This product includes software developed by Andy Clark."
- Alternately, this acknowledgment may appear in the software itself,
- if and wherever such third-party acknowledgments normally appear.
-
-4. The names "CyberNeko" and "NekoHTML" must not be used to endorse
- or promote products derived from this software without prior
- written permission. For written permission, please contact
- andyc@cyberneko.net.
-
-5. Products derived from this software may not be called "CyberNeko",
- nor may "CyberNeko" appear in their name, without prior written
- permission of the author.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
-OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</text>
-LicenseName: CyberNeko License
-LicenseCrossReference: http://people.apache.org/~andyc/neko/LICENSE, http://justasample.url.com
-LicenseComment: <text>This is tye CyperNeko License</text>
\ No newline at end of file +SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +DocumentNamespace: http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 +DocumentName: SPDX-Tools-v2.0 +SPDXID: SPDXRef-DOCUMENT +DocumentComment: <text>This document was created using SPDX 2.0 using licenses from the web site.</text> + +## External Document References +ExternalDocumentRef: DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759 +## Creation Information +Creator: Tool: LicenseFind-1.0 +Creator: Organization: ExampleCodeInspect () +Creator: Person: Jane Doe () +Created: 2010-01-29T18:30:22Z +CreatorComment: <text>This package has been shipped in source and binary form. +The binaries were created with gcc 4.5.1 and expect to link to +compatible system run time libraries.</text> +LicenseListVersion: 3.9 +## Annotations +Annotator: Person: Jane Doe () +AnnotationDate: 2010-01-29T18:30:22Z +AnnotationComment: <text>Document level annotation</text> +AnnotationType: OTHER +SPDXREF: SPDXRef-DOCUMENT +Annotator: Person: Joe Reviewer +AnnotationDate: 2010-02-10T00:00:00Z +AnnotationComment: <text>This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses</text> +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +Annotator: Person: Suzanne Reviewer +AnnotationDate: 2011-03-13T00:00:00Z +AnnotationComment: <text>Another example reviewer.</text> +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +## Relationships +Relationship: SPDXRef-DOCUMENT CONTAINS SPDXRef-Package +Relationship: SPDXRef-DOCUMENT COPY_OF DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package + +FileName: ./package/foo.c +SPDXID: SPDXRef-File +FileComment: <text>The concluded license was taken from the package level that the file was included in. +This information was found in the COPYING.txt file in the xyz directory.</text> +FileType: SOURCE +FileChecksum: SHA1: d6a770ba38583ed4bb4525bd96e50461655d2758 +FileChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +LicenseConcluded: (LGPL-2.0-only OR LicenseRef-2) +LicenseInfoInFile: GPL-2.0-only +LicenseInfoInFile: LicenseRef-2 +LicenseComments: The concluded license was taken from the package level that the file was included in. +FileCopyrightText: <text>Copyright 2008-2010 John Smith</text> +FileNotice: <text>Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</text> +FileContributor: The Regents of the University of California +FileContributor: Modified by Paul Mundt lethal@linux-sh.org +FileContributor: IBM Corporation +## Annotations +Annotator: Person: File Commenter +AnnotationDate: 2011-01-29T18:30:22Z +AnnotationComment: <text>File level annotation</text> +AnnotationType: OTHER +SPDXREF: SPDXRef-File +## Relationships +Relationship: SPDXRef-File GENERATED_FROM SPDXRef-fromDoap-0 +## Package Information +PackageName: glibc +SPDXID: SPDXRef-Package +PackageVersion: 2.11.1 +PackageFileName: glibc-2.11.1.tar.gz +PackageSupplier: Person: Jane Doe (jane.doe@example.com) +PackageOriginator: Organization: ExampleCodeInspect (contact@example.com) +PackageDownloadLocation: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz +PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758(./package.spdx) +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageHomePage: http://ftp.gnu.org/gnu/glibc +PackageSourceInfo: <text>uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.</text> +PackageLicenseConcluded: (LGPL-2.0-only OR LicenseRef-3) +## License information from files +PackageLicenseInfoFromFiles: GPL-2.0-only +PackageLicenseInfoFromFiles: LicenseRef-2 +PackageLicenseInfoFromFiles: LicenseRef-1 +PackageLicenseDeclared: (LGPL-2.0-only AND LicenseRef-3) +PackageLicenseComments: <text>The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.</text> +PackageCopyrightText: <text>Copyright 2008-2010 John Smith</text> +PackageSummary: <text>GNU C library.</text> +PackageDescription: <text>The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.</text> +PackageAttributionText: <text>The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.</text> +ExternalRef: SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:* +ExternalRef: OTHER LocationRef-acmeforge acmecorp/acmenator/4.1.3-alpha +ExternalRefComment: This is the external ref for Acme +## Annotations +Annotator: Person: Package Commenter +AnnotationDate: 2011-01-29T18:30:22Z +AnnotationComment: <text>Package level annotation</text> +AnnotationType: OTHER +SPDXREF: SPDXRef-Package +## Relationships +Relationship: SPDXRef-Package CONTAINS SPDXRef-JenaLib +Relationship: SPDXRef-Package DYNAMIC_LINK SPDXRef-Saxon + +## File Information +FileName: ./lib-source/commons-lang3-3.1-sources.jar +SPDXID: SPDXRef-CommonsLangSrc +FileComment: <text>This file is used by Jena</text> +FileType: ARCHIVE +FileChecksum: SHA1: c2b4e1c67a2d28fced849ee1bb76e7391b93f125 +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: <text>Copyright 2001-2011 The Apache Software Foundation</text> +FileNotice: <text>Apache Commons Lang +Copyright 2001-2011 The Apache Software Foundation + +This product includes software developed by +The Apache Software Foundation (http://www.apache.org/). + +This product includes software from the Spring Framework, +under the Apache License 2.0 (see: StringUtils.containsWhitespace())</text> +FileContributor: Apache Software Foundation +## Relationships +Relationship: SPDXRef-CommonsLangSrc GENERATED_FROM NOASSERTION + +FileName: ./lib-source/jena-2.6.3-sources.jar +SPDXID: SPDXRef-JenaLib +FileComment: <text>This file belongs to Jena</text> +FileType: ARCHIVE +FileChecksum: SHA1: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 +LicenseConcluded: LicenseRef-1 +LicenseInfoInFile: LicenseRef-1 +LicenseComments: This license is used by Jena +FileCopyrightText: <text>(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP</text> +FileContributor: Apache Software Foundation +FileContributor: Hewlett Packard Inc. +## Relationships +Relationship: SPDXRef-JenaLib CONTAINS SPDXRef-Package + +FileName: ./src/org/spdx/parser/DOAPProject.java +SPDXID: SPDXRef-DoapSource +FileType: SOURCE +FileChecksum: SHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: <text>Copyright 2010, 2011 Source Auditor Inc.</text> +FileContributor: Protecode Inc. +FileContributor: SPDX Technical Team Members +FileContributor: Open Logic Inc. +FileContributor: Source Auditor Inc. +FileContributor: Black Duck Software In.c + +## Package Information +PackageName: Apache Commons Lang +SPDXID: SPDXRef-fromDoap-1 +PackageDownloadLocation: NOASSERTION +PackageHomePage: http://commons.apache.org/proper/commons-lang/ +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: <text>NOASSERTION</text> +FilesAnalyzed: false + +## Package Information +PackageName: Jena +SPDXID: SPDXRef-fromDoap-0 +PackageVersion: 3.12.0 +PackageDownloadLocation: https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz +PackageHomePage: http://www.openjena.org/ +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: <text>NOASSERTION</text> +ExternalRef: PACKAGE-MANAGER purl pkg:maven/org.apache.jena/apache-jena@3.12.0 +FilesAnalyzed: false + +## Package Information +PackageName: Saxon +SPDXID: SPDXRef-Saxon +PackageVersion: 8.8 +PackageFileName: saxonB-8.8.zip +PackageDownloadLocation: https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageHomePage: http://saxon.sourceforge.net/ +PackageLicenseConcluded: MPL-1.0 +PackageLicenseDeclared: MPL-1.0 +PackageLicenseComments: <text>Other versions available for a commercial license</text> +PackageCopyrightText: <text>Copyright Saxonica Ltd</text> +PackageDescription: <text>The Saxon package is a collection of tools for processing XML documents.</text> +FilesAnalyzed: false + +## Snippet Information +SnippetSPDXID: SPDXRef-Snippet +SnippetFromFileSPDXID: SPDXRef-DoapSource +SnippetByteRange: 310:420 +SnippetLineRange: 5:23 +SnippetLicenseConcluded: GPL-2.0-only +LicenseInfoInSnippet: GPL-2.0-only +SnippetLicenseComments: The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz. +SnippetCopyrightText: Copyright 2008-2010 John Smith +SnippetComment: This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0. +SnippetName: from linux kernel + + +## License Information +LicenseID: LicenseRef-1 +ExtractedText: <text>/* + * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/</text> + +LicenseID: LicenseRef-2 +ExtractedText: <text>This package includes the GRDDL parser developed by Hewlett Packard under the following license: +� Copyright 2007 Hewlett-Packard Development Company, LP + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</text> + +LicenseID: LicenseRef-4 +ExtractedText: <text>/* + * (c) Copyright 2009 University of Bristol + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/</text> + +LicenseID: LicenseRef-Beerware-4.2 +ExtractedText: <text>"THE BEER-WARE LICENSE" (Revision 42): +phk@FreeBSD.ORG wrote this file. As long as you retain this notice you +can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp</text> +LicenseName: Beer-Ware License (Version 42) +LicenseCrossReference: http://people.freebsd.org/~phk/ +LicenseComment: The beerware license has a couple of other standard variants. + +LicenseID: LicenseRef-3 +ExtractedText: <text>The CyberNeko Software License, Version 1.0 + + +(C) Copyright 2002-2005, Andy Clark. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. The end-user documentation included with the redistribution, + if any, must include the following acknowledgment: + "This product includes software developed by Andy Clark." + Alternately, this acknowledgment may appear in the software itself, + if and wherever such third-party acknowledgments normally appear. + +4. The names "CyberNeko" and "NekoHTML" must not be used to endorse + or promote products derived from this software without prior + written permission. For written permission, please contact + andyc@cyberneko.net. + +5. Products derived from this software may not be called "CyberNeko", + nor may "CyberNeko" appear in their name, without prior written + permission of the author. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</text> +LicenseName: CyberNeko License +LicenseCrossReference: http://people.apache.org/~andyc/neko/LICENSE, http://justasample.url.com +LicenseComment: <text>This is tye CyperNeko License</text> + diff --git a/examples/sample-docs/xls/SPDXSpreadsheetExample-v2.2.xlsx b/examples/sample-docs/xls/SPDXSpreadsheetExample-v2.2.xlsx Binary files differnew file mode 100644 index 0000000..171ba8e --- /dev/null +++ b/examples/sample-docs/xls/SPDXSpreadsheetExample-v2.2.xlsx diff --git a/examples/sample-docs/xml/SPDXXMLExample-v2.2.spdx.xml b/examples/sample-docs/xml/SPDXXMLExample-v2.2.spdx.xml new file mode 100644 index 0000000..80e0527 --- /dev/null +++ b/examples/sample-docs/xml/SPDXXMLExample-v2.2.spdx.xml @@ -0,0 +1,443 @@ +<?xml version='1.0' encoding='UTF-8'?> +<Document> + <SPDXID>SPDXRef-DOCUMENT</SPDXID> + <spdxVersion>SPDX-2.2</spdxVersion> + <creationInfo> + <comment>This package has been shipped in source and binary form. +The binaries were created with gcc 4.5.1 and expect to link to +compatible system run time libraries.</comment> + <created>2010-01-29T18:30:22Z</created> + <creators>Tool: LicenseFind-1.0</creators> + <creators>Organization: ExampleCodeInspect ()</creators> + <creators>Person: Jane Doe ()</creators> + <licenseListVersion>3.9</licenseListVersion> + </creationInfo> + <name>SPDX-Tools-v2.0</name> + <dataLicense>CC0-1.0</dataLicense> + <comment>This document was created using SPDX 2.0 using licenses from the web site.</comment> + <externalDocumentRefs> + <externalDocumentId>DocumentRef-spdx-tool-1.2</externalDocumentId> + <checksum> + <algorithm>SHA1</algorithm> + <checksumValue>d6a770ba38583ed4bb4525bd96e50461655d2759</checksumValue> + </checksum> + <spdxDocument>http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301</spdxDocument> + </externalDocumentRefs> + <hasExtractedLicensingInfos> + <licenseId>LicenseRef-1</licenseId> + <extractedText>/* + * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/</extractedText> + </hasExtractedLicensingInfos> + <hasExtractedLicensingInfos> + <licenseId>LicenseRef-2</licenseId> + <extractedText>This package includes the GRDDL parser developed by Hewlett Packard under the following license: +� Copyright 2007 Hewlett-Packard Development Company, LP + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</extractedText> + </hasExtractedLicensingInfos> + <hasExtractedLicensingInfos> + <licenseId>LicenseRef-4</licenseId> + <extractedText>/* + * (c) Copyright 2009 University of Bristol + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/</extractedText> + </hasExtractedLicensingInfos> + <hasExtractedLicensingInfos> + <licenseId>LicenseRef-Beerware-4.2</licenseId> + <comment>The beerware license has a couple of other standard variants.</comment> + <extractedText>"THE BEER-WARE LICENSE" (Revision 42): +phk@FreeBSD.ORG wrote this file. As long as you retain this notice you +can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp</extractedText> + <name>Beer-Ware License (Version 42)</name> + <seeAlsos>http://people.freebsd.org/~phk/</seeAlsos> + </hasExtractedLicensingInfos> + <hasExtractedLicensingInfos> + <licenseId>LicenseRef-3</licenseId> + <comment>This is tye CyperNeko License</comment> + <extractedText>The CyberNeko Software License, Version 1.0 + + +(C) Copyright 2002-2005, Andy Clark. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. The end-user documentation included with the redistribution, + if any, must include the following acknowledgment: + "This product includes software developed by Andy Clark." + Alternately, this acknowledgment may appear in the software itself, + if and wherever such third-party acknowledgments normally appear. + +4. The names "CyberNeko" and "NekoHTML" must not be used to endorse + or promote products derived from this software without prior + written permission. For written permission, please contact + andyc@cyberneko.net. + +5. Products derived from this software may not be called "CyberNeko", + nor may "CyberNeko" appear in their name, without prior written + permission of the author. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</extractedText> + <name>CyberNeko License</name> + <seeAlsos>http://people.apache.org/~andyc/neko/LICENSE</seeAlsos> + <seeAlsos>http://justasample.url.com</seeAlsos> + </hasExtractedLicensingInfos> + <annotations> + <annotationDate>2010-01-29T18:30:22Z</annotationDate> + <annotationType>OTHER</annotationType> + <annotator>Person: Jane Doe ()</annotator> + <comment>Document level annotation</comment> + </annotations> + <annotations> + <annotationDate>2010-02-10T00:00:00Z</annotationDate> + <annotationType>REVIEW</annotationType> + <annotator>Person: Joe Reviewer</annotator> + <comment>This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses</comment> + </annotations> + <annotations> + <annotationDate>2011-03-13T00:00:00Z</annotationDate> + <annotationType>REVIEW</annotationType> + <annotator>Person: Suzanne Reviewer</annotator> + <comment>Another example reviewer.</comment> + </annotations> + <documentNamespace>http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301</documentNamespace> + <documentDescribes>SPDXRef-File</documentDescribes> + <documentDescribes>SPDXRef-Package</documentDescribes> + <packages> + <SPDXID>SPDXRef-Package</SPDXID> + <annotations> + <annotationDate>2011-01-29T18:30:22Z</annotationDate> + <annotationType>OTHER</annotationType> + <annotator>Person: Package Commenter</annotator> + <comment>Package level annotation</comment> + </annotations> + <attributionTexts>The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.</attributionTexts> + <checksums> + <algorithm>MD5</algorithm> + <checksumValue>624c1abb3664f4b35547e7c73864ad24</checksumValue> + </checksums> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>85ed0817af83a24ad8da68c2b5094de69833983c</checksumValue> + </checksums> + <checksums> + <algorithm>SHA256</algorithm> + <checksumValue>11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd</checksumValue> + </checksums> + <copyrightText>Copyright 2008-2010 John Smith</copyrightText> + <description>The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.</description> + <downloadLocation>http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz</downloadLocation> + <externalRefs> + <referenceCategory>SECURITY</referenceCategory> + <referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</referenceLocator> + <referenceType>cpe23Type</referenceType> + </externalRefs> + <externalRefs> + <comment>This is the external ref for Acme</comment> + <referenceCategory>OTHER</referenceCategory> + <referenceLocator>acmecorp/acmenator/4.1.3-alpha</referenceLocator> + <referenceType>http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge</referenceType> + </externalRefs> + <filesAnalyzed>true</filesAnalyzed> + <hasFiles>SPDXRef-CommonsLangSrc</hasFiles> + <hasFiles>SPDXRef-JenaLib</hasFiles> + <hasFiles>SPDXRef-DoapSource</hasFiles> + <homepage>http://ftp.gnu.org/gnu/glibc</homepage> + <licenseComments>The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.</licenseComments> + <licenseConcluded>(LGPL-2.0-only OR LicenseRef-3)</licenseConcluded> + <licenseDeclared>(LGPL-2.0-only AND LicenseRef-3)</licenseDeclared> + <licenseInfoFromFiles>GPL-2.0-only</licenseInfoFromFiles> + <licenseInfoFromFiles>LicenseRef-2</licenseInfoFromFiles> + <licenseInfoFromFiles>LicenseRef-1</licenseInfoFromFiles> + <name>glibc</name> + <originator>Organization: ExampleCodeInspect (contact@example.com)</originator> + <packageFileName>glibc-2.11.1.tar.gz</packageFileName> + <packageVerificationCode> + <packageVerificationCodeExcludedFiles>./package.spdx</packageVerificationCodeExcludedFiles> + <packageVerificationCodeValue>d6a770ba38583ed4bb4525bd96e50461655d2758</packageVerificationCodeValue> + </packageVerificationCode> + <sourceInfo>uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.</sourceInfo> + <summary>GNU C library.</summary> + <supplier>Person: Jane Doe (jane.doe@example.com)</supplier> + <versionInfo>2.11.1</versionInfo> + </packages> + <packages> + <SPDXID>SPDXRef-fromDoap-1</SPDXID> + <copyrightText>NOASSERTION</copyrightText> + <downloadLocation>NOASSERTION</downloadLocation> + <filesAnalyzed>false</filesAnalyzed> + <homepage>http://commons.apache.org/proper/commons-lang/</homepage> + <licenseConcluded>NOASSERTION</licenseConcluded> + <licenseDeclared>NOASSERTION</licenseDeclared> + <name>Apache Commons Lang</name> + </packages> + <packages> + <SPDXID>SPDXRef-fromDoap-0</SPDXID> + <copyrightText>NOASSERTION</copyrightText> + <downloadLocation>https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz</downloadLocation> + <externalRefs> + <referenceCategory>PACKAGE_MANAGER</referenceCategory> + <referenceLocator>pkg:maven/org.apache.jena/apache-jena@3.12.0</referenceLocator> + <referenceType>purl</referenceType> + </externalRefs> + <filesAnalyzed>false</filesAnalyzed> + <homepage>http://www.openjena.org/</homepage> + <licenseConcluded>NOASSERTION</licenseConcluded> + <licenseDeclared>NOASSERTION</licenseDeclared> + <name>Jena</name> + <versionInfo>3.12.0</versionInfo> + </packages> + <packages> + <SPDXID>SPDXRef-Saxon</SPDXID> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>85ed0817af83a24ad8da68c2b5094de69833983c</checksumValue> + </checksums> + <copyrightText>Copyright Saxonica Ltd</copyrightText> + <description>The Saxon package is a collection of tools for processing XML documents.</description> + <downloadLocation>https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download</downloadLocation> + <filesAnalyzed>false</filesAnalyzed> + <homepage>http://saxon.sourceforge.net/</homepage> + <licenseComments>Other versions available for a commercial license</licenseComments> + <licenseConcluded>MPL-1.0</licenseConcluded> + <licenseDeclared>MPL-1.0</licenseDeclared> + <name>Saxon</name> + <packageFileName>saxonB-8.8.zip</packageFileName> + <versionInfo>8.8</versionInfo> + </packages> + <files> + <SPDXID>SPDXRef-DoapSource</SPDXID> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</checksumValue> + </checksums> + <copyrightText>Copyright 2010, 2011 Source Auditor Inc.</copyrightText> + <fileContributors>Protecode Inc.</fileContributors> + <fileContributors>SPDX Technical Team Members</fileContributors> + <fileContributors>Open Logic Inc.</fileContributors> + <fileContributors>Source Auditor Inc.</fileContributors> + <fileContributors>Black Duck Software In.c</fileContributors> + <fileName>./src/org/spdx/parser/DOAPProject.java</fileName> + <fileTypes>SOURCE</fileTypes> + <licenseConcluded>Apache-2.0</licenseConcluded> + <licenseInfoInFiles>Apache-2.0</licenseInfoInFiles> + </files> + <files> + <SPDXID>SPDXRef-CommonsLangSrc</SPDXID> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>c2b4e1c67a2d28fced849ee1bb76e7391b93f125</checksumValue> + </checksums> + <comment>This file is used by Jena</comment> + <copyrightText>Copyright 2001-2011 The Apache Software Foundation</copyrightText> + <fileContributors>Apache Software Foundation</fileContributors> + <fileName>./lib-source/commons-lang3-3.1-sources.jar</fileName> + <fileTypes>ARCHIVE</fileTypes> + <licenseConcluded>Apache-2.0</licenseConcluded> + <licenseInfoInFiles>Apache-2.0</licenseInfoInFiles> + <noticeText>Apache Commons Lang +Copyright 2001-2011 The Apache Software Foundation + +This product includes software developed by +The Apache Software Foundation (http://www.apache.org/). + +This product includes software from the Spring Framework, +under the Apache License 2.0 (see: StringUtils.containsWhitespace())</noticeText> + </files> + <files> + <SPDXID>SPDXRef-JenaLib</SPDXID> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>3ab4e1c67a2d28fced849ee1bb76e7391b93f125</checksumValue> + </checksums> + <comment>This file belongs to Jena</comment> + <copyrightText>(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP</copyrightText> + <fileContributors>Apache Software Foundation</fileContributors> + <fileContributors>Hewlett Packard Inc.</fileContributors> + <fileName>./lib-source/jena-2.6.3-sources.jar</fileName> + <fileTypes>ARCHIVE</fileTypes> + <licenseComments>This license is used by Jena</licenseComments> + <licenseConcluded>LicenseRef-1</licenseConcluded> + <licenseInfoInFiles>LicenseRef-1</licenseInfoInFiles> + </files> + <files> + <SPDXID>SPDXRef-File</SPDXID> + <annotations> + <annotationDate>2011-01-29T18:30:22Z</annotationDate> + <annotationType>OTHER</annotationType> + <annotator>Person: File Commenter</annotator> + <comment>File level annotation</comment> + </annotations> + <checksums> + <algorithm>SHA1</algorithm> + <checksumValue>d6a770ba38583ed4bb4525bd96e50461655d2758</checksumValue> + </checksums> + <checksums> + <algorithm>MD5</algorithm> + <checksumValue>624c1abb3664f4b35547e7c73864ad24</checksumValue> + </checksums> + <comment>The concluded license was taken from the package level that the file was included in. +This information was found in the COPYING.txt file in the xyz directory.</comment> + <copyrightText>Copyright 2008-2010 John Smith</copyrightText> + <fileContributors>The Regents of the University of California</fileContributors> + <fileContributors>Modified by Paul Mundt lethal@linux-sh.org</fileContributors> + <fileContributors>IBM Corporation</fileContributors> + <fileName>./package/foo.c</fileName> + <fileTypes>SOURCE</fileTypes> + <licenseComments>The concluded license was taken from the package level that the file was included in.</licenseComments> + <licenseConcluded>(LGPL-2.0-only OR LicenseRef-2)</licenseConcluded> + <licenseInfoInFiles>GPL-2.0-only</licenseInfoInFiles> + <licenseInfoInFiles>LicenseRef-2</licenseInfoInFiles> + <noticeText>Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</noticeText> + </files> + <snippets> + <SPDXID>SPDXRef-Snippet</SPDXID> + <comment>This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.</comment> + <copyrightText>Copyright 2008-2010 John Smith</copyrightText> + <licenseComments>The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.</licenseComments> + <licenseConcluded>GPL-2.0-only</licenseConcluded> + <licenseInfoInSnippets>GPL-2.0-only</licenseInfoInSnippets> + <name>from linux kernel</name> + <ranges> + <endPointer> + <offset>420</offset> + <reference>SPDXRef-DoapSource</reference> + </endPointer> + <startPointer> + <offset>310</offset> + <reference>SPDXRef-DoapSource</reference> + </startPointer> + </ranges> + <ranges> + <endPointer> + <lineNumber>23</lineNumber> + <reference>SPDXRef-DoapSource</reference> + </endPointer> + <startPointer> + <lineNumber>5</lineNumber> + <reference>SPDXRef-DoapSource</reference> + </startPointer> + </ranges> + <snippetFromFile>SPDXRef-DoapSource</snippetFromFile> + </snippets> + <relationships> + <spdxElementId>SPDXRef-DOCUMENT</spdxElementId> + <relatedSpdxElement>SPDXRef-Package</relatedSpdxElement> + <relationshipType>CONTAINS</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-DOCUMENT</spdxElementId> + <relatedSpdxElement>DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement</relatedSpdxElement> + <relationshipType>COPY_OF</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-DOCUMENT</spdxElementId> + <relatedSpdxElement>SPDXRef-File</relatedSpdxElement> + <relationshipType>DESCRIBES</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-DOCUMENT</spdxElementId> + <relatedSpdxElement>SPDXRef-Package</relatedSpdxElement> + <relationshipType>DESCRIBES</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-Package</spdxElementId> + <relatedSpdxElement>SPDXRef-JenaLib</relatedSpdxElement> + <relationshipType>CONTAINS</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-Package</spdxElementId> + <relatedSpdxElement>SPDXRef-Saxon</relatedSpdxElement> + <relationshipType>DYNAMIC_LINK</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-CommonsLangSrc</spdxElementId> + <relatedSpdxElement>NOASSERTION</relatedSpdxElement> + <relationshipType>GENERATED_FROM</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-JenaLib</spdxElementId> + <relatedSpdxElement>SPDXRef-Package</relatedSpdxElement> + <relationshipType>CONTAINS</relationshipType> + </relationships> + <relationships> + <spdxElementId>SPDXRef-File</spdxElementId> + <relatedSpdxElement>SPDXRef-fromDoap-0</relatedSpdxElement> + <relationshipType>GENERATED_FROM</relationshipType> + </relationships> +</Document> diff --git a/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml b/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml new file mode 100644 index 0000000..d58cf22 --- /dev/null +++ b/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml @@ -0,0 +1,390 @@ +--- +SPDXID: "SPDXRef-DOCUMENT" +spdxVersion: "SPDX-2.2" +creationInfo: + comment: "This package has been shipped in source and binary form.\nThe binaries\ + \ were created with gcc 4.5.1 and expect to link to\ncompatible system run time\ + \ libraries." + created: "2010-01-29T18:30:22Z" + creators: + - "Tool: LicenseFind-1.0" + - "Organization: ExampleCodeInspect ()" + - "Person: Jane Doe ()" + licenseListVersion: "3.9" +name: "SPDX-Tools-v2.0" +dataLicense: "CC0-1.0" +comment: "This document was created using SPDX 2.0 using licenses from the web site." +externalDocumentRefs: +- externalDocumentId: "DocumentRef-spdx-tool-1.2" + checksum: + algorithm: "SHA1" + checksumValue: "d6a770ba38583ed4bb4525bd96e50461655d2759" + spdxDocument: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" +hasExtractedLicensingInfos: +- licenseId: "LicenseRef-1" + extractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,\ + \ 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n\ + \ *\n * Redistribution and use in source and binary forms, with or without\n *\ + \ modification, are permitted provided that the following conditions\n * are met:\n\ + \ * 1. Redistributions of source code must retain the above copyright\n * notice,\ + \ this list of conditions and the following disclaimer.\n * 2. Redistributions\ + \ in binary form must reproduce the above copyright\n * notice, this list of\ + \ conditions and the following disclaimer in the\n * documentation and/or other\ + \ materials provided with the distribution.\n * 3. The name of the author may\ + \ not be used to endorse or promote products\n * derived from this software\ + \ without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED\ + \ BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING,\ + \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS\ + \ FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE\ + \ LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\ + \ DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\ + \ OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\ + \ CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\ + \ OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE\ + \ USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\ + */" +- licenseId: "LicenseRef-2" + extractedText: "This package includes the GRDDL parser developed by Hewlett Packard\ + \ under the following license:\n� Copyright 2007 Hewlett-Packard Development Company,\ + \ LP\n\nRedistribution and use in source and binary forms, with or without modification,\ + \ are permitted provided that the following conditions are met: \n\nRedistributions\ + \ of source code must retain the above copyright notice, this list of conditions\ + \ and the following disclaimer. \nRedistributions in binary form must reproduce\ + \ the above copyright notice, this list of conditions and the following disclaimer\ + \ in the documentation and/or other materials provided with the distribution.\ + \ \nThe name of the author may not be used to endorse or promote products derived\ + \ from this software without specific prior written permission. \nTHIS SOFTWARE\ + \ IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,\ + \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\ + \ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE\ + \ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\ + \ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\ + \ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\ + \ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\ + \ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\ + \ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." +- licenseId: "LicenseRef-4" + extractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n\ + \ *\n * Redistribution and use in source and binary forms, with or without\n *\ + \ modification, are permitted provided that the following conditions\n * are met:\n\ + \ * 1. Redistributions of source code must retain the above copyright\n * notice,\ + \ this list of conditions and the following disclaimer.\n * 2. Redistributions\ + \ in binary form must reproduce the above copyright\n * notice, this list of\ + \ conditions and the following disclaimer in the\n * documentation and/or other\ + \ materials provided with the distribution.\n * 3. The name of the author may\ + \ not be used to endorse or promote products\n * derived from this software\ + \ without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED\ + \ BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING,\ + \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS\ + \ FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE\ + \ LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\ + \ DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\ + \ OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\ + \ CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\ + \ OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE\ + \ USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\ + */" +- licenseId: "LicenseRef-Beerware-4.2" + comment: "The beerware license has a couple of other standard variants." + extractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote\ + \ this file. As long as you retain this notice you\ncan do whatever you want with\ + \ this stuff. If we meet some day, and you think this stuff is worth it, you can\ + \ buy me a beer in return Poul-Henning Kamp" + name: "Beer-Ware License (Version 42)" + seeAlsos: + - "http://people.freebsd.org/~phk/" +- licenseId: "LicenseRef-3" + comment: "This is tye CyperNeko License" + extractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright\ + \ 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source\ + \ and binary forms, with or without\nmodification, are permitted provided that\ + \ the following conditions\nare met:\n\n1. Redistributions of source code must\ + \ retain the above copyright\n notice, this list of conditions and the following\ + \ disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n\ + \ notice, this list of conditions and the following disclaimer in\n the documentation\ + \ and/or other materials provided with the\n distribution.\n\n3. The end-user\ + \ documentation included with the redistribution,\n if any, must include the\ + \ following acknowledgment: \n \"This product includes software developed\ + \ by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software\ + \ itself,\n if and wherever such third-party acknowledgments normally appear.\n\ + \n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n \ + \ or promote products derived from this software without prior \n written permission.\ + \ For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products\ + \ derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\"\ + \ appear in their name, without prior written\n permission of the author.\n\n\ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES,\ + \ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND\ + \ FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR\ + \ OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\ + \ EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\ + \ \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS\ + \ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT,\ + \ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY\ + \ WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF\ + \ SUCH DAMAGE." + name: "CyberNeko License" + seeAlsos: + - "http://people.apache.org/~andyc/neko/LICENSE" + - "http://justasample.url.com" +annotations: +- annotationDate: "2010-01-29T18:30:22Z" + annotationType: "OTHER" + annotator: "Person: Jane Doe ()" + comment: "Document level annotation" +- annotationDate: "2010-02-10T00:00:00Z" + annotationType: "REVIEW" + annotator: "Person: Joe Reviewer" + comment: "This is just an example. Some of the non-standard licenses look like\ + \ they are actually BSD 3 clause licenses" +- annotationDate: "2011-03-13T00:00:00Z" + annotationType: "REVIEW" + annotator: "Person: Suzanne Reviewer" + comment: "Another example reviewer." +documentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301" +documentDescribes: +- "SPDXRef-File" +- "SPDXRef-Package" +packages: +- SPDXID: "SPDXRef-Package" + annotations: + - annotationDate: "2011-01-29T18:30:22Z" + annotationType: "OTHER" + annotator: "Person: Package Commenter" + comment: "Package level annotation" + attributionTexts: + - "The GNU C Library is free software. See the file COPYING.LIB for copying conditions,\ + \ and LICENSES for notices about a few contributions that require these additional\ + \ notices to be distributed. License copyright years may be listed using range\ + \ notation, e.g., 1996-2015, indicating that every year in the range, inclusive,\ + \ is a copyrightable year that would otherwise be listed individually." + checksums: + - algorithm: "MD5" + checksumValue: "624c1abb3664f4b35547e7c73864ad24" + - algorithm: "SHA1" + checksumValue: "85ed0817af83a24ad8da68c2b5094de69833983c" + - algorithm: "SHA256" + checksumValue: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + copyrightText: "Copyright 2008-2010 John Smith" + description: "The GNU C Library defines functions that are specified by the ISO\ + \ C standard, as well as additional features specific to POSIX and other derivatives\ + \ of the Unix operating system, and extensions specific to GNU systems." + downloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + externalRefs: + - referenceCategory: "SECURITY" + referenceLocator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*" + referenceType: "cpe23Type" + - comment: "This is the external ref for Acme" + referenceCategory: "OTHER" + referenceLocator: "acmecorp/acmenator/4.1.3-alpha" + referenceType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" + filesAnalyzed: true + hasFiles: + - "SPDXRef-CommonsLangSrc" + - "SPDXRef-JenaLib" + - "SPDXRef-DoapSource" + homepage: "http://ftp.gnu.org/gnu/glibc" + licenseComments: "The license for this project changed with the release of version\ + \ x.y. The version of the project included here post-dates the license change." + licenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)" + licenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)" + licenseInfoFromFiles: + - "GPL-2.0-only" + - "LicenseRef-2" + - "LicenseRef-1" + name: "glibc" + originator: "Organization: ExampleCodeInspect (contact@example.com)" + packageFileName: "glibc-2.11.1.tar.gz" + packageVerificationCode: + packageVerificationCodeExcludedFiles: + - "./package.spdx" + packageVerificationCodeValue: "d6a770ba38583ed4bb4525bd96e50461655d2758" + sourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + summary: "GNU C library." + supplier: "Person: Jane Doe (jane.doe@example.com)" + versionInfo: "2.11.1" +- SPDXID: "SPDXRef-fromDoap-1" + copyrightText: "NOASSERTION" + downloadLocation: "NOASSERTION" + filesAnalyzed: false + homepage: "http://commons.apache.org/proper/commons-lang/" + licenseConcluded: "NOASSERTION" + licenseDeclared: "NOASSERTION" + name: "Apache Commons Lang" +- SPDXID: "SPDXRef-fromDoap-0" + copyrightText: "NOASSERTION" + downloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz" + externalRefs: + - referenceCategory: "PACKAGE_MANAGER" + referenceLocator: "pkg:maven/org.apache.jena/apache-jena@3.12.0" + referenceType: "purl" + filesAnalyzed: false + homepage: "http://www.openjena.org/" + licenseConcluded: "NOASSERTION" + licenseDeclared: "NOASSERTION" + name: "Jena" + versionInfo: "3.12.0" +- SPDXID: "SPDXRef-Saxon" + checksums: + - algorithm: "SHA1" + checksumValue: "85ed0817af83a24ad8da68c2b5094de69833983c" + copyrightText: "Copyright Saxonica Ltd" + description: "The Saxon package is a collection of tools for processing XML documents." + downloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + filesAnalyzed: false + homepage: "http://saxon.sourceforge.net/" + licenseComments: "Other versions available for a commercial license" + licenseConcluded: "MPL-1.0" + licenseDeclared: "MPL-1.0" + name: "Saxon" + packageFileName: "saxonB-8.8.zip" + versionInfo: "8.8" +files: +- SPDXID: "SPDXRef-DoapSource" + checksums: + - algorithm: "SHA1" + checksumValue: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + copyrightText: "Copyright 2010, 2011 Source Auditor Inc." + fileContributors: + - "Protecode Inc." + - "SPDX Technical Team Members" + - "Open Logic Inc." + - "Source Auditor Inc." + - "Black Duck Software In.c" + fileName: "./src/org/spdx/parser/DOAPProject.java" + fileTypes: + - "SOURCE" + licenseConcluded: "Apache-2.0" + licenseInfoInFiles: + - "Apache-2.0" +- SPDXID: "SPDXRef-CommonsLangSrc" + checksums: + - algorithm: "SHA1" + checksumValue: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + comment: "This file is used by Jena" + copyrightText: "Copyright 2001-2011 The Apache Software Foundation" + fileContributors: + - "Apache Software Foundation" + fileName: "./lib-source/commons-lang3-3.1-sources.jar" + fileTypes: + - "ARCHIVE" + licenseConcluded: "Apache-2.0" + licenseInfoInFiles: + - "Apache-2.0" + noticeText: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\ + \nThis product includes software developed by\nThe Apache Software Foundation\ + \ (http://www.apache.org/).\n\nThis product includes software from the Spring\ + \ Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" +- SPDXID: "SPDXRef-JenaLib" + checksums: + - algorithm: "SHA1" + checksumValue: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + comment: "This file belongs to Jena" + copyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,\ + \ 2009 Hewlett-Packard Development Company, LP" + fileContributors: + - "Apache Software Foundation" + - "Hewlett Packard Inc." + fileName: "./lib-source/jena-2.6.3-sources.jar" + fileTypes: + - "ARCHIVE" + licenseComments: "This license is used by Jena" + licenseConcluded: "LicenseRef-1" + licenseInfoInFiles: + - "LicenseRef-1" +- SPDXID: "SPDXRef-File" + annotations: + - annotationDate: "2011-01-29T18:30:22Z" + annotationType: "OTHER" + annotator: "Person: File Commenter" + comment: "File level annotation" + checksums: + - algorithm: "SHA1" + checksumValue: "d6a770ba38583ed4bb4525bd96e50461655d2758" + - algorithm: "MD5" + checksumValue: "624c1abb3664f4b35547e7c73864ad24" + comment: "The concluded license was taken from the package level that the file was\ + \ included in.\nThis information was found in the COPYING.txt file in the xyz\ + \ directory." + copyrightText: "Copyright 2008-2010 John Smith" + fileContributors: + - "The Regents of the University of California" + - "Modified by Paul Mundt lethal@linux-sh.org" + - "IBM Corporation" + fileName: "./package/foo.c" + fileTypes: + - "SOURCE" + licenseComments: "The concluded license was taken from the package level that the\ + \ file was included in." + licenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)" + licenseInfoInFiles: + - "GPL-2.0-only" + - "LicenseRef-2" + noticeText: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is\ + \ hereby granted, free of charge, to any person obtaining a copy of this software\ + \ and associated documentation files (the �Software�), to deal in the Software\ + \ without restriction, including without limitation the rights to use, copy, modify,\ + \ merge, publish, distribute, sublicense, and/or sell copies of the Software,\ + \ and to permit persons to whom the Software is furnished to do so, subject to\ + \ the following conditions: \nThe above copyright notice and this permission notice\ + \ shall be included in all copies or substantial portions of the Software.\n\n\ + THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\ + \ INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR\ + \ A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\ + \ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\ + \ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\ + \ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." +snippets: +- SPDXID: "SPDXRef-Snippet" + comment: "This snippet was identified as significant and highlighted in this Apache-2.0\ + \ file, when a commercial scanner identified it as being derived from file foo.c\ + \ in package xyz which is licensed under GPL-2.0." + copyrightText: "Copyright 2008-2010 John Smith" + licenseComments: "The concluded license was taken from package xyz, from which the\ + \ snippet was copied into the current file. The concluded license information\ + \ was found in the COPYING.txt file in package xyz." + licenseConcluded: "GPL-2.0-only" + licenseInfoInSnippets: + - "GPL-2.0-only" + name: "from linux kernel" + ranges: + - endPointer: + offset: 420 + reference: "SPDXRef-DoapSource" + startPointer: + offset: 310 + reference: "SPDXRef-DoapSource" + - endPointer: + lineNumber: 23 + reference: "SPDXRef-DoapSource" + startPointer: + lineNumber: 5 + reference: "SPDXRef-DoapSource" + snippetFromFile: "SPDXRef-DoapSource" +relationships: +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package" + relationshipType: "CONTAINS" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement" + relationshipType: "COPY_OF" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-File" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-Package" + relatedSpdxElement: "SPDXRef-JenaLib" + relationshipType: "CONTAINS" +- spdxElementId: "SPDXRef-Package" + relatedSpdxElement: "SPDXRef-Saxon" + relationshipType: "DYNAMIC_LINK" +- spdxElementId: "SPDXRef-CommonsLangSrc" + relatedSpdxElement: "NOASSERTION" + relationshipType: "GENERATED_FROM" +- spdxElementId: "SPDXRef-JenaLib" + relatedSpdxElement: "SPDXRef-Package" + relationshipType: "CONTAINS" +- spdxElementId: "SPDXRef-File" + relatedSpdxElement: "SPDXRef-fromDoap-0" + relationshipType: "GENERATED_FROM" @@ -2,4 +2,7 @@ module github.com/spdx/tools-golang go 1.13 -require github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb +require ( + github.com/google/go-cmp v0.5.7 + github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb +) @@ -1,2 +1,6 @@ +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb h1:bLo8hvc8XFm9J47r690TUKBzcjSWdJDxmjXJZ+/f92U= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/idsearcher/idsearcher.go b/idsearcher/idsearcher.go index 3982109..bb8bbd1 100644 --- a/idsearcher/idsearcher.go +++ b/idsearcher/idsearcher.go @@ -73,7 +73,7 @@ func BuildIDsDocument2_1(packageName string, dirRoot string, idconfig *Config2_1 } // now, walk through each file and find its licenses (if any) - pkg := doc.Packages[spdx.ElementID("Package-"+packageName)] + pkg := doc.Packages[0] if pkg == nil { return nil, fmt.Errorf("builder returned nil Package") } @@ -83,7 +83,7 @@ func BuildIDsDocument2_1(packageName string, dirRoot string, idconfig *Config2_1 licsForPackage := map[string]int{} for _, f := range pkg.Files { // start by initializing / clearing values - f.LicenseInfoInFile = []string{"NOASSERTION"} + f.LicenseInfoInFiles = []string{"NOASSERTION"} f.LicenseConcluded = "NOASSERTION" // check whether the searcher should ignore this file @@ -114,11 +114,11 @@ func BuildIDsDocument2_1(packageName string, dirRoot string, idconfig *Config2_1 // OK -- now we can fill in the file's details, or NOASSERTION if none if len(licsForFile) > 0 { - f.LicenseInfoInFile = []string{} + f.LicenseInfoInFiles = []string{} for lic := range licsForFile { - f.LicenseInfoInFile = append(f.LicenseInfoInFile, lic) + f.LicenseInfoInFiles = append(f.LicenseInfoInFiles, lic) } - sort.Strings(f.LicenseInfoInFile) + sort.Strings(f.LicenseInfoInFiles) // avoid adding parens and joining for single-ID items if len(licsParens) == 1 { f.LicenseConcluded = ids[0] @@ -197,7 +197,7 @@ func BuildIDsDocument2_2(packageName string, dirRoot string, idconfig *Config2_2 } // now, walk through each file and find its licenses (if any) - pkg := doc.Packages[spdx.ElementID("Package-"+packageName)] + pkg := doc.Packages[0] if pkg == nil { return nil, fmt.Errorf("builder returned nil Package") } @@ -207,7 +207,7 @@ func BuildIDsDocument2_2(packageName string, dirRoot string, idconfig *Config2_2 licsForPackage := map[string]int{} for _, f := range pkg.Files { // start by initializing / clearing values - f.LicenseInfoInFile = []string{"NOASSERTION"} + f.LicenseInfoInFiles = []string{"NOASSERTION"} f.LicenseConcluded = "NOASSERTION" // check whether the searcher should ignore this file @@ -238,11 +238,11 @@ func BuildIDsDocument2_2(packageName string, dirRoot string, idconfig *Config2_2 // OK -- now we can fill in the file's details, or NOASSERTION if none if len(licsForFile) > 0 { - f.LicenseInfoInFile = []string{} + f.LicenseInfoInFiles = []string{} for lic := range licsForFile { - f.LicenseInfoInFile = append(f.LicenseInfoInFile, lic) + f.LicenseInfoInFiles = append(f.LicenseInfoInFiles, lic) } - sort.Strings(f.LicenseInfoInFile) + sort.Strings(f.LicenseInfoInFiles) // avoid adding parens and joining for single-ID items if len(licsParens) == 1 { f.LicenseConcluded = ids[0] diff --git a/idsearcher/idsearcher_test.go b/idsearcher/idsearcher_test.go index ab0adc9..00e5206 100644 --- a/idsearcher/idsearcher_test.go +++ b/idsearcher/idsearcher_test.go @@ -4,8 +4,6 @@ package idsearcher import ( "testing" - - "github.com/spdx/tools-golang/spdx" ) // ===== 2.1 Searcher top-level function tests ===== @@ -33,7 +31,7 @@ func Test2_1SearcherCanFillInIDs(t *testing.T) { if len(doc.Packages) != 1 { t.Fatalf("expected Packages len to be 1, got %d", len(doc.Packages)) } - pkg := doc.Packages[spdx.ElementID("Package-project2")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -45,101 +43,101 @@ func Test2_1SearcherCanFillInIDs(t *testing.T) { t.Fatalf("expected Files len to be 6, got %d", len(pkg.Files)) } - fileInFolder := pkg.Files[spdx.ElementID("File0")] - if fileInFolder.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileInFolder := pkg.Files[0] + if fileInFolder.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileInFolder.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileInFolder.LicenseInfoInFile)) + if len(fileInFolder.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileInFolder.LicenseInfoInFiles)) } - if fileInFolder.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseInfoInFile[0]) + if fileInFolder.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseInfoInFiles[0]) } if fileInFolder.LicenseConcluded != "MIT" { t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseConcluded) } - fileTrailingComment := pkg.Files[spdx.ElementID("File1")] - if fileTrailingComment.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileTrailingComment := pkg.Files[1] + if fileTrailingComment.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileTrailingComment.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileTrailingComment.LicenseInfoInFile)) + if len(fileTrailingComment.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileTrailingComment.LicenseInfoInFiles)) } - if fileTrailingComment.LicenseInfoInFile[0] != "GPL-2.0-or-later" { - t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseInfoInFile[0]) + if fileTrailingComment.LicenseInfoInFiles[0] != "GPL-2.0-or-later" { + t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseInfoInFiles[0]) } if fileTrailingComment.LicenseConcluded != "GPL-2.0-or-later" { t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseConcluded) } - fileHasDuplicateID := pkg.Files[spdx.ElementID("File2")] - if fileHasDuplicateID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileHasDuplicateID := pkg.Files[2] + if fileHasDuplicateID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileHasDuplicateID.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileHasDuplicateID.LicenseInfoInFile)) + if len(fileHasDuplicateID.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileHasDuplicateID.LicenseInfoInFiles)) } - if fileHasDuplicateID.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseInfoInFile[0]) + if fileHasDuplicateID.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseInfoInFiles[0]) } if fileHasDuplicateID.LicenseConcluded != "MIT" { t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseConcluded) } - fileHasID := pkg.Files[spdx.ElementID("File3")] - if fileHasID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileHasID := pkg.Files[3] + if fileHasID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileHasID.LicenseInfoInFile) != 2 { - t.Fatalf("expected LicenseInfoInFile len to be 2, got %d", len(fileHasID.LicenseInfoInFile)) + if len(fileHasID.LicenseInfoInFiles) != 2 { + t.Fatalf("expected LicenseInfoInFiles len to be 2, got %d", len(fileHasID.LicenseInfoInFiles)) } - if fileHasID.LicenseInfoInFile[0] != "Apache-2.0" { - t.Errorf("expected %v, got %v", "Apache-2.0", fileHasID.LicenseInfoInFile[0]) + if fileHasID.LicenseInfoInFiles[0] != "Apache-2.0" { + t.Errorf("expected %v, got %v", "Apache-2.0", fileHasID.LicenseInfoInFiles[0]) } - if fileHasID.LicenseInfoInFile[1] != "GPL-2.0-or-later" { - t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileHasID.LicenseInfoInFile[1]) + if fileHasID.LicenseInfoInFiles[1] != "GPL-2.0-or-later" { + t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileHasID.LicenseInfoInFiles[1]) } if fileHasID.LicenseConcluded != "Apache-2.0 OR GPL-2.0-or-later" { t.Errorf("expected %v, got %v", "Apache-2.0 OR GPL-2.0-or-later", fileHasID.LicenseConcluded) } - fileMultipleIDs := pkg.Files[spdx.ElementID("File4")] - if fileMultipleIDs.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileMultipleIDs := pkg.Files[4] + if fileMultipleIDs.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileMultipleIDs.LicenseInfoInFile) != 5 { - t.Fatalf("expected LicenseInfoInFile len to be 5, got %d", len(fileMultipleIDs.LicenseInfoInFile)) + if len(fileMultipleIDs.LicenseInfoInFiles) != 5 { + t.Fatalf("expected LicenseInfoInFiles len to be 5, got %d", len(fileMultipleIDs.LicenseInfoInFiles)) } - if fileMultipleIDs.LicenseInfoInFile[0] != "BSD-2-Clause" { - t.Errorf("expected %v, got %v", "BSD-2-Clause", fileMultipleIDs.LicenseInfoInFile[0]) + if fileMultipleIDs.LicenseInfoInFiles[0] != "BSD-2-Clause" { + t.Errorf("expected %v, got %v", "BSD-2-Clause", fileMultipleIDs.LicenseInfoInFiles[0]) } - if fileMultipleIDs.LicenseInfoInFile[1] != "BSD-3-Clause" { - t.Errorf("expected %v, got %v", "BSD-3-Clause", fileMultipleIDs.LicenseInfoInFile[1]) + if fileMultipleIDs.LicenseInfoInFiles[1] != "BSD-3-Clause" { + t.Errorf("expected %v, got %v", "BSD-3-Clause", fileMultipleIDs.LicenseInfoInFiles[1]) } // here, DO NOT keep the + - if fileMultipleIDs.LicenseInfoInFile[2] != "EPL-1.0" { - t.Errorf("expected %v, got %v", "EPL-1.0", fileMultipleIDs.LicenseInfoInFile[2]) + if fileMultipleIDs.LicenseInfoInFiles[2] != "EPL-1.0" { + t.Errorf("expected %v, got %v", "EPL-1.0", fileMultipleIDs.LicenseInfoInFiles[2]) } - if fileMultipleIDs.LicenseInfoInFile[3] != "ISC" { - t.Errorf("expected %v, got %v", "ISC", fileMultipleIDs.LicenseInfoInFile[3]) + if fileMultipleIDs.LicenseInfoInFiles[3] != "ISC" { + t.Errorf("expected %v, got %v", "ISC", fileMultipleIDs.LicenseInfoInFiles[3]) } - if fileMultipleIDs.LicenseInfoInFile[4] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileMultipleIDs.LicenseInfoInFile[4]) + if fileMultipleIDs.LicenseInfoInFiles[4] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileMultipleIDs.LicenseInfoInFiles[4]) } if fileMultipleIDs.LicenseConcluded != "((MIT AND BSD-3-Clause) OR ISC) AND BSD-2-Clause AND EPL-1.0+" { t.Errorf("expected %v, got %v", "((MIT AND BSD-3-Clause) OR ISC) AND BSD-2-Clause AND EPL-1.0+", fileMultipleIDs.LicenseConcluded) } - fileNoID := pkg.Files[spdx.ElementID("File5")] - if fileNoID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileNoID := pkg.Files[5] + if fileNoID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileNoID.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileNoID.LicenseInfoInFile)) + if len(fileNoID.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileNoID.LicenseInfoInFiles)) } - if fileNoID.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseInfoInFile[0]) + if fileNoID.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseInfoInFiles[0]) } if fileNoID.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseConcluded) @@ -205,7 +203,7 @@ func Test2_1SearcherCanFillInIDsAndIgnorePaths(t *testing.T) { // get the package and its files, checking licenses for each, and // confirming NOASSERTION for those that are skipped - pkg := doc.Packages[spdx.ElementID("Package-project3")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -213,71 +211,71 @@ func Test2_1SearcherCanFillInIDsAndIgnorePaths(t *testing.T) { t.Fatalf("expected len %d, got %d", 5, len(pkg.Files)) } - f := pkg.Files[spdx.ElementID("File0")] + f := pkg.Files[0] if f.FileName != "./dontscan.txt" { t.Errorf("expected %v, got %v", "./dontscan.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File1")] + f = pkg.Files[1] if f.FileName != "./keep/keep.txt" { t.Errorf("expected %v, got %v", "./keep/keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "MIT" { t.Errorf("expected %s, got %s", "MIT", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File2")] + f = pkg.Files[2] if f.FileName != "./keep.txt" { t.Errorf("expected %v, got %v", "./keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File3")] + f = pkg.Files[3] if f.FileName != "./subdir/keep/dontscan.txt" { t.Errorf("expected %v, got %v", "./subdir/keep/dontscan.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File4")] + f = pkg.Files[4] if f.FileName != "./subdir/keep/keep.txt" { t.Errorf("expected %v, got %v", "./subdir/keep/keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "MIT" { t.Errorf("expected %s, got %s", "MIT", f.LicenseConcluded) @@ -322,7 +320,7 @@ func Test2_2SearcherCanFillInIDs(t *testing.T) { if len(doc.Packages) != 1 { t.Fatalf("expected Packages len to be 1, got %d", len(doc.Packages)) } - pkg := doc.Packages[spdx.ElementID("Package-project2")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -334,101 +332,101 @@ func Test2_2SearcherCanFillInIDs(t *testing.T) { t.Fatalf("expected Files len to be 6, got %d", len(pkg.Files)) } - fileInFolder := pkg.Files[spdx.ElementID("File0")] - if fileInFolder.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileInFolder := pkg.Files[0] + if fileInFolder.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileInFolder.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileInFolder.LicenseInfoInFile)) + if len(fileInFolder.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileInFolder.LicenseInfoInFiles)) } - if fileInFolder.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseInfoInFile[0]) + if fileInFolder.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseInfoInFiles[0]) } if fileInFolder.LicenseConcluded != "MIT" { t.Errorf("expected %v, got %v", "MIT", fileInFolder.LicenseConcluded) } - fileTrailingComment := pkg.Files[spdx.ElementID("File1")] - if fileTrailingComment.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileTrailingComment := pkg.Files[1] + if fileTrailingComment.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileTrailingComment.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileTrailingComment.LicenseInfoInFile)) + if len(fileTrailingComment.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileTrailingComment.LicenseInfoInFiles)) } - if fileTrailingComment.LicenseInfoInFile[0] != "GPL-2.0-or-later" { - t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseInfoInFile[0]) + if fileTrailingComment.LicenseInfoInFiles[0] != "GPL-2.0-or-later" { + t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseInfoInFiles[0]) } if fileTrailingComment.LicenseConcluded != "GPL-2.0-or-later" { t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileTrailingComment.LicenseConcluded) } - fileHasDuplicateID := pkg.Files[spdx.ElementID("File2")] - if fileHasDuplicateID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileHasDuplicateID := pkg.Files[2] + if fileHasDuplicateID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileHasDuplicateID.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileHasDuplicateID.LicenseInfoInFile)) + if len(fileHasDuplicateID.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileHasDuplicateID.LicenseInfoInFiles)) } - if fileHasDuplicateID.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseInfoInFile[0]) + if fileHasDuplicateID.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseInfoInFiles[0]) } if fileHasDuplicateID.LicenseConcluded != "MIT" { t.Errorf("expected %v, got %v", "MIT", fileHasDuplicateID.LicenseConcluded) } - fileHasID := pkg.Files[spdx.ElementID("File3")] - if fileHasID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileHasID := pkg.Files[3] + if fileHasID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileHasID.LicenseInfoInFile) != 2 { - t.Fatalf("expected LicenseInfoInFile len to be 2, got %d", len(fileHasID.LicenseInfoInFile)) + if len(fileHasID.LicenseInfoInFiles) != 2 { + t.Fatalf("expected LicenseInfoInFiles len to be 2, got %d", len(fileHasID.LicenseInfoInFiles)) } - if fileHasID.LicenseInfoInFile[0] != "Apache-2.0" { - t.Errorf("expected %v, got %v", "Apache-2.0", fileHasID.LicenseInfoInFile[0]) + if fileHasID.LicenseInfoInFiles[0] != "Apache-2.0" { + t.Errorf("expected %v, got %v", "Apache-2.0", fileHasID.LicenseInfoInFiles[0]) } - if fileHasID.LicenseInfoInFile[1] != "GPL-2.0-or-later" { - t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileHasID.LicenseInfoInFile[1]) + if fileHasID.LicenseInfoInFiles[1] != "GPL-2.0-or-later" { + t.Errorf("expected %v, got %v", "GPL-2.0-or-later", fileHasID.LicenseInfoInFiles[1]) } if fileHasID.LicenseConcluded != "Apache-2.0 OR GPL-2.0-or-later" { t.Errorf("expected %v, got %v", "Apache-2.0 OR GPL-2.0-or-later", fileHasID.LicenseConcluded) } - fileMultipleIDs := pkg.Files[spdx.ElementID("File4")] - if fileMultipleIDs.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileMultipleIDs := pkg.Files[4] + if fileMultipleIDs.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileMultipleIDs.LicenseInfoInFile) != 5 { - t.Fatalf("expected LicenseInfoInFile len to be 5, got %d", len(fileMultipleIDs.LicenseInfoInFile)) + if len(fileMultipleIDs.LicenseInfoInFiles) != 5 { + t.Fatalf("expected LicenseInfoInFiles len to be 5, got %d", len(fileMultipleIDs.LicenseInfoInFiles)) } - if fileMultipleIDs.LicenseInfoInFile[0] != "BSD-2-Clause" { - t.Errorf("expected %v, got %v", "BSD-2-Clause", fileMultipleIDs.LicenseInfoInFile[0]) + if fileMultipleIDs.LicenseInfoInFiles[0] != "BSD-2-Clause" { + t.Errorf("expected %v, got %v", "BSD-2-Clause", fileMultipleIDs.LicenseInfoInFiles[0]) } - if fileMultipleIDs.LicenseInfoInFile[1] != "BSD-3-Clause" { - t.Errorf("expected %v, got %v", "BSD-3-Clause", fileMultipleIDs.LicenseInfoInFile[1]) + if fileMultipleIDs.LicenseInfoInFiles[1] != "BSD-3-Clause" { + t.Errorf("expected %v, got %v", "BSD-3-Clause", fileMultipleIDs.LicenseInfoInFiles[1]) } // here, DO NOT keep the + - if fileMultipleIDs.LicenseInfoInFile[2] != "EPL-1.0" { - t.Errorf("expected %v, got %v", "EPL-1.0", fileMultipleIDs.LicenseInfoInFile[2]) + if fileMultipleIDs.LicenseInfoInFiles[2] != "EPL-1.0" { + t.Errorf("expected %v, got %v", "EPL-1.0", fileMultipleIDs.LicenseInfoInFiles[2]) } - if fileMultipleIDs.LicenseInfoInFile[3] != "ISC" { - t.Errorf("expected %v, got %v", "ISC", fileMultipleIDs.LicenseInfoInFile[3]) + if fileMultipleIDs.LicenseInfoInFiles[3] != "ISC" { + t.Errorf("expected %v, got %v", "ISC", fileMultipleIDs.LicenseInfoInFiles[3]) } - if fileMultipleIDs.LicenseInfoInFile[4] != "MIT" { - t.Errorf("expected %v, got %v", "MIT", fileMultipleIDs.LicenseInfoInFile[4]) + if fileMultipleIDs.LicenseInfoInFiles[4] != "MIT" { + t.Errorf("expected %v, got %v", "MIT", fileMultipleIDs.LicenseInfoInFiles[4]) } if fileMultipleIDs.LicenseConcluded != "((MIT AND BSD-3-Clause) OR ISC) AND BSD-2-Clause AND EPL-1.0+" { t.Errorf("expected %v, got %v", "((MIT AND BSD-3-Clause) OR ISC) AND BSD-2-Clause AND EPL-1.0+", fileMultipleIDs.LicenseConcluded) } - fileNoID := pkg.Files[spdx.ElementID("File5")] - if fileNoID.LicenseInfoInFile == nil { - t.Fatalf("expected non-nil LicenseInfoInFile, got nil") + fileNoID := pkg.Files[5] + if fileNoID.LicenseInfoInFiles == nil { + t.Fatalf("expected non-nil LicenseInfoInFiles, got nil") } - if len(fileNoID.LicenseInfoInFile) != 1 { - t.Fatalf("expected LicenseInfoInFile len to be 1, got %d", len(fileNoID.LicenseInfoInFile)) + if len(fileNoID.LicenseInfoInFiles) != 1 { + t.Fatalf("expected LicenseInfoInFiles len to be 1, got %d", len(fileNoID.LicenseInfoInFiles)) } - if fileNoID.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseInfoInFile[0]) + if fileNoID.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseInfoInFiles[0]) } if fileNoID.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileNoID.LicenseConcluded) @@ -494,7 +492,7 @@ func Test2_2SearcherCanFillInIDsAndIgnorePaths(t *testing.T) { // get the package and its files, checking licenses for each, and // confirming NOASSERTION for those that are skipped - pkg := doc.Packages[spdx.ElementID("Package-project3")] + pkg := doc.Packages[0] if pkg == nil { t.Fatalf("expected non-nil pkg, got nil") } @@ -502,71 +500,71 @@ func Test2_2SearcherCanFillInIDsAndIgnorePaths(t *testing.T) { t.Fatalf("expected len %d, got %d", 5, len(pkg.Files)) } - f := pkg.Files[spdx.ElementID("File0")] + f := pkg.Files[0] if f.FileName != "./dontscan.txt" { t.Errorf("expected %v, got %v", "./dontscan.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File1")] + f = pkg.Files[1] if f.FileName != "./keep/keep.txt" { t.Errorf("expected %v, got %v", "./keep/keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "MIT" { t.Errorf("expected %s, got %s", "MIT", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File2")] + f = pkg.Files[2] if f.FileName != "./keep.txt" { t.Errorf("expected %v, got %v", "./keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File3")] + f = pkg.Files[3] if f.FileName != "./subdir/keep/dontscan.txt" { t.Errorf("expected %v, got %v", "./subdir/keep/dontscan.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "NOASSERTION" { - t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "NOASSERTION" { + t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %s, got %s", "NOASSERTION", f.LicenseConcluded) } - f = pkg.Files[spdx.ElementID("File4")] + f = pkg.Files[4] if f.FileName != "./subdir/keep/keep.txt" { t.Errorf("expected %v, got %v", "./subdir/keep/keep.txt", f.FileName) } - if len(f.LicenseInfoInFile) != 1 { - t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFile)) + if len(f.LicenseInfoInFiles) != 1 { + t.Errorf("expected len to be %d, got %d", 1, len(f.LicenseInfoInFiles)) } - if f.LicenseInfoInFile[0] != "MIT" { - t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFile[0]) + if f.LicenseInfoInFiles[0] != "MIT" { + t.Errorf("expected %s, got %s", "MIT", f.LicenseInfoInFiles[0]) } if f.LicenseConcluded != "MIT" { t.Errorf("expected %s, got %s", "MIT", f.LicenseConcluded) diff --git a/json/json_test.go b/json/json_test.go new file mode 100644 index 0000000..c78013c --- /dev/null +++ b/json/json_test.go @@ -0,0 +1,449 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx_json + +import ( + "bytes" + "fmt" + "github.com/google/go-cmp/cmp" + "os" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func TestLoad2_2(t *testing.T) { + file, err := os.Open("../examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json") + if err != nil { + panic(fmt.Errorf("error opening File: %s", err)) + } + + got, err := Load2_2(file) + if err != nil { + t.Errorf("json.parser.Load2_2() error = %v", err) + return + } + + // get a copy of the handwritten struct so we don't mutate it on accident + handwrittenExample := want + + if cmp.Equal(handwrittenExample, got) { + t.Errorf("Got incorrect struct after parsing JSON example") + return + } +} + +func TestWrite2_2(t *testing.T) { + w := &bytes.Buffer{} + // get a copy of the handwritten struct so we don't mutate it on accident + handwrittenExample := want + if err := Save2_2(&handwrittenExample, w); err != nil { + t.Errorf("Save2_2() error = %v", err.Error()) + return + } + + // we should be able to parse what the writer wrote, and it should be identical to the original struct we wrote + parsedDoc, err := Load2_2(bytes.NewReader(w.Bytes())) + if err != nil { + t.Errorf("failed to parse written document: %v", err.Error()) + return + } + + if cmp.Equal(handwrittenExample, parsedDoc) { + t.Errorf("Got incorrect struct after writing and re-parsing JSON example") + return + } +} + +// want is handwritten translation of the official example JSON SPDX v2.2 document into a Go struct. +// We expect that the result of parsing the official document should be this value. +// We expect that the result of writing this struct should match the official example document. +var want = spdx.Document2_2{ + DataLicense: "CC0-1.0", + SPDXVersion: "SPDX-2.2", + SPDXIdentifier: "SPDXRef-DOCUMENT", + DocumentName: "SPDX-Tools-v2.0", + DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + CreationInfo: &spdx.CreationInfo2_2{ + LicenseListVersion: "3.9", + Creators: []spdx.Creator{ + {CreatorType: "Tool", Creator: "LicenseFind-1.0"}, + {CreatorType: "Organization", Creator: "ExampleCodeInspect ()"}, + {CreatorType: "Person", Creator: "Jane Doe ()"}, + }, + Created: "2010-01-29T18:30:22Z", + CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + }, + DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", + ExternalDocumentReferences: []spdx.ExternalDocumentRef2_2{ + { + DocumentRefID: "DocumentRef-spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Checksum: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + OtherLicenses: []*spdx.OtherLicense2_2{ + { + LicenseIdentifier: "LicenseRef-1", + ExtractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", + }, + { + LicenseIdentifier: "LicenseRef-2", + ExtractedText: "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + }, + { + LicenseIdentifier: "LicenseRef-4", + ExtractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", + }, + { + LicenseIdentifier: "LicenseRef-Beerware-4.2", + ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp", + LicenseComment: "The beerware license has a couple of other standard variants.", + LicenseName: "Beer-Ware License (Version 42)", + LicenseCrossReferences: []string{"http://people.freebsd.org/~phk/"}, + }, + { + LicenseIdentifier: "LicenseRef-3", + ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + LicenseName: "CyberNeko License", + LicenseCrossReferences: []string{ + "http://people.apache.org/~andyc/neko/LICENSE", + "http://justasample.url.com", + }, + LicenseComment: "This is tye CyperNeko License", + }, + }, + Annotations: []*spdx.Annotation2_2{ + { + Annotator: spdx.Annotator{ + Annotator: "Jane Doe ()", + AnnotatorType: "Person", + }, + AnnotationDate: "2010-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotationComment: "Document level annotation", + }, + { + Annotator: spdx.Annotator{ + Annotator: "Joe Reviewer", + AnnotatorType: "Person", + }, + AnnotationDate: "2010-02-10T00:00:00Z", + AnnotationType: "REVIEW", + AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + }, + { + Annotator: spdx.Annotator{ + Annotator: "Suzanne Reviewer", + AnnotatorType: "Person", + }, + AnnotationDate: "2011-03-13T00:00:00Z", + AnnotationType: "REVIEW", + AnnotationComment: "Another example reviewer.", + }, + }, + Packages: []*spdx.Package2_2{ + { + PackageName: "glibc", + PackageSPDXIdentifier: "SPDXRef-Package", + PackageVersion: "2.11.1", + PackageFileName: "glibc-2.11.1.tar.gz", + PackageSupplier: &spdx.Supplier{ + Supplier: "Jane Doe (jane.doe@example.com)", + SupplierType: "Person", + }, + PackageOriginator: &spdx.Originator{ + Originator: "ExampleCodeInspect (contact@example.com)", + OriginatorType: "Organization", + }, + PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + FilesAnalyzed: true, + PackageVerificationCode: spdx.PackageVerificationCode{ + Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", + ExcludedFiles: []string{"./package.spdx"}, + }, + PackageChecksums: []spdx.Checksum{ + { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + { + Algorithm: "SHA1", + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: "SHA256", + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + }, + PackageHomePage: "http://ftp.gnu.org/gnu/glibc", + PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", + PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", + PackageLicenseInfoFromFiles: []string{ + "GPL-2.0-only", + "LicenseRef-2", + "LicenseRef-1", + }, + PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", + PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", + PackageCopyrightText: "Copyright 2008-2010 John Smith", + PackageSummary: "GNU C library.", + PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + PackageComment: "", + PackageExternalReferences: []*spdx.PackageExternalReference2_2{ + { + Category: "SECURITY", + RefType: "cpe23Type", + Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + }, + { + Category: "OTHER", + RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + Locator: "acmecorp/acmenator/4.1.3-alpha", + ExternalRefComment: "This is the external ref for Acme", + }, + }, + PackageAttributionTexts: []string{ + "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.", + }, + Files: nil, + Annotations: []spdx.Annotation2_2{ + { + Annotator: spdx.Annotator{ + Annotator: "Package Commenter", + AnnotatorType: "Person", + }, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotationComment: "Package level annotation", + }, + }, + }, + { + PackageSPDXIdentifier: "SPDXRef-fromDoap-1", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + PackageHomePage: "http://commons.apache.org/proper/commons-lang/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageName: "Apache Commons Lang", + }, + { + PackageName: "Jena", + PackageSPDXIdentifier: "SPDXRef-fromDoap-0", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", + PackageExternalReferences: []*spdx.PackageExternalReference2_2{ + { + Category: "PACKAGE_MANAGER", + RefType: "purl", + Locator: "pkg:maven/org.apache.jena/apache-jena@3.12.0", + }, + }, + FilesAnalyzed: false, + PackageHomePage: "http://www.openjena.org/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageVersion: "3.12.0", + }, + { + PackageSPDXIdentifier: "SPDXRef-Saxon", + PackageChecksums: []spdx.Checksum{ + { + Algorithm: "SHA1", + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + PackageCopyrightText: "Copyright Saxonica Ltd", + PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", + PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + FilesAnalyzed: false, + PackageHomePage: "http://saxon.sourceforge.net/", + PackageLicenseComments: "Other versions available for a commercial license", + PackageLicenseConcluded: "MPL-1.0", + PackageLicenseDeclared: "MPL-1.0", + PackageName: "Saxon", + PackageFileName: "saxonB-8.8.zip", + PackageVersion: "8.8", + }, + }, + Files: []*spdx.File2_2{ + { + FileName: "./src/org/spdx/parser/DOAPProject.java", + FileSPDXIdentifier: "SPDXRef-DoapSource", + FileTypes: []string{ + "SOURCE", + }, + Checksums: []spdx.Checksum{ + { + Algorithm: "SHA1", + Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", + }, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{ + "Apache-2.0", + }, + FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", + FileContributors: []string{ + "Protecode Inc.", + "SPDX Technical Team Members", + "Open Logic Inc.", + "Source Auditor Inc.", + "Black Duck Software In.c", + }, + }, + { + FileSPDXIdentifier: "SPDXRef-CommonsLangSrc", + Checksums: []spdx.Checksum{ + { + Algorithm: "SHA1", + Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", + }, + }, + FileComment: "This file is used by Jena", + FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", + FileContributors: []string{"Apache Software Foundation"}, + FileName: "./lib-source/commons-lang3-3.1-sources.jar", + FileTypes: []string{"ARCHIVE"}, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{"Apache-2.0"}, + FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", + }, + { + FileSPDXIdentifier: "SPDXRef-JenaLib", + Checksums: []spdx.Checksum{ + { + Algorithm: "SHA1", + Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", + }, + }, + FileComment: "This file belongs to Jena", + FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + FileContributors: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, + FileName: "./lib-source/jena-2.6.3-sources.jar", + FileTypes: []string{"ARCHIVE"}, + LicenseComments: "This license is used by Jena", + LicenseConcluded: "LicenseRef-1", + LicenseInfoInFiles: []string{"LicenseRef-1"}, + }, + { + FileSPDXIdentifier: "SPDXRef-File", + Annotations: []spdx.Annotation2_2{ + { + Annotator: spdx.Annotator{ + Annotator: "File Commenter", + AnnotatorType: "Person", + }, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotationComment: "File level annotation", + }, + }, + Checksums: []spdx.Checksum{ + { + Algorithm: "SHA1", + Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", + }, + { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", + FileCopyrightText: "Copyright 2008-2010 John Smith", + FileContributors: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, + FileName: "./package/foo.c", + FileTypes: []string{"SOURCE"}, + LicenseComments: "The concluded license was taken from the package level that the file was included in.", + LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", + LicenseInfoInFiles: []string{"GPL-2.0-only", "LicenseRef-2"}, + FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + }, + }, + Snippets: []spdx.Snippet2_2{ + { + SnippetSPDXIdentifier: "SPDXRef-Snippet", + SnippetFromFileSPDXIdentifier: "SPDXRef-DoapSource", + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{ + Offset: 310, + FileSPDXIdentifier: "SPDXRef-DoapSource", + }, + EndPointer: spdx.SnippetRangePointer{ + Offset: 420, + FileSPDXIdentifier: "SPDXRef-DoapSource", + }, + }, + { + StartPointer: spdx.SnippetRangePointer{ + LineNumber: 5, + FileSPDXIdentifier: "SPDXRef-DoapSource", + }, + EndPointer: spdx.SnippetRangePointer{ + LineNumber: 23, + FileSPDXIdentifier: "SPDXRef-DoapSource", + }, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-only", + LicenseInfoInSnippet: []string{"GPL-2.0-only"}, + SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", + SnippetCopyrightText: "Copyright 2008-2010 John Smith", + SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", + SnippetName: "from linux kernel", + }, + }, + Relationships: []*spdx.Relationship2_2{ + { + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "Package"), + Relationship: "CONTAINS", + }, + { + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("spdx-tool-1.2", "ToolsElement"), + Relationship: "COPY_OF", + }, + { + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "File"), + Relationship: "DESCRIBES", + }, + { + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "Package"), + Relationship: "DESCRIBES", + }, + { + RefA: spdx.MakeDocElementID("", "Package"), + RefB: spdx.MakeDocElementID("", "JenaLib"), + Relationship: "CONTAINS", + }, + { + RefA: spdx.MakeDocElementID("", "Package"), + RefB: spdx.MakeDocElementID("", "Saxon"), + Relationship: "DYNAMIC_LINK", + }, + { + RefA: spdx.MakeDocElementID("", "CommonsLangSrc"), + RefB: spdx.MakeDocElementSpecial("NOASSERTION"), + Relationship: "GENERATED_FROM", + }, + { + RefA: spdx.MakeDocElementID("", "JenaLib"), + RefB: spdx.MakeDocElementID("", "Package"), + Relationship: "CONTAINS", + }, + { + RefA: spdx.MakeDocElementID("", "File"), + RefB: spdx.MakeDocElementID("", "fromDoap-0"), + Relationship: "GENERATED_FROM", + }, + }, +} diff --git a/json/parser.go b/json/parser.go new file mode 100644 index 0000000..387b5b0 --- /dev/null +++ b/json/parser.go @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx_json + +import ( + "bytes" + "encoding/json" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +// Load2_2 takes in an io.Reader and returns an SPDX document. +func Load2_2(content io.Reader) (*spdx.Document2_2, error) { + // convert io.Reader to a slice of bytes and call the parser + buf := new(bytes.Buffer) + _, err := buf.ReadFrom(content) + if err != nil { + return nil, err + } + + var doc spdx.Document2_2 + err = json.Unmarshal(buf.Bytes(), &doc) + if err != nil { + return nil, err + } + + return &doc, nil +} diff --git a/json/writer.go b/json/writer.go new file mode 100644 index 0000000..c598028 --- /dev/null +++ b/json/writer.go @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx_json + +import ( + "encoding/json" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +// Save2_2 takes an SPDX Document (version 2.2) and an io.Writer, and writes the document to the writer in JSON format. +func Save2_2(doc *spdx.Document2_2, w io.Writer) error { + buf, err := json.Marshal(doc) + if err != nil { + return err + } + + _, err = w.Write(buf) + if err != nil { + return err + } + + return nil +} diff --git a/jsonloader/jsonloader.go b/jsonloader/jsonloader.go deleted file mode 100644 index 8e2646c..0000000 --- a/jsonloader/jsonloader.go +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package jsonloader - -import ( - "bytes" - "io" - - parser2v2 "github.com/spdx/tools-golang/jsonloader/parser2v2" - "github.com/spdx/tools-golang/spdx" -) - -// Takes in a file Reader and returns the pertaining spdx document -// or the error if any is encountered while setting the doc. -func Load2_2(content io.Reader) (*spdx.Document2_2, error) { - //convert io.Reader to a slice of bytes and call the parser - buf := new(bytes.Buffer) - buf.ReadFrom(content) - var doc, err = parser2v2.Load2_2(buf.Bytes()) - if err != nil { - return nil, err - } - return doc, nil -} diff --git a/jsonloader/jsonloader_test.go b/jsonloader/jsonloader_test.go deleted file mode 100644 index e90a6a5..0000000 --- a/jsonloader/jsonloader_test.go +++ /dev/null @@ -1,70 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package jsonloader - -import ( - "bytes" - "fmt" - "io" - "os" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestLoad2_2(t *testing.T) { - - file, err := os.Open("./parser2v2/jsonfiles/jsonloadertest.json") - if err != nil { - panic(fmt.Errorf("error opening File: %s", err)) - } - - type args struct { - content io.Reader - } - tests := []struct { - name string - args args - want *spdx.Document2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success test", - args: args{ - content: file, - }, - want: &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - DataLicense: "CC0-1.0", - SPDXVersion: "SPDX-2.2", - SPDXIdentifier: "DOCUMENT", - DocumentName: "SPDX-Tools-v2.0", - ExternalDocumentReferences: make(map[string]spdx.ExternalDocumentRef2_2), - }, - }, - wantErr: false, - }, - { - name: "fail - invalidjson ", - args: args{ - content: bytes.NewReader([]byte(`{"Hello":"HI",}`)), - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := Load2_2(tt.args.content) - if (err != nil) != tt.wantErr { - t.Errorf("Load2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - if !tt.wantErr && !reflect.DeepEqual(got.CreationInfo, tt.want.CreationInfo) { - t.Errorf("Load2_2() = %v, want %v", got.CreationInfo, tt.want.CreationInfo) - } - }) - } -} diff --git a/jsonloader/parser2v2/jsonfiles/jsonloadertest.json b/jsonloader/parser2v2/jsonfiles/jsonloadertest.json deleted file mode 100644 index cf5955a..0000000 --- a/jsonloader/parser2v2/jsonfiles/jsonloadertest.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "SPDXID" : "SPDXRef-DOCUMENT", - "spdxVersion" : "SPDX-2.2", - "name" : "SPDX-Tools-v2.0", - "dataLicense" : "CC0-1.0" -}
\ No newline at end of file diff --git a/jsonloader/parser2v2/jsonfiles/otherlicensestest.json b/jsonloader/parser2v2/jsonfiles/otherlicensestest.json deleted file mode 100644 index 2144860..0000000 --- a/jsonloader/parser2v2/jsonfiles/otherlicensestest.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "hasExtractedLicensingInfos" : [ { - "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - "licenseId" : "LicenseRef-Beerware-4.2" - }, { - "extractedText" : "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId" : "LicenseRef-4" - }, { - "comment" : "This is tye CyperNeko License", - "extractedText" : "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId" : "LicenseRef-3", - "name" : "CyberNeko License", - "seeAlsos" : [ "http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com" ] - }, { - "extractedText" : "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId" : "LicenseRef-2" - }, { - "extractedText" : "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId" : "LicenseRef-1" - } ] - }
\ No newline at end of file diff --git a/jsonloader/parser2v2/jsonfiles/test.json b/jsonloader/parser2v2/jsonfiles/test.json deleted file mode 100644 index bf407b5..0000000 --- a/jsonloader/parser2v2/jsonfiles/test.json +++ /dev/null @@ -1,278 +0,0 @@ -{ - "SPDXID" : "SPDXRef-DOCUMENT", - "spdxVersion" : "SPDX-2.2", - "creationInfo" : { - "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created" : "2010-01-29T18:30:22Z", - "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ], - "licenseListVersion" : "3.8" - }, - "name" : "SPDX-Tools-v2.0", - "dataLicense" : "CC0-1.0", - "comment" : "This document was created using SPDX 2.0 using licenses from the web site.", - "externalDocumentRefs" : [ { - "externalDocumentId" : "DocumentRef-spdx-tool-1.2", - "checksum" : { - "algorithm" : "SHA1", - "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2759" - }, - "spdxDocument" : "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" - } ], - "hasExtractedLicensingInfos" : [ { - "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - "licenseId" : "LicenseRef-Beerware-4.2" - }, { - "extractedText" : "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId" : "LicenseRef-4" - }, { - "comment" : "This is tye CyperNeko License", - "extractedText" : "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId" : "LicenseRef-3", - "name" : "CyberNeko License", - "seeAlsos" : [ "http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com" ] - }, { - "extractedText" : "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId" : "LicenseRef-2" - }, { - "extractedText" : "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId" : "LicenseRef-1" - } ], - "annotations" : [ { - "annotationDate" : "2010-02-10T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Person: Joe Reviewer", - "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" - }, { - "annotationDate" : "2011-03-13T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Person: Suzanne Reviewer", - "comment" : "Another example reviewer." - }, { - "annotationDate" : "2010-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: Jane Doe ()", - "comment" : "Document level annotation" - } ], - "documentNamespace" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "documentDescribes" : [ "SPDXRef-File", "SPDXRef-Package" ], - "packages" : [ { - "SPDXID" : "SPDXRef-Package", - "annotations" : [ { - "annotationDate" : "2011-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: Package Commenter", - "comment" : "Package level annotation" - } ], - "attributionTexts" : [ "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." ], - "checksums" : [ { - "algorithm" : "SHA256", - "checksumValue" : "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" - }, { - "algorithm" : "SHA1", - "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" - }, { - "algorithm" : "MD5", - "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" - } ], - "copyrightText" : "Copyright 2008-2010 John Smith", - "description" : "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - "downloadLocation" : "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "externalRefs" : [ { - "comment" : "This is the external ref for Acme", - "referenceCategory" : "OTHER", - "referenceLocator" : "acmecorp/acmenator/4.1.3-alpha", - "referenceType" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" - }, { - "referenceCategory" : "SECURITY", - "referenceLocator" : "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - "referenceType" : "http://spdx.org/rdf/references/cpe23Type" - } ], - "filesAnalyzed" : true, - "hasFiles" : [ "SPDXRef-JenaLib", "SPDXRef-DoapSource", "SPDXRef-CommonsLangSrc" ], - "homepage" : "http://ftp.gnu.org/gnu/glibc", - "licenseComments" : "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-3)", - "licenseDeclared" : "(LGPL-2.0-only AND LicenseRef-3)", - "licenseInfoFromFiles" : [ "GPL-2.0-only", "LicenseRef-2", "LicenseRef-1" ], - "name" : "glibc", - "originator" : "Organization: ExampleCodeInspect (contact@example.com)", - "packageFileName" : "glibc-2.11.1.tar.gz", - "packageVerificationCode" : { - "packageVerificationCodeExcludedFiles" : [ "excludes: ./package.spdx" ], - "packageVerificationCodeValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" - }, - "sourceInfo" : "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - "summary" : "GNU C library.", - "supplier" : "Person: Jane Doe (jane.doe@example.com)", - "versionInfo" : "2.11.1" - }, { - "SPDXID" : "SPDXRef-fromDoap-1", - "comment" : "This package was converted from a DOAP Project by the same name", - "copyrightText" : "NOASSERTION", - "downloadLocation" : "NOASSERTION", - "filesAnalyzed" : false, - "homepage" : "http://commons.apache.org/proper/commons-lang/", - "licenseConcluded" : "NOASSERTION", - "licenseDeclared" : "NOASSERTION", - "name" : "Apache Commons Lang" - }, { - "SPDXID" : "SPDXRef-fromDoap-0", - "comment" : "This package was converted from a DOAP Project by the same name", - "copyrightText" : "NOASSERTION", - "downloadLocation" : "NOASSERTION", - "filesAnalyzed" : false, - "homepage" : "http://www.openjena.org/", - "licenseConcluded" : "NOASSERTION", - "licenseDeclared" : "NOASSERTION", - "name" : "Jena" - }, { - "SPDXID" : "SPDXRef-Saxon", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" - } ], - "description" : "The Saxon package is a collection of tools for processing XML documents.", - "downloadLocation" : "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - "filesAnalyzed" : false, - "homepage" : "http://saxon.sourceforge.net/", - "licenseComments" : "Other versions available for a commercial license", - "licenseConcluded" : "MPL-1.0", - "licenseDeclared" : "MPL-1.0", - "name" : "Saxon", - "packageFileName" : "saxonB-8.8.zip", - "versionInfo" : "8.8" - } ], - "files" : [ { - "SPDXID" : "SPDXRef-DoapSource", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - } ], - "copyrightText" : "Copyright 2010, 2011 Source Auditor Inc.", - "fileContributors" : [ "Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c" ], - "fileDependencies" : [ "SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc" ], - "fileName" : "./src/org/spdx/parser/DOAPProject.java", - "fileTypes" : [ "SOURCE" ], - "licenseConcluded" : "Apache-2.0", - "licenseInfoInFiles" : [ "Apache-2.0" ] - }, { - "SPDXID" : "SPDXRef-CommonsLangSrc", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" - } ], - "comment" : "This file is used by Jena", - "copyrightText" : "Copyright 2001-2011 The Apache Software Foundation", - "fileContributors" : [ "Apache Software Foundation" ], - "fileName" : "./lib-source/commons-lang3-3.1-sources.jar", - "fileTypes" : [ "ARCHIVE" ], - "licenseConcluded" : "Apache-2.0", - "licenseInfoInFiles" : [ "Apache-2.0" ], - "noticeText" : "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" - }, { - "SPDXID" : "SPDXRef-JenaLib", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" - } ], - "comment" : "This file belongs to Jena", - "copyrightText" : "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - "fileContributors" : [ "Apache Software Foundation", "Hewlett Packard Inc." ], - "fileDependencies" : [ "SPDXRef-CommonsLangSrc" ], - "fileName" : "./lib-source/jena-2.6.3-sources.jar", - "fileTypes" : [ "ARCHIVE" ], - "licenseComments" : "This license is used by Jena", - "licenseConcluded" : "LicenseRef-1", - "licenseInfoInFiles" : [ "LicenseRef-1" ] - }, { - "SPDXID" : "SPDXRef-File", - "annotations" : [ { - "annotationDate" : "2011-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: File Commenter", - "comment" : "File level annotation" - } ], - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" - }, { - "algorithm" : "MD5", - "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" - } ], - "comment" : "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - "copyrightText" : "Copyright 2008-2010 John Smith", - "fileContributors" : [ "The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation" ], - "fileName" : "./package/foo.c", - "fileTypes" : [ "SOURCE" ], - "licenseComments" : "The concluded license was taken from the package level that the file was included in.", - "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-2)", - "licenseInfoInFiles" : [ "GPL-2.0-only", "LicenseRef-2" ], - "noticeText" : "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." - } ], - "snippets" : [ { - "SPDXID" : "SPDXRef-Snippet", - "comment" : "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText" : "Copyright 2008-2010 John Smith", - "licenseComments" : "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - "licenseConcluded" : "GPL-2.0-only", - "licenseInfoInSnippets" : [ "GPL-2.0-only" ], - "name" : "from linux kernel", - "ranges" : [ { - "endPointer" : { - "lineNumber" : 23, - "reference" : "SPDXRef-DoapSource" - }, - "startPointer" : { - "lineNumber" : 5, - "reference" : "SPDXRef-DoapSource" - } - }, { - "endPointer" : { - "offset" : 420, - "reference" : "SPDXRef-DoapSource" - }, - "startPointer" : { - "offset" : 310, - "reference" : "SPDXRef-DoapSource" - } - } ], - "snippetFromFile" : "SPDXRef-DoapSource" - } ], - "relationships" : [ { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", - "relationshipType" : "COPY_OF" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "CONTAINS" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-File", - "relationshipType" : "DESCRIBES" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "DESCRIBES" - }, { - "spdxElementId" : "SPDXRef-Package", - "relatedSpdxElement" : "SPDXRef-Saxon", - "relationshipType" : "DYNAMIC_LINK" - }, { - "spdxElementId" : "SPDXRef-Package", - "relatedSpdxElement" : "SPDXRef-JenaLib", - "relationshipType" : "CONTAINS" - }, { - "spdxElementId" : "SPDXRef-CommonsLangSrc", - "relatedSpdxElement" : "NOASSERTION", - "relationshipType" : "GENERATED_FROM" - }, { - "spdxElementId" : "SPDXRef-JenaLib", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "CONTAINS" - }, { - "spdxElementId" : "SPDXRef-File", - "relatedSpdxElement" : "SPDXRef-fromDoap-0", - "relationshipType" : "GENERATED_FROM" - } ] -} diff --git a/jsonloader/parser2v2/parse_annotations.go b/jsonloader/parser2v2/parse_annotations.go deleted file mode 100644 index f9ceaa3..0000000 --- a/jsonloader/parser2v2/parse_annotations.go +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonAnnotations2_2(key string, value interface{}, doc *spdxDocument2_2, SPDXElementId spdx.DocElementID) error { - //FIXME: SPDXID property not defined in spec but it is needed - if reflect.TypeOf(value).Kind() == reflect.Slice { - annotations := reflect.ValueOf(value) - for i := 0; i < annotations.Len(); i++ { - annotation := annotations.Index(i).Interface().(map[string]interface{}) - ann := spdx.Annotation2_2{AnnotationSPDXIdentifier: SPDXElementId} - // Remove loop all properties are mandatory in annotations - for k, v := range annotation { - switch k { - case "annotationDate": - ann.AnnotationDate = v.(string) - case "annotationType": - ann.AnnotationType = v.(string) - case "comment": - ann.AnnotationComment = v.(string) - case "annotator": - subkey, subvalue, err := extractSubs(v.(string)) - if err != nil { - return err - } - if subkey != "Person" && subkey != "Organization" && subkey != "Tool" { - return fmt.Errorf("unrecognized Annotator type %v", subkey) - } - ann.AnnotatorType = subkey - ann.Annotator = subvalue - - default: - return fmt.Errorf("received unknown tag %v in Annotation section", k) - } - } - doc.Annotations = append(doc.Annotations, &ann) - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_annotations_test.go b/jsonloader/parser2v2/parse_annotations_test.go deleted file mode 100644 index 014c3dd..0000000 --- a/jsonloader/parser2v2/parse_annotations_test.go +++ /dev/null @@ -1,156 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonAnnotations2_2(t *testing.T) { - - data := []byte(`{ - "annotations" : [ { - "annotationDate" : "2010-02-10T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Person: Joe Reviewer", - "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" - }, { - "annotationDate" : "2011-03-13T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Person: Suzanne Reviewer", - "comment" : "Another example reviewer." - }, { - "annotationDate" : "2010-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: Jane Doe ()", - "comment" : "Document level annotation" - } ] - } - `) - data2 := []byte(`{ - "annotations" : [ { - "annotationDate" : "2010-02-10T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Person: Joe Reviewer", - "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - "Hello":"hellp" - }] -} -`) - data3 := []byte(`{ - "annotations" : [ { - "annotationDate" : "2010-02-10T00:00:00Z", - "annotationType" : "REVIEW", - "annotator" : "Fasle: Joe Reviewer", - "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - "Hello":"hellp" - }] -} -`) - - annotationstest1 := []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2011-03-13T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Suzanne Reviewer", - AnnotationComment: "Another example reviewer.", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Jane Doe ()", - AnnotationComment: "Document level annotation", - }, - } - - var specs JSONSpdxDocument - var specs2 JSONSpdxDocument - var specs3 JSONSpdxDocument - - json.Unmarshal(data, &specs) - json.Unmarshal(data2, &specs2) - json.Unmarshal(data3, &specs3) - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - SPDXElementID spdx.DocElementID - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want []*spdx.Annotation2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "annotations", - value: specs["annotations"], - doc: &spdxDocument2_2{}, - SPDXElementID: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - }, - want: annotationstest1, - wantErr: false, - }, - { - name: "failure test - invaid creator type", - spec: specs2, - args: args{ - key: "annotations", - value: specs2["annotations"], - doc: &spdxDocument2_2{}, - SPDXElementID: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - }, - want: nil, - wantErr: true, - }, - { - name: "failure test - invalid tag", - spec: specs3, - args: args{ - key: "annotations", - value: specs3["annotations"], - doc: &spdxDocument2_2{}, - SPDXElementID: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonAnnotations2_2(tt.args.key, tt.args.value, tt.args.doc, tt.args.SPDXElementID); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonAnnotations2_2() error = %v, wantErr %v", err, tt.wantErr) - } - if !tt.wantErr { - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.Annotations[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Annotations[i], tt.want[i]) - } - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_creation_info.go b/jsonloader/parser2v2/parse_creation_info.go deleted file mode 100644 index 9e818e8..0000000 --- a/jsonloader/parser2v2/parse_creation_info.go +++ /dev/null @@ -1,122 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - "strings" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonCreationInfo2_2(key string, value interface{}, doc *spdxDocument2_2) error { - // create an SPDX Creation Info data struct if we don't have one already - - if doc.CreationInfo == nil { - doc.CreationInfo = &spdx.CreationInfo2_2{ - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, - } - } - ci := doc.CreationInfo - switch key { - case "dataLicense": - ci.DataLicense = value.(string) - case "spdxVersion": - ci.SPDXVersion = value.(string) - case "SPDXID": - id, err := extractElementID(value.(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - ci.SPDXIdentifier = id - case "documentNamespace": - ci.DocumentNamespace = value.(string) - case "name": - ci.DocumentName = value.(string) - case "comment": - ci.DocumentComment = value.(string) - case "creationInfo": - creationInfo := value.(map[string]interface{}) - for key, val := range creationInfo { - switch key { - case "comment": - ci.CreatorComment = val.(string) - case "created": - ci.Created = val.(string) - case "licenseListVersion": - ci.LicenseListVersion = val.(string) - case "creators": - err := parseCreators(creationInfo["creators"], ci) - if err != nil { - return fmt.Errorf("%s", err) - } - } - } - case "externalDocumentRefs": - err := parseExternalDocumentRefs(value, ci) - if err != nil { - return fmt.Errorf("%s", err) - } - default: - return fmt.Errorf("unrecognized key %v", key) - - } - - return nil -} - -// ===== Helper functions ===== - -func parseCreators(creators interface{}, ci *spdx.CreationInfo2_2) error { - if reflect.TypeOf(creators).Kind() == reflect.Slice { - s := reflect.ValueOf(creators) - - for i := 0; i < s.Len(); i++ { - subkey, subvalue, err := extractSubs(s.Index(i).Interface().(string)) - if err != nil { - return err - } - switch subkey { - case "Person": - ci.CreatorPersons = append(ci.CreatorPersons, subvalue) - case "Organization": - ci.CreatorOrganizations = append(ci.CreatorOrganizations, subvalue) - case "Tool": - ci.CreatorTools = append(ci.CreatorTools, subvalue) - default: - return fmt.Errorf("unrecognized Creator type %v", subkey) - } - - } - } - return nil -} - -func parseExternalDocumentRefs(references interface{}, ci *spdx.CreationInfo2_2) error { - if reflect.TypeOf(references).Kind() == reflect.Slice { - s := reflect.ValueOf(references) - - for i := 0; i < s.Len(); i++ { - ref := s.Index(i).Interface().(map[string]interface{}) - documentRefID := ref["externalDocumentId"].(string) - if !strings.HasPrefix(documentRefID, "DocumentRef-") { - return fmt.Errorf("expected first element to have DocumentRef- prefix") - } - documentRefID = strings.TrimPrefix(documentRefID, "DocumentRef-") - if documentRefID == "" { - return fmt.Errorf("document identifier has nothing after prefix") - } - checksum := ref["checksum"].(map[string]interface{}) - edr := spdx.ExternalDocumentRef2_2{ - DocumentRefID: documentRefID, - URI: ref["spdxDocument"].(string), - Alg: checksum["algorithm"].(string), - Checksum: checksum["checksumValue"].(string), - } - - ci.ExternalDocumentReferences[documentRefID] = edr - } - } - return nil -} diff --git a/jsonloader/parser2v2/parse_creation_info_test.go b/jsonloader/parser2v2/parse_creation_info_test.go deleted file mode 100644 index 280775a..0000000 --- a/jsonloader/parser2v2/parse_creation_info_test.go +++ /dev/null @@ -1,227 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonCreationInfo2_2(t *testing.T) { - - var specs JSONSpdxDocument - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want *spdx.CreationInfo2_2 - wantErr bool - }{ - // TODO: Add test cases. - // check whether DataLicense is being parsed - { - name: "DataLicense", - spec: specs, - args: args{ - key: "dataLicense", - value: "CC0-1.0", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{DataLicense: "CC0-1.0", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether SPDXID is being parsed - { - name: "SPDXID", - spec: specs, - args: args{ - key: "SPDXID", - value: "SPDXRef-DOCUMENT", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{SPDXIdentifier: "DOCUMENT", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether DocumentName is being parsed - { - name: "DocumentName", - spec: specs, - args: args{ - key: "name", - value: "SPDX-Tools-v2.0", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{DocumentName: "SPDX-Tools-v2.0", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether SPDXVersion is being parsed - { - name: "spdxVersion", - spec: specs, - args: args{ - key: "spdxVersion", - value: "SPDX-2.2", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{SPDXVersion: "SPDX-2.2", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether DocumentComment is being parsed - { - name: "comment", - spec: specs, - args: args{ - key: "comment", - value: "This document was created using SPDX 2.0 using licenses from the web site.", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether DocumentNamespace is being parsed - { - name: "documentNamespace", - spec: specs, - args: args{ - key: "documentNamespace", - value: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: false, - }, - // check whether CreationInfo(Creators , CreatorComment and Licence List Version) is being parsed - { - name: "creationInfo", - spec: specs, - args: args{ - key: "creationInfo", - value: map[string]interface{}{ - "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created": "2010-01-29T18:30:22Z", - "creators": []string{"Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, - "licenseListVersion": "3.8", - }, - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{ - CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe ()"}, - CreatorOrganizations: []string{"ExampleCodeInspect ()"}, - CreatorTools: []string{"LicenseFind-1.0"}, - LicenseListVersion: "3.8", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, - }, - wantErr: false, - }, - // check whether ExternalDocumentReferences is being parsed - { - name: "externalDocumentRefs", - spec: specs, - args: args{ - key: "externalDocumentRefs", - value: []map[string]interface{}{ - { - "externalDocumentId": "DocumentRef-spdx-tool-1.2", - "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - "checksum": map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{ - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-tool-1.2": { - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - wantErr: false, - }, - { - name: "failure : Invalid tag ", - spec: specs, - args: args{ - key: "invalid", - value: "This document was created using SPDX 2.0 using licenses from the web site.", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: true, - }, - { - name: "failure : DocRef missing in ExternalRefs", - spec: specs, - args: args{ - key: "externalDocumentRefs", - value: []map[string]interface{}{ - { - "externalDocumentId": "spdx-tool-1.2", - "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - "checksum": map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - doc: &spdxDocument2_2{}, - }, - want: nil, - wantErr: true, - }, - { - name: "failure : invalid SPDXID", - spec: specs, - args: args{ - key: "SPDXID", - value: "DOCUMENT", - doc: &spdxDocument2_2{}, - }, - want: &spdx.CreationInfo2_2{ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, - wantErr: true, - }, - { - name: "failure - invalid creator type", - spec: specs, - args: args{ - key: "creationInfo", - value: map[string]interface{}{ - "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created": "2010-01-29T18:30:22Z", - "creators": []string{"Invalid: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, - "licenseListVersion": "3.8", - }, - doc: &spdxDocument2_2{}, - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.doc = &spdxDocument2_2{} - if err := tt.spec.parseJsonCreationInfo2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonCreationInfo2_2() error = %v, wantErr %v", err, tt.wantErr) - } - if !tt.wantErr && !reflect.DeepEqual(tt.args.doc.CreationInfo, tt.want) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.CreationInfo, tt.want) - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_files.go b/jsonloader/parser2v2/parse_files.go deleted file mode 100644 index 090c5e7..0000000 --- a/jsonloader/parser2v2/parse_files.go +++ /dev/null @@ -1,122 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -//TODO: check whether file can contain annotations or not -func (spec JSONSpdxDocument) parseJsonFiles2_2(key string, value interface{}, doc *spdxDocument2_2) error { - - if doc.UnpackagedFiles == nil { - doc.UnpackagedFiles = map[spdx.ElementID]*spdx.File2_2{} - } - - if reflect.TypeOf(value).Kind() == reflect.Slice { - files := reflect.ValueOf(value) - for i := 0; i < files.Len(); i++ { - filemap := files.Index(i).Interface().(map[string]interface{}) - // create a new package - file := &spdx.File2_2{} - //extract the SPDXID of the package - eID, err := extractElementID(filemap["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - file.FileSPDXIdentifier = eID - //range over all other properties now - for k, v := range filemap { - switch k { - case "SPDXID": - //redundant case - case "fileName": - file.FileName = v.(string) - case "fileTypes": - if reflect.TypeOf(v).Kind() == reflect.Slice { - texts := reflect.ValueOf(v) - for i := 0; i < texts.Len(); i++ { - file.FileType = append(file.FileType, texts.Index(i).Interface().(string)) - } - } - case "checksums": - //general function to parse checksums in utils - if reflect.TypeOf(v).Kind() == reflect.Slice { - checksums := reflect.ValueOf(v) - if file.FileChecksums == nil { - file.FileChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum) - } - for i := 0; i < checksums.Len(); i++ { - checksum := checksums.Index(i).Interface().(map[string]interface{}) - switch checksum["algorithm"].(string) { - case spdx.SHA1, spdx.SHA256, spdx.MD5: - algorithm := spdx.ChecksumAlgorithm(checksum["algorithm"].(string)) - file.FileChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksum["checksumValue"].(string)} - default: - return fmt.Errorf("got unknown checksum type %s", checksum["algorithm"]) - } - } - } - case "annotations": - id, err := extractDocElementID(filemap["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - err = spec.parseJsonAnnotations2_2(k, v, doc, id) - if err != nil { - return err - } - case "copyrightText": - file.FileCopyrightText = v.(string) - case "noticeText": - file.FileNotice = v.(string) - case "licenseComments": - file.LicenseComments = v.(string) - case "licenseConcluded": - file.LicenseConcluded = v.(string) - case "licenseInfoInFiles": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - file.LicenseInfoInFile = append(file.LicenseInfoInFile, info.Index(i).Interface().(string)) - } - } - case "fileContributors": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - file.FileContributor = append(file.FileContributor, info.Index(i).Interface().(string)) - } - } - case "fileDependencies": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - file.FileDependencies = append(file.FileDependencies, info.Index(i).Interface().(string)) - } - } - case "attributionTexts": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - file.FileAttributionTexts = append(file.FileAttributionTexts, info.Index(i).Interface().(string)) - } - } - case "comment": - file.FileComment = v.(string) - - default: - return fmt.Errorf("received unknown tag %v in files section", k) - } - } - doc.UnpackagedFiles[eID] = file - } - - } - return nil -} - -//relationship comment property diff --git a/jsonloader/parser2v2/parse_files_test.go b/jsonloader/parser2v2/parse_files_test.go deleted file mode 100644 index 4d54fad..0000000 --- a/jsonloader/parser2v2/parse_files_test.go +++ /dev/null @@ -1,210 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -//TODO: tests for annotations parsed from files - -func TestJSONSpdxDocument_parseJsonFiles2_2(t *testing.T) { - - data := []byte(`{ - "files" : [ { - "SPDXID" : "SPDXRef-DoapSource", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - } ], - "copyrightText" : "Copyright 2010, 2011 Source Auditor Inc.", - "fileContributors" : [ "Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c" ], - "fileDependencies" : [ "SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc" ], - "fileName" : "./src/org/spdx/parser/DOAPProject.java", - "fileTypes" : [ "SOURCE" ], - "licenseConcluded" : "Apache-2.0", - "attributionTexts":["text1"], - "licenseInfoInFiles" : [ "Apache-2.0" ] - }, { - "SPDXID" : "SPDXRef-CommonsLangSrc", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" - } ], - "comment" : "This file is used by Jena", - "copyrightText" : "Copyright 2001-2011 The Apache Software Foundation", - "fileContributors" : [ "Apache Software Foundation" ], - "fileName" : "./lib-source/commons-lang3-3.1-sources.jar", - "fileTypes" : [ "ARCHIVE" ], - "licenseConcluded" : "Apache-2.0", - "licenseInfoInFiles" : [ "Apache-2.0" ], - "noticeText" : "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" - }, { - "SPDXID" : "SPDXRef-JenaLib", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" - } ], - "comment" : "This file belongs to Jena", - "copyrightText" : "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - "fileContributors" : [ "Apache Software Foundation", "Hewlett Packard Inc." ], - "fileDependencies" : [ "SPDXRef-CommonsLangSrc" ], - "fileName" : "./lib-source/jena-2.6.3-sources.jar", - "fileTypes" : [ "ARCHIVE" ], - "licenseComments" : "This license is used by Jena", - "licenseConcluded" : "LicenseRef-1", - "licenseInfoInFiles" : [ "LicenseRef-1" ] - }, { - "SPDXID" : "SPDXRef-File", - "annotations" : [ { - "annotationDate" : "2011-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: File Commenter", - "comment" : "File level annotation" - } ], - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" - }, { - "algorithm" : "MD5", - "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" - } ], - "comment" : "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - "copyrightText" : "Copyright 2008-2010 John Smith", - "fileContributors" : [ "The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation" ], - "fileName" : "./package/foo.c", - "fileTypes" : [ "SOURCE" ], - "licenseComments" : "The concluded license was taken from the package level that the file was included in.", - "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-2)", - "licenseInfoInFiles" : [ "GPL-2.0-only", "LicenseRef-2" ], - "noticeText" : "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." - } ] - } - `) - - var specs JSONSpdxDocument - json.Unmarshal(data, &specs) - - filestest1 := map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - FileAttributionTexts: []string{"text1"}, - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - "CommonsLangSrc": { - FileSPDXIdentifier: "CommonsLangSrc", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file is used by Jena", - FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", - FileContributor: []string{"Apache Software Foundation"}, - FileName: "./lib-source/commons-lang3-3.1-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", - }, - "JenaLib": { - FileSPDXIdentifier: "JenaLib", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file belongs to Jena", - FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - FileContributor: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, - FileDependencies: []string{"SPDXRef-CommonsLangSrc"}, - FileName: "./lib-source/jena-2.6.3-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseComments: "This license is used by Jena", - LicenseConcluded: "LicenseRef-1", - LicenseInfoInFile: []string{"LicenseRef-1"}, - }, - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", - }, - } - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want map[spdx.ElementID]*spdx.File2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "files", - value: specs["files"], - doc: &spdxDocument2_2{}, - }, - want: filestest1, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonFiles2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonFiles2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - if !tt.wantErr { - for k, v := range tt.want { - if !reflect.DeepEqual(tt.args.doc.UnpackagedFiles[k], v) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.UnpackagedFiles[k], v) - } - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_other_license.go b/jsonloader/parser2v2/parse_other_license.go deleted file mode 100644 index 997ad02..0000000 --- a/jsonloader/parser2v2/parse_other_license.go +++ /dev/null @@ -1,45 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonOtherLicenses2_2(key string, value interface{}, doc *spdxDocument2_2) error { - if reflect.TypeOf(value).Kind() == reflect.Slice { - otherlicenses := reflect.ValueOf(value) - for i := 0; i < otherlicenses.Len(); i++ { - licensemap := otherlicenses.Index(i).Interface().(map[string]interface{}) - license := spdx.OtherLicense2_2{} - // Remove loop all properties are mandatory in annotations - for k, v := range licensemap { - switch k { - case "licenseId": - license.LicenseIdentifier = v.(string) - case "extractedText": - license.ExtractedText = v.(string) - case "name": - license.LicenseName = v.(string) - case "comment": - license.LicenseComment = v.(string) - case "seeAlsos": - if reflect.TypeOf(v).Kind() == reflect.Slice { - texts := reflect.ValueOf(v) - for i := 0; i < texts.Len(); i++ { - license.LicenseCrossReferences = append(license.LicenseCrossReferences, texts.Index(i).Interface().(string)) - } - } - default: - return fmt.Errorf("received unknown tag %v in Licenses section", k) - } - } - doc.OtherLicenses = append(doc.OtherLicenses, &license) - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_other_license_test.go b/jsonloader/parser2v2/parse_other_license_test.go deleted file mode 100644 index 41d8ede..0000000 --- a/jsonloader/parser2v2/parse_other_license_test.go +++ /dev/null @@ -1,113 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "io/ioutil" - "log" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonOtherLicenses2_2(t *testing.T) { - - jsonData, err := ioutil.ReadFile("jsonfiles/otherlicensestest.json") // b has type []byte - if err != nil { - log.Fatal(err) - } - - otherLicensestest1 := []*spdx.OtherLicense2_2{ - { - ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - LicenseIdentifier: "LicenseRef-Beerware-4.2", - }, - { - ExtractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - LicenseIdentifier: "LicenseRef-4", - }, - { - LicenseComment: "This is tye CyperNeko License", - ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-3", - LicenseName: "CyberNeko License", - LicenseCrossReferences: []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - { - ExtractedText: "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-2", - }, - { - ExtractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - LicenseIdentifier: "LicenseRef-1", - }, - } - - otherLicensestest2 := []byte(`{ - "hasExtractedLicensingInfos":[{ - "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - "licensd" : "LicenseRef-Beerware-4.2" - }] - } - `) - - var specs JSONSpdxDocument - json.Unmarshal(jsonData, &specs) - - var specs2 JSONSpdxDocument - json.Unmarshal(otherLicensestest2, &specs2) - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - wantErr bool - want []*spdx.OtherLicense2_2 - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "hasExtractedLicensingInfos", - value: specs["hasExtractedLicensingInfos"], - doc: &spdxDocument2_2{}, - }, - want: otherLicensestest1, - wantErr: false, - }, - { - name: "failure test --> unknown tag", - spec: specs2, - args: args{ - key: "hasExtractedLicensingInfos", - value: specs2["hasExtractedLicensingInfos"], - doc: &spdxDocument2_2{}, - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonOtherLicenses2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonOtherLicenses2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - if !tt.wantErr { - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.OtherLicenses[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.OtherLicenses[i], tt.want[i]) - } - } - } - }) - } -} diff --git a/jsonloader/parser2v2/parse_package.go b/jsonloader/parser2v2/parse_package.go deleted file mode 100644 index f698da5..0000000 --- a/jsonloader/parser2v2/parse_package.go +++ /dev/null @@ -1,211 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - "strings" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonPackages2_2(key string, value interface{}, doc *spdxDocument2_2) error { - - if doc.Packages == nil { - doc.Packages = map[spdx.ElementID]*spdx.Package2_2{} - } - - if reflect.TypeOf(value).Kind() == reflect.Slice { - packages := reflect.ValueOf(value) - for i := 0; i < packages.Len(); i++ { - pack := packages.Index(i).Interface().(map[string]interface{}) - // create a new package - pkg := &spdx.Package2_2{ - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: false, - } - //extract the SPDXID of the package - eID, err := extractElementID(pack["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - pkg.PackageSPDXIdentifier = eID - //range over all other properties now - for k, v := range pack { - switch k { - case "SPDXID": - //redundant case - case "name": - pkg.PackageName = v.(string) - case "annotations": - packageId, err := extractDocElementID(pack["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - //generalize function to parse annotations - err = spec.parseJsonAnnotations2_2("annotations", v, doc, packageId) - if err != nil { - return err - } - case "attributionTexts": - if reflect.TypeOf(v).Kind() == reflect.Slice { - texts := reflect.ValueOf(v) - for i := 0; i < texts.Len(); i++ { - pkg.PackageAttributionTexts = append(pkg.PackageAttributionTexts, texts.Index(i).Interface().(string)) - } - } - case "checksums": - //general function to parse checksums in utils - if reflect.TypeOf(v).Kind() == reflect.Slice { - checksums := reflect.ValueOf(v) - if pkg.PackageChecksums == nil { - pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum) - } - for i := 0; i < checksums.Len(); i++ { - checksum := checksums.Index(i).Interface().(map[string]interface{}) - switch checksum["algorithm"].(string) { - case spdx.SHA1, spdx.SHA256, spdx.MD5: - algorithm := spdx.ChecksumAlgorithm(checksum["algorithm"].(string)) - pkg.PackageChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksum["checksumValue"].(string)} - default: - return fmt.Errorf("got unknown checksum type %s", checksum["algorithm"]) - } - } - } - case "copyrightText": - pkg.PackageCopyrightText = v.(string) - case "description": - pkg.PackageDescription = v.(string) - case "downloadLocation": - pkg.PackageDownloadLocation = v.(string) - case "externalRefs": - //make a function to parse these - if reflect.TypeOf(v).Kind() == reflect.Slice { - extrefs := reflect.ValueOf(v) - for i := 0; i < extrefs.Len(); i++ { - ref := extrefs.Index(i).Interface().(map[string]interface{}) - newref := &spdx.PackageExternalReference2_2{} - //TODO: if either of these 3 missing then error - newref.RefType = ref["referenceType"].(string) - newref.Locator = ref["referenceLocator"].(string) - newref.Category = ref["referenceCategory"].(string) - if ref["comment"] != nil { - newref.ExternalRefComment = ref["comment"].(string) - } - pkg.PackageExternalReferences = append(pkg.PackageExternalReferences, newref) - } - } - case "filesAnalyzed": - pkg.IsFilesAnalyzedTagPresent = true - if !v.(bool) { - pkg.FilesAnalyzed = false - } else { - pkg.FilesAnalyzed = true - } - case "homepage": - pkg.PackageHomePage = v.(string) - case "licenseComments": - pkg.PackageLicenseComments = v.(string) - case "licenseConcluded": - pkg.PackageLicenseConcluded = v.(string) - case "licenseDeclared": - pkg.PackageLicenseDeclared = v.(string) - case "licenseInfoFromFiles": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - pkg.PackageLicenseInfoFromFiles = append(pkg.PackageLicenseInfoFromFiles, info.Index(i).Interface().(string)) - } - } - case "originator": - if v.(string) == "NOASSERTION" { - pkg.PackageOriginatorNOASSERTION = true - break - } - subkey, subvalue, err := extractSubs(v.(string)) - if err != nil { - return err - } - switch subkey { - case "Person": - pkg.PackageOriginatorPerson = subvalue - case "Organization": - pkg.PackageOriginatorOrganization = subvalue - default: - return fmt.Errorf("unrecognized PackageOriginator type %v", subkey) - } - case "packageFileName": - pkg.PackageFileName = v.(string) - case "packageVerificationCode": - code := v.(map[string]interface{}) - for codekey, codeval := range code { - switch codekey { - case "packageVerificationCodeExcludedFiles": - if reflect.TypeOf(codeval).Kind() == reflect.Slice { - efiles := reflect.ValueOf(codeval) - filename := efiles.Index(0).Interface().(string) - if strings.HasPrefix(filename, "excludes:") { - _, filename, err = extractSubs(efiles.Index(0).Interface().(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - } - pkg.PackageVerificationCodeExcludedFile = strings.Trim(filename, " ") - } - case "packageVerificationCodeValue": - pkg.PackageVerificationCode = code["packageVerificationCodeValue"].(string) - } - } - case "sourceInfo": - pkg.PackageSourceInfo = v.(string) - case "summary": - pkg.PackageSummary = v.(string) - case "supplier": - if v.(string) == "NOASSERTION" { - pkg.PackageSupplierNOASSERTION = true - break - } - subkey, subvalue, err := extractSubs(v.(string)) - if err != nil { - return err - } - switch subkey { - case "Person": - pkg.PackageSupplierPerson = subvalue - case "Organization": - pkg.PackageSupplierOrganization = subvalue - default: - return fmt.Errorf("unrecognized PackageSupplier type %v", subkey) - } - - case "versionInfo": - pkg.PackageVersion = v.(string) - case "comment": - pkg.PackageComment = v.(string) - case "hasFiles": - if pkg.Files == nil { - pkg.Files = make(map[spdx.ElementID]*spdx.File2_2) - } - if reflect.TypeOf(v).Kind() == reflect.Slice { - SpdxIds := reflect.ValueOf(v) - for i := 0; i < SpdxIds.Len(); i++ { - fileId, err := extractElementID(SpdxIds.Index(i).Interface().(string)) - if err != nil { - return err - } - pkg.Files[fileId] = doc.UnpackagedFiles[fileId] - delete(doc.UnpackagedFiles, fileId) - } - } - - default: - return fmt.Errorf("received unknown tag %v in Annotation section", k) - } - } - doc.Packages[eID] = pkg - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_package_test.go b/jsonloader/parser2v2/parse_package_test.go deleted file mode 100644 index 9217836..0000000 --- a/jsonloader/parser2v2/parse_package_test.go +++ /dev/null @@ -1,376 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonPackages2_2(t *testing.T) { - - data := []byte(`{ - "packages" : [ { - "SPDXID" : "SPDXRef-Package", - "annotations" : [ { - "annotationDate" : "2011-01-29T18:30:22Z", - "annotationType" : "OTHER", - "annotator" : "Person: Package Commenter", - "comment" : "Package level annotation" - } ], - "attributionTexts" : [ "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." ], - "checksums" : [ { - "algorithm" : "SHA256", - "checksumValue" : "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" - }, { - "algorithm" : "SHA1", - "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" - }, { - "algorithm" : "MD5", - "checksumValue" : "624c1abb3664f4b35547e7c73864ad24" - } ], - "copyrightText" : "Copyright 2008-2010 John Smith", - "description" : "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - "downloadLocation" : "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "externalRefs" : [ { - "comment" : "This is the external ref for Acme", - "referenceCategory" : "OTHER", - "referenceLocator" : "acmecorp/acmenator/4.1.3-alpha", - "referenceType" : "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" - }, { - "referenceCategory" : "SECURITY", - "referenceLocator" : "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - "referenceType" : "http://spdx.org/rdf/references/cpe23Type" - } ], - "filesAnalyzed" : true, - "hasFiles" : [ "SPDXRef-JenaLib", "SPDXRef-DoapSource", "SPDXRef-CommonsLangSrc" ], - "homepage" : "http://ftp.gnu.org/gnu/glibc", - "licenseComments" : "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - "licenseConcluded" : "(LGPL-2.0-only OR LicenseRef-3)", - "licenseDeclared" : "(LGPL-2.0-only AND LicenseRef-3)", - "licenseInfoFromFiles" : [ "GPL-2.0-only", "LicenseRef-2", "LicenseRef-1" ], - "name" : "glibc", - "originator" : "Organization: ExampleCodeInspect (contact@example.com)", - "packageFileName" : "glibc-2.11.1.tar.gz", - "packageVerificationCode" : { - "packageVerificationCodeExcludedFiles" : [ "excludes: ./package.spdx" ], - "packageVerificationCodeValue" : "d6a770ba38583ed4bb4525bd96e50461655d2758" - }, - "sourceInfo" : "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - "summary" : "GNU C library.", - "supplier" : "Person: Jane Doe (jane.doe@example.com)", - "versionInfo" : "2.11.1" - }, { - "SPDXID" : "SPDXRef-fromDoap-1", - "comment" : "This package was converted from a DOAP Project by the same name", - "copyrightText" : "NOASSERTION", - "downloadLocation" : "NOASSERTION", - "filesAnalyzed" : false, - "homepage" : "http://commons.apache.org/proper/commons-lang/", - "licenseConcluded" : "NOASSERTION", - "licenseDeclared" : "NOASSERTION", - "name" : "Apache Commons Lang" - }, { - "SPDXID" : "SPDXRef-fromDoap-0", - "comment" : "This package was converted from a DOAP Project by the same name", - "copyrightText" : "NOASSERTION", - "downloadLocation" : "NOASSERTION", - "filesAnalyzed" : false, - "homepage" : "http://www.openjena.org/", - "licenseConcluded" : "NOASSERTION", - "licenseDeclared" : "NOASSERTION", - "name" : "Jena" - }, { - "SPDXID" : "SPDXRef-Saxon", - "checksums" : [ { - "algorithm" : "SHA1", - "checksumValue" : "85ed0817af83a24ad8da68c2b5094de69833983c" - } ], - "description" : "The Saxon package is a collection of tools for processing XML documents.", - "downloadLocation" : "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - "filesAnalyzed" : false, - "homepage" : "http://saxon.sourceforge.net/", - "licenseComments" : "Other versions available for a commercial license", - "licenseConcluded" : "MPL-1.0", - "licenseDeclared" : "MPL-1.0", - "name" : "Saxon", - "packageFileName" : "saxonB-8.8.zip", - "versionInfo" : "8.8" - } ] - } - `) - - document := spdxDocument2_2{ - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - "CommonsLangSrc": { - FileSPDXIdentifier: "CommonsLangSrc", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file is used by Jena", - FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", - FileContributor: []string{"Apache Software Foundation"}, - FileName: "./lib-source/commons-lang3-3.1-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", - }, - "JenaLib": { - FileSPDXIdentifier: "JenaLib", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file belongs to Jena", - FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - FileContributor: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, - FileDependencies: []string{"SPDXRef-CommonsLangSrc"}, - FileName: "./lib-source/jena-2.6.3-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseComments: "This license is used by Jena", - LicenseConcluded: "LicenseRef-1", - LicenseInfoInFile: []string{"LicenseRef-1"}, - }, - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", - }, - }, - } - - packagetest1 := map[spdx.ElementID]*spdx.Package2_2{ - "Package": { - PackageSPDXIdentifier: "Package", - PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA256": { - Algorithm: "SHA256", - Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - }, - "SHA1": { - Algorithm: "SHA1", - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - PackageCopyrightText: "Copyright 2008-2010 John Smith", - PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - PackageExternalReferences: []*spdx.PackageExternalReference2_2{ - { - RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - ExternalRefComment: "This is the external ref for Acme", - Category: "OTHER", - Locator: "acmecorp/acmenator/4.1.3-alpha", - }, - { - RefType: "http://spdx.org/rdf/references/cpe23Type", - Category: "SECURITY", - Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - }, - }, - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - "CommonsLangSrc": { - FileSPDXIdentifier: "CommonsLangSrc", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file is used by Jena", - FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", - FileContributor: []string{"Apache Software Foundation"}, - FileName: "./lib-source/commons-lang3-3.1-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", - }, - "JenaLib": { - FileSPDXIdentifier: "JenaLib", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file belongs to Jena", - FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - FileContributor: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, - FileDependencies: []string{"SPDXRef-CommonsLangSrc"}, - FileName: "./lib-source/jena-2.6.3-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseComments: "This license is used by Jena", - LicenseConcluded: "LicenseRef-1", - LicenseInfoInFile: []string{"LicenseRef-1"}, - }, - }, - PackageHomePage: "http://ftp.gnu.org/gnu/glibc", - PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", - PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", - PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - PackageName: "glibc", - PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", - PackageFileName: "glibc-2.11.1.tar.gz", - PackageVerificationCodeExcludedFile: "./package.spdx", - PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", - PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - PackageSummary: "GNU C library.", - PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", - PackageVersion: "2.11.1", - }, - "fromDoap-1": { - PackageSPDXIdentifier: "fromDoap-1", - PackageComment: "This package was converted from a DOAP Project by the same name", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://commons.apache.org/proper/commons-lang/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Apache Commons Lang", - }, - "fromDoap-0": { - PackageSPDXIdentifier: "fromDoap-0", - PackageComment: "This package was converted from a DOAP Project by the same name", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://www.openjena.org/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Jena", - }, - - "Saxon": { - PackageSPDXIdentifier: "Saxon", - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - }, - PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", - PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://saxon.sourceforge.net/", - PackageLicenseComments: "Other versions available for a commercial license", - PackageLicenseConcluded: "MPL-1.0", - PackageLicenseDeclared: "MPL-1.0", - PackageName: "Saxon", - PackageFileName: "saxonB-8.8.zip", - PackageVersion: "8.8", - }, - } - var specs JSONSpdxDocument - json.Unmarshal(data, &specs) - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want map[spdx.ElementID]*spdx.Package2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "packages", - value: specs["packages"], - doc: &document, - }, - want: packagetest1, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonPackages2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonPackages2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - for k, v := range tt.want { - if !reflect.DeepEqual(tt.args.doc.Packages[k], v) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Packages[k], v) - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_relationship.go b/jsonloader/parser2v2/parse_relationship.go deleted file mode 100644 index b6d2bfa..0000000 --- a/jsonloader/parser2v2/parse_relationship.go +++ /dev/null @@ -1,51 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonRelationships2_2(key string, value interface{}, doc *spdxDocument2_2) error { - - //FIXME : NOASSERTION and NONE in relationship B value not compatible - if reflect.TypeOf(value).Kind() == reflect.Slice { - relationships := reflect.ValueOf(value) - for i := 0; i < relationships.Len(); i++ { - relationship := relationships.Index(i).Interface().(map[string]interface{}) - rel := spdx.Relationship2_2{} - // Parse ref A of the relationship - aid, err := extractDocElementID(relationship["spdxElementId"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - rel.RefA = aid - - // Parse the refB of the relationship - // NONE and NOASSERTION are permitted on right side - permittedSpecial := []string{"NONE", "NOASSERTION"} - bid, err := extractDocElementSpecial(relationship["relatedSpdxElement"].(string), permittedSpecial) - if err != nil { - return fmt.Errorf("%s", err) - } - rel.RefB = bid - // Parse relationship type - if relationship["relationshipType"] == nil { - return fmt.Errorf("%s , %d", "RelationshipType propty missing in relationship number", i) - } - rel.Relationship = relationship["relationshipType"].(string) - - // Parse the relationship comment - if relationship["comment"] != nil { - rel.RelationshipComment = relationship["comment"].(string) - } - - doc.Relationships = append(doc.Relationships, &rel) - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_relationship_test.go b/jsonloader/parser2v2/parse_relationship_test.go deleted file mode 100644 index 5350a9c..0000000 --- a/jsonloader/parser2v2/parse_relationship_test.go +++ /dev/null @@ -1,145 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonRelationships2_2(t *testing.T) { - data := []byte(`{ - "relationships" : [ { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", - "relationshipType" : "COPY_OF" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "CONTAINS" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-File", - "relationshipType" : "DESCRIBES" - }, { - "spdxElementId" : "SPDXRef-DOCUMENT", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "DESCRIBES" - }, { - "spdxElementId" : "SPDXRef-Package", - "relatedSpdxElement" : "SPDXRef-Saxon", - "relationshipType" : "DYNAMIC_LINK" - }, { - "spdxElementId" : "SPDXRef-Package", - "relatedSpdxElement" : "SPDXRef-JenaLib", - "relationshipType" : "CONTAINS" - },{ - "spdxElementId" : "SPDXRef-CommonsLangSrc", - "relatedSpdxElement" : "NOASSERTION", - "relationshipType" : "GENERATED_FROM" - } , { - "spdxElementId" : "SPDXRef-JenaLib", - "relatedSpdxElement" : "SPDXRef-Package", - "relationshipType" : "CONTAINS" - }, { - "spdxElementId" : "SPDXRef-File", - "relatedSpdxElement" : "SPDXRef-fromDoap-0", - "relationshipType" : "GENERATED_FROM" - } ] - } - `) - - Relationship := []*spdx.Relationship2_2{ - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, - Relationship: "COPY_OF", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "DESCRIBES", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Saxon"}, - Relationship: "DYNAMIC_LINK", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "CommonsLangSrc"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "", SpecialID: "NOASSERTION"}, - Relationship: "GENERATED_FROM", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "fromDoap-0"}, - Relationship: "GENERATED_FROM", - }, - } - - var specs JSONSpdxDocument - json.Unmarshal(data, &specs) - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want []*spdx.Relationship2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "relationships", - value: specs["relationships"], - doc: &spdxDocument2_2{}, - }, - want: Relationship, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonRelationships2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonRelationships2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.Relationships[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Relationships[i], tt.want[i]) - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_reviews.go b/jsonloader/parser2v2/parse_reviews.go deleted file mode 100644 index 279e0b2..0000000 --- a/jsonloader/parser2v2/parse_reviews.go +++ /dev/null @@ -1,45 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonReviews2_2(key string, value interface{}, doc *spdxDocument2_2) error { - //FIXME: Reviewer type property of review not specified in the spec - if reflect.TypeOf(value).Kind() == reflect.Slice { - reviews := reflect.ValueOf(value) - for i := 0; i < reviews.Len(); i++ { - reviewmap := reviews.Index(i).Interface().(map[string]interface{}) - review := spdx.Review2_2{} - // Remove loop all properties are mandatory in annotations - for k, v := range reviewmap { - switch k { - case "reviewer": - subkey, subvalue, err := extractSubs(v.(string)) - if err != nil { - return err - } - if subkey != "Person" && subkey != "Organization" && subkey != "Tool" { - return fmt.Errorf("unrecognized Reviewer type %v", subkey) - } - review.ReviewerType = subkey - review.Reviewer = subvalue - case "comment": - review.ReviewComment = v.(string) - case "reviewDate": - review.ReviewDate = v.(string) - default: - return fmt.Errorf("received unknown tag %v in Review Section section", k) - } - } - doc.Reviews = append(doc.Reviews, &review) - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_reviews_test.go b/jsonloader/parser2v2/parse_reviews_test.go deleted file mode 100644 index d6fa6d0..0000000 --- a/jsonloader/parser2v2/parse_reviews_test.go +++ /dev/null @@ -1,86 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonReviews2_2(t *testing.T) { - - data := []byte(`{ - "revieweds" : [ { - "reviewDate" : "2010-02-10T00:00:00Z", - "reviewer" : "Person: Joe Reviewer", - "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" - }, { - "reviewDate" : "2011-03-13T00:00:00Z", - "reviewer" : "Person: Suzanne Reviewer", - "comment" : "Another example reviewer." - }] - } - `) - - reviewstest1 := []*spdx.Review2_2{ - { - ReviewDate: "2010-02-10T00:00:00Z", - ReviewerType: "Person", - Reviewer: "Joe Reviewer", - ReviewComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - { - ReviewDate: "2011-03-13T00:00:00Z", - ReviewerType: "Person", - Reviewer: "Suzanne Reviewer", - ReviewComment: "Another example reviewer.", - }, - } - - var specs JSONSpdxDocument - json.Unmarshal(data, &specs) - - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - SPDXElementID spdx.DocElementID - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want []*spdx.Review2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "revieweds", - value: specs["revieweds"], - doc: &spdxDocument2_2{}, - }, - want: reviewstest1, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonReviews2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonAnnotations2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.Reviews[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Reviews[i], tt.want[i]) - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parse_snippets.go b/jsonloader/parser2v2/parse_snippets.go deleted file mode 100644 index a49191d..0000000 --- a/jsonloader/parser2v2/parse_snippets.go +++ /dev/null @@ -1,89 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "reflect" - - "github.com/spdx/tools-golang/spdx" -) - -func (spec JSONSpdxDocument) parseJsonSnippets2_2(key string, value interface{}, doc *spdxDocument2_2) error { - - if reflect.TypeOf(value).Kind() == reflect.Slice { - snippets := reflect.ValueOf(value) - for i := 0; i < snippets.Len(); i++ { - snippetmap := snippets.Index(i).Interface().(map[string]interface{}) - // create a new package - snippet := &spdx.Snippet2_2{} - //extract the SPDXID of the package - eID, err := extractElementID(snippetmap["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - snippet.SnippetSPDXIdentifier = eID - //range over all other properties now - for k, v := range snippetmap { - switch k { - case "SPDXID", "snippetFromFile": - //redundant case - case "name": - snippet.SnippetName = v.(string) - case "copyrightText": - snippet.SnippetCopyrightText = v.(string) - case "licenseComments": - snippet.SnippetLicenseComments = v.(string) - case "licenseConcluded": - snippet.SnippetLicenseConcluded = v.(string) - case "licenseInfoInSnippets": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - snippet.LicenseInfoInSnippet = append(snippet.LicenseInfoInSnippet, info.Index(i).Interface().(string)) - } - } - case "attributionTexts": - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - snippet.SnippetAttributionTexts = append(snippet.SnippetAttributionTexts, info.Index(i).Interface().(string)) - } - } - case "comment": - snippet.SnippetComment = v.(string) - case "ranges": - //TODO: optimise this logic - if reflect.TypeOf(v).Kind() == reflect.Slice { - info := reflect.ValueOf(v) - for i := 0; i < info.Len(); i++ { - ranges := info.Index(i).Interface().(map[string]interface{}) - rangeStart := ranges["startPointer"].(map[string]interface{}) - rangeEnd := ranges["endPointer"].(map[string]interface{}) - if rangeStart["lineNumber"] != nil && rangeEnd["lineNumber"] != nil { - snippet.SnippetLineRangeStart = int(rangeStart["lineNumber"].(float64)) - snippet.SnippetLineRangeEnd = int(rangeEnd["lineNumber"].(float64)) - } else { - snippet.SnippetByteRangeStart = int(rangeStart["offset"].(float64)) - snippet.SnippetByteRangeEnd = int(rangeEnd["offset"].(float64)) - } - } - } - default: - return fmt.Errorf("received unknown tag %v in snippet section", k) - } - } - fileID, err2 := extractDocElementID(snippetmap["snippetFromFile"].(string)) - if err2 != nil { - return fmt.Errorf("%s", err2) - } - snippet.SnippetFromFileSPDXIdentifier = fileID - if doc.UnpackagedFiles[fileID.ElementRefID].Snippets == nil { - doc.UnpackagedFiles[fileID.ElementRefID].Snippets = make(map[spdx.ElementID]*spdx.Snippet2_2) - } - doc.UnpackagedFiles[fileID.ElementRefID].Snippets[eID] = snippet - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parse_snippets_test.go b/jsonloader/parser2v2/parse_snippets_test.go deleted file mode 100644 index b25bee5..0000000 --- a/jsonloader/parser2v2/parse_snippets_test.go +++ /dev/null @@ -1,123 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "log" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestJSONSpdxDocument_parseJsonSnippets2_2(t *testing.T) { - - data := []byte(`{ - "snippets" : [ { - "SPDXID" : "SPDXRef-Snippet", - "comment" : "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText" : "Copyright 2008-2010 John Smith", - "licenseComments" : "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - "licenseConcluded" : "GPL-2.0-only", - "licenseInfoInSnippets" : [ "GPL-2.0-only" ], - "attributionTexts":["text1"], - "name" : "from linux kernel", - "ranges" : [ { - "endPointer" : { - "lineNumber" : 23, - "reference" : "SPDXRef-DoapSource" - }, - "startPointer" : { - "lineNumber" : 5, - "reference" : "SPDXRef-DoapSource" - } - }, { - "endPointer" : { - "offset" : 420, - "reference" : "SPDXRef-DoapSource" - }, - "startPointer" : { - "offset" : 310, - "reference" : "SPDXRef-DoapSource" - } - } ], - "snippetFromFile" : "SPDXRef-DoapSource" - } ] - } - `) - - filetest1 := spdx.File2_2{ - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{}, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetAttributionTexts: []string{"text1"}, - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - }, - }, - } - - var specs JSONSpdxDocument - err := json.Unmarshal(data, &specs) - - if err != nil { - log.Fatal(err) - } - type args struct { - key string - value interface{} - doc *spdxDocument2_2 - } - tests := []struct { - name string - spec JSONSpdxDocument - args args - want *spdx.File2_2 - wantErr bool - }{ - // TODO: Add test cases. - { - name: "successTest", - spec: specs, - args: args{ - key: "snippets", - value: specs["snippets"], - doc: &spdxDocument2_2{UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{}, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}, - }, - }}, - }, - want: &filetest1, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.spec.parseJsonSnippets2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { - t.Errorf("JSONSpdxDocument.parseJsonSnippets2_2() error = %v, wantErr %v", err, tt.wantErr) - } - - for k, v := range tt.want.Snippets { - if !reflect.DeepEqual(tt.args.doc.UnpackagedFiles["DoapSource"].Snippets[k], v) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.UnpackagedFiles["DoapSource"].Snippets[k], v) - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/parser.go b/jsonloader/parser2v2/parser.go deleted file mode 100644 index b1fbe8a..0000000 --- a/jsonloader/parser2v2/parser.go +++ /dev/null @@ -1,132 +0,0 @@ -// Package jsonloader is used to load and parse SPDX JSON documents -// into tools-golang data structures. -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "encoding/json" - "fmt" - - "github.com/spdx/tools-golang/spdx" -) - -//TODO : return spdx.Document2_2 -func Load2_2(content []byte) (*spdx.Document2_2, error) { - // check whetehr the Json is valid or not - if !json.Valid(content) { - return nil, fmt.Errorf("%s", "Invalid JSON Specification") - } - result := spdxDocument2_2{} - // unmarshall the json into the result struct - err := json.Unmarshal(content, &result) - resultfinal := spdx.Document2_2(result) - - if err != nil { - return nil, fmt.Errorf("%s", err) - } - - return &resultfinal, nil -} - -func (doc *spdxDocument2_2) UnmarshalJSON(data []byte) error { - var specs JSONSpdxDocument - //unmarshall the json into the intermediate stricture map[string]interface{} - err := json.Unmarshal(data, &specs) - if err != nil { - return err - } - // parse the data from the intermediate structure to the spdx.Document2_2{} - err = specs.newDocument(doc) - if err != nil { - return err - } - return nil -} - -func (spec JSONSpdxDocument) newDocument(doc *spdxDocument2_2) error { - // raneg through all the keys in the map and send them to appropriate arsing functions - for key, val := range spec { - switch key { - case "dataLicense", "spdxVersion", "SPDXID", "documentNamespace", "name", "comment", "creationInfo", "externalDocumentRefs": - err := spec.parseJsonCreationInfo2_2(key, val, doc) - if err != nil { - return err - } - case "annotations": - // if the json spec doenn't has any files then only this case will be executed - if spec["files"] == nil { - - id, err := extractDocElementID(spec["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - err = spec.parseJsonAnnotations2_2(key, val, doc, id) - if err != nil { - return err - } - } - case "relationships": - err := spec.parseJsonRelationships2_2(key, val, doc) - if err != nil { - return err - } - case "files": - //first parse all the files - err := spec.parseJsonFiles2_2(key, val, doc) - if err != nil { - return err - } - //then parse the snippets - if spec["snippets"] != nil { - err = spec.parseJsonSnippets2_2("snippets", spec["snippets"], doc) - if err != nil { - return err - } - } - //then parse the packages - if spec["packages"] != nil { - err = spec.parseJsonPackages2_2("packages", spec["packages"], doc) - if err != nil { - return err - } - } - // then parse the annotations - if spec["annotations"] != nil { - id, err := extractDocElementID(spec["SPDXID"].(string)) - if err != nil { - return fmt.Errorf("%s", err) - } - err = spec.parseJsonAnnotations2_2("annotations", spec["annotations"], doc, id) - if err != nil { - return err - } - } - - case "packages": - // if the json spec doesn't has any files to parse then this switch case will be executed - if spec["files"] == nil { - err := spec.parseJsonPackages2_2("packages", spec["packages"], doc) - if err != nil { - return err - } - } - case "hasExtractedLicensingInfos": - err := spec.parseJsonOtherLicenses2_2(key, val, doc) - if err != nil { - return err - } - case "revieweds": - err := spec.parseJsonReviews2_2(key, val, doc) - if err != nil { - return err - } - case "snippets", "documentDescribes": - //redundant case - default: - return fmt.Errorf("unrecognized key here %v", key) - } - - } - return nil -} diff --git a/jsonloader/parser2v2/parser_test.go b/jsonloader/parser2v2/parser_test.go deleted file mode 100644 index 051ff99..0000000 --- a/jsonloader/parser2v2/parser_test.go +++ /dev/null @@ -1,419 +0,0 @@ -// Package jsonloader is used to load and parse SPDX JSON documents -// into tools-golang data structures. -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "io/ioutil" - "log" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -//TODO: json validity check -//TODO: passsing an unrecornized key - -func TestLoad2_2(t *testing.T) { - - jsonData, err := ioutil.ReadFile("jsonfiles/test.json") // b has type []byte - if err != nil { - log.Fatal(err) - } - - type args struct { - content []byte - } - tests := []struct { - name string - args args - want *spdxDocument2_2 - wantErr bool - }{ - { - name: "True test", - args: args{content: jsonData}, - want: &spdxDocument2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - DataLicense: "CC0-1.0", - SPDXVersion: "SPDX-2.2", - SPDXIdentifier: "DOCUMENT", - DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", - LicenseListVersion: "3.8", - Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe ()"}, - CreatorOrganizations: []string{"ExampleCodeInspect ()"}, - CreatorTools: []string{"LicenseFind-1.0"}, - DocumentName: "SPDX-Tools-v2.0", - DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-tool-1.2": { - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - Annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2011-03-13T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Suzanne Reviewer", - AnnotationComment: "Another example reviewer.", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Jane Doe ()", - AnnotationComment: "Document level annotation", - }, - }, - Relationships: []*spdx.Relationship2_2{ - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, - Relationship: "COPY_OF", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "DESCRIBES", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Saxon"}, - Relationship: "DYNAMIC_LINK", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "CommonsLangSrc"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "", SpecialID: "NOASSERTION"}, - Relationship: "GENERATED_FROM", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "fromDoap-0"}, - Relationship: "GENERATED_FROM", - }, - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - "Package": { - PackageSPDXIdentifier: "Package", - PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA256": { - Algorithm: "SHA256", - Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - }, - "SHA1": { - Algorithm: "SHA1", - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - PackageCopyrightText: "Copyright 2008-2010 John Smith", - PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - PackageExternalReferences: []*spdx.PackageExternalReference2_2{ - { - RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - ExternalRefComment: "This is the external ref for Acme", - Category: "OTHER", - Locator: "acmecorp/acmenator/4.1.3-alpha", - }, - { - RefType: "http://spdx.org/rdf/references/cpe23Type", - Category: "SECURITY", - Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - }, - }, - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - "CommonsLangSrc": { - FileSPDXIdentifier: "CommonsLangSrc", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file is used by Jena", - FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", - FileContributor: []string{"Apache Software Foundation"}, - FileName: "./lib-source/commons-lang3-3.1-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", - }, - "JenaLib": { - FileSPDXIdentifier: "JenaLib", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", - }, - }, - FileComment: "This file belongs to Jena", - FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - FileContributor: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, - FileDependencies: []string{"SPDXRef-CommonsLangSrc"}, - FileName: "./lib-source/jena-2.6.3-sources.jar", - FileType: []string{"ARCHIVE"}, - LicenseComments: "This license is used by Jena", - LicenseConcluded: "LicenseRef-1", - LicenseInfoInFile: []string{"LicenseRef-1"}, - }, - }, - PackageHomePage: "http://ftp.gnu.org/gnu/glibc", - PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", - PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", - PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - PackageName: "glibc", - PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", - PackageFileName: "glibc-2.11.1.tar.gz", - PackageVerificationCodeExcludedFile: "./package.spdx", - PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", - PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - PackageSummary: "GNU C library.", - PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", - PackageVersion: "2.11.1", - }, - "fromDoap-1": { - PackageSPDXIdentifier: "fromDoap-1", - PackageComment: "This package was converted from a DOAP Project by the same name", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://commons.apache.org/proper/commons-lang/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Apache Commons Lang", - }, - "fromDoap-0": { - PackageSPDXIdentifier: "fromDoap-0", - PackageComment: "This package was converted from a DOAP Project by the same name", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://www.openjena.org/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Jena", - }, - - "Saxon": { - PackageSPDXIdentifier: "Saxon", - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - }, - PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", - PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, - PackageHomePage: "http://saxon.sourceforge.net/", - PackageLicenseComments: "Other versions available for a commercial license", - PackageLicenseConcluded: "MPL-1.0", - PackageLicenseDeclared: "MPL-1.0", - PackageName: "Saxon", - PackageFileName: "saxonB-8.8.zip", - PackageVersion: "8.8", - }, - }, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", - }, - }, - OtherLicenses: []*spdx.OtherLicense2_2{ - { - ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - LicenseIdentifier: "LicenseRef-Beerware-4.2", - }, - { - ExtractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - LicenseIdentifier: "LicenseRef-4", - }, - { - LicenseComment: "This is tye CyperNeko License", - ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-3", - LicenseName: "CyberNeko License", - LicenseCrossReferences: []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - { - ExtractedText: "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-2", - }, - { - ExtractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - LicenseIdentifier: "LicenseRef-1", - }, - }, - }, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := Load2_2(tt.args.content) - if (err != nil) != tt.wantErr { - t.Errorf("Load2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - // check creation info - if !reflect.DeepEqual(got.CreationInfo, tt.want.CreationInfo) { - t.Errorf("Load2_2() = %v, want %v", got.CreationInfo, tt.want.CreationInfo) - } - // check annotations - for i := 0; i < len(tt.want.Annotations); i++ { - if !reflect.DeepEqual(got.Annotations[i], tt.want.Annotations[i]) { - t.Errorf("Load2_2() = %v, want %v", got.Annotations[i], tt.want.Annotations[i]) - } - } - // check relationships - for i := 0; i < len(got.Relationships); i++ { - if !reflect.DeepEqual(got.Relationships[i], tt.want.Relationships[i]) { - t.Errorf("Load2_2() = %v, want %v", got.Relationships[i], tt.want.Relationships[i]) - } - } - //check unpackaged files - for k, v := range tt.want.UnpackagedFiles { - if !reflect.DeepEqual(got.UnpackagedFiles[k], v) { - t.Errorf("Load2_2() = %v, want %v", got.UnpackagedFiles[k], v) - } - } - // check packages - for k, v := range tt.want.Packages { - if !reflect.DeepEqual(got.Packages[k], v) { - t.Errorf("Load2_2() = %v, want %v", got.Packages[k], v) - } - } - // check other licenses - for i := 0; i < len(got.OtherLicenses); i++ { - if !reflect.DeepEqual(got.OtherLicenses[i], tt.want.OtherLicenses[i]) { - t.Errorf("Load2_2() = %v, want %v", got.OtherLicenses[i], tt.want.OtherLicenses[i]) - } - } - // check reviews - for i := 0; i < len(got.Reviews); i++ { - if !reflect.DeepEqual(got.Reviews[i], tt.want.Reviews[i]) { - t.Errorf("Load2_2() = %v, want %v", got.Reviews[i], tt.want.Reviews[i]) - } - } - - }) - } -} diff --git a/jsonloader/parser2v2/types.go b/jsonloader/parser2v2/types.go deleted file mode 100644 index b85b23e..0000000 --- a/jsonloader/parser2v2/types.go +++ /dev/null @@ -1,9 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import "github.com/spdx/tools-golang/spdx" - -type spdxDocument2_2 spdx.Document2_2 - -type JSONSpdxDocument map[string]interface{} diff --git a/jsonloader/parser2v2/util.go b/jsonloader/parser2v2/util.go deleted file mode 100644 index 6676846..0000000 --- a/jsonloader/parser2v2/util.go +++ /dev/null @@ -1,115 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package parser2v2 - -import ( - "fmt" - "strings" - - "github.com/spdx/tools-golang/spdx" -) - -// used to extract key / value from embedded substrings -// returns subkey, subvalue, nil if no error, or "", "", error otherwise -func extractSubs(value string) (string, string, error) { - // parse the value to see if it's a valid subvalue format - sp := strings.SplitN(value, ":", 2) - if len(sp) == 1 { - return "", "", fmt.Errorf("invalid subvalue format for %s (no colon found)", value) - } - - subkey := strings.TrimSpace(sp[0]) - subvalue := strings.TrimSpace(sp[1]) - - return subkey, subvalue, nil -} - -// used to extract DocumentRef and SPDXRef values from an SPDX Identifier -// which can point either to this document or to a different one -func extractDocElementID(value string) (spdx.DocElementID, error) { - docRefID := "" - idStr := value - - // check prefix to see if it's a DocumentRef ID - if strings.HasPrefix(idStr, "DocumentRef-") { - // extract the part that comes between "DocumentRef-" and ":" - strs := strings.Split(idStr, ":") - // should be exactly two, part before and part after - if len(strs) < 2 { - return spdx.DocElementID{}, fmt.Errorf("no colon found although DocumentRef- prefix present") - } - if len(strs) > 2 { - return spdx.DocElementID{}, fmt.Errorf("more than one colon found") - } - - // trim the prefix and confirm non-empty - docRefID = strings.TrimPrefix(strs[0], "DocumentRef-") - if docRefID == "" { - return spdx.DocElementID{}, fmt.Errorf("document identifier has nothing after prefix") - } - // and use remainder for element ID parsing - idStr = strs[1] - } - - // check prefix to confirm it's got the right prefix for element IDs - if !strings.HasPrefix(idStr, "SPDXRef-") { - return spdx.DocElementID{}, fmt.Errorf("missing SPDXRef- prefix for element identifier") - } - - // make sure no colons are present - if strings.Contains(idStr, ":") { - // we know this means there was no DocumentRef- prefix, because - // we would have handled multiple colons above if it was - return spdx.DocElementID{}, fmt.Errorf("invalid colon in element identifier") - } - - // trim the prefix and confirm non-empty - eltRefID := strings.TrimPrefix(idStr, "SPDXRef-") - if eltRefID == "" { - return spdx.DocElementID{}, fmt.Errorf("element identifier has nothing after prefix") - } - - // we're good - return spdx.DocElementID{DocumentRefID: docRefID, ElementRefID: spdx.ElementID(eltRefID)}, nil -} - -// used to extract SPDXRef values from an SPDX Identifier, OR "special" strings -// from a specified set of permitted values. The primary use case for this is -// the right-hand side of Relationships, where beginning in SPDX 2.2 the values -// "NONE" and "NOASSERTION" are permitted. If the value does not match one of -// the specified permitted values, it will fall back to the ordinary -// DocElementID extractor. -func extractDocElementSpecial(value string, permittedSpecial []string) (spdx.DocElementID, error) { - // check value against special set first - for _, sp := range permittedSpecial { - if sp == value { - return spdx.DocElementID{SpecialID: sp}, nil - } - } - // not found, fall back to regular search - return extractDocElementID(value) -} - -// used to extract SPDXRef values only from an SPDX Identifier which can point -// to this document only. Use extractDocElementID for parsing IDs that can -// refer either to this document or a different one. -func extractElementID(value string) (spdx.ElementID, error) { - // check prefix to confirm it's got the right prefix for element IDs - if !strings.HasPrefix(value, "SPDXRef-") { - return spdx.ElementID(""), fmt.Errorf("missing SPDXRef- prefix for element identifier") - } - - // make sure no colons are present - if strings.Contains(value, ":") { - return spdx.ElementID(""), fmt.Errorf("invalid colon in element identifier") - } - - // trim the prefix and confirm non-empty - eltRefID := strings.TrimPrefix(value, "SPDXRef-") - if eltRefID == "" { - return spdx.ElementID(""), fmt.Errorf("element identifier has nothing after prefix") - } - - // we're good - return spdx.ElementID(eltRefID), nil -} diff --git a/jsonloader/parser2v2/util_test.go b/jsonloader/parser2v2/util_test.go deleted file mode 100644 index e2f75d7..0000000 --- a/jsonloader/parser2v2/util_test.go +++ /dev/null @@ -1,156 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -package parser2v2 - -import ( - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -// ===== Helper function tests ===== - -func TestCanExtractSubvalues(t *testing.T) { - subkey, subvalue, err := extractSubs("SHA1: abc123") - if err != nil { - t.Errorf("got error when calling extractSubs: %v", err) - } - if subkey != "SHA1" { - t.Errorf("got %v for subkey", subkey) - } - if subvalue != "abc123" { - t.Errorf("got %v for subvalue", subvalue) - } -} - -func TestReturnsErrorForInvalidSubvalueFormat(t *testing.T) { - _, _, err := extractSubs("blah") - if err == nil { - t.Errorf("expected error when calling extractSubs for invalid format (0 colons), got nil") - } -} - -func TestCanExtractDocumentAndElementRefsFromID(t *testing.T) { - // test with valid ID in this document - helperForExtractDocElementID(t, "SPDXRef-file1", false, "", "file1") - // test with valid ID in another document - helperForExtractDocElementID(t, "DocumentRef-doc2:SPDXRef-file2", false, "doc2", "file2") - // test with invalid ID in this document - helperForExtractDocElementID(t, "a:SPDXRef-file1", true, "", "") - helperForExtractDocElementID(t, "file1", true, "", "") - helperForExtractDocElementID(t, "SPDXRef-", true, "", "") - helperForExtractDocElementID(t, "SPDXRef-file1:", true, "", "") - // test with invalid ID in another document - helperForExtractDocElementID(t, "DocumentRef-doc2", true, "", "") - helperForExtractDocElementID(t, "DocumentRef-doc2:", true, "", "") - helperForExtractDocElementID(t, "DocumentRef-doc2:SPDXRef-", true, "", "") - helperForExtractDocElementID(t, "DocumentRef-doc2:a", true, "", "") - helperForExtractDocElementID(t, "DocumentRef-:", true, "", "") - helperForExtractDocElementID(t, "DocumentRef-:SPDXRef-file1", true, "", "") - // test with invalid formats - helperForExtractDocElementID(t, "DocumentRef-doc2:SPDXRef-file1:file2", true, "", "") -} - -func helperForExtractDocElementID(t *testing.T, tst string, wantErr bool, wantDoc string, wantElt string) { - deID, err := extractDocElementID(tst) - if err != nil && wantErr == false { - t.Errorf("testing %v: expected nil error, got %v", tst, err) - } - if err == nil && wantErr == true { - t.Errorf("testing %v: expected non-nil error, got nil", tst) - } - if deID.DocumentRefID != wantDoc { - if wantDoc == "" { - t.Errorf("testing %v: want empty string for DocumentRefID, got %v", tst, deID.DocumentRefID) - } else { - t.Errorf("testing %v: want %v for DocumentRefID, got %v", tst, wantDoc, deID.DocumentRefID) - } - } - if deID.ElementRefID != spdx.ElementID(wantElt) { - if wantElt == "" { - t.Errorf("testing %v: want empty string for ElementRefID, got %v", tst, deID.ElementRefID) - } else { - t.Errorf("testing %v: want %v for ElementRefID, got %v", tst, wantElt, deID.ElementRefID) - } - } -} - -func TestCanExtractSpecialDocumentIDs(t *testing.T) { - permittedSpecial := []string{"NONE", "NOASSERTION"} - // test with valid special values - helperForExtractDocElementSpecial(t, permittedSpecial, "NONE", false, "", "", "NONE") - helperForExtractDocElementSpecial(t, permittedSpecial, "NOASSERTION", false, "", "", "NOASSERTION") - // test with valid regular IDs - helperForExtractDocElementSpecial(t, permittedSpecial, "SPDXRef-file1", false, "", "file1", "") - helperForExtractDocElementSpecial(t, permittedSpecial, "DocumentRef-doc2:SPDXRef-file2", false, "doc2", "file2", "") - helperForExtractDocElementSpecial(t, permittedSpecial, "a:SPDXRef-file1", true, "", "", "") - helperForExtractDocElementSpecial(t, permittedSpecial, "DocumentRef-doc2", true, "", "", "") - // test with invalid other words not on permitted list - helperForExtractDocElementSpecial(t, permittedSpecial, "FOO", true, "", "", "") -} - -func helperForExtractDocElementSpecial(t *testing.T, permittedSpecial []string, tst string, wantErr bool, wantDoc string, wantElt string, wantSpecial string) { - deID, err := extractDocElementSpecial(tst, permittedSpecial) - if err != nil && wantErr == false { - t.Errorf("testing %v: expected nil error, got %v", tst, err) - } - if err == nil && wantErr == true { - t.Errorf("testing %v: expected non-nil error, got nil", tst) - } - if deID.DocumentRefID != wantDoc { - if wantDoc == "" { - t.Errorf("testing %v: want empty string for DocumentRefID, got %v", tst, deID.DocumentRefID) - } else { - t.Errorf("testing %v: want %v for DocumentRefID, got %v", tst, wantDoc, deID.DocumentRefID) - } - } - if deID.ElementRefID != spdx.ElementID(wantElt) { - if wantElt == "" { - t.Errorf("testing %v: want empty string for ElementRefID, got %v", tst, deID.ElementRefID) - } else { - t.Errorf("testing %v: want %v for ElementRefID, got %v", tst, wantElt, deID.ElementRefID) - } - } - if deID.SpecialID != wantSpecial { - if wantSpecial == "" { - t.Errorf("testing %v: want empty string for SpecialID, got %v", tst, deID.SpecialID) - } else { - t.Errorf("testing %v: want %v for SpecialID, got %v", tst, wantSpecial, deID.SpecialID) - } - } -} - -func TestCanExtractElementRefsOnlyFromID(t *testing.T) { - // test with valid ID in this document - helperForExtractElementID(t, "SPDXRef-file1", false, "file1") - // test with valid ID in another document - helperForExtractElementID(t, "DocumentRef-doc2:SPDXRef-file2", true, "") - // test with invalid ID in this document - helperForExtractElementID(t, "a:SPDXRef-file1", true, "") - helperForExtractElementID(t, "file1", true, "") - helperForExtractElementID(t, "SPDXRef-", true, "") - helperForExtractElementID(t, "SPDXRef-file1:", true, "") - // test with invalid ID in another document - helperForExtractElementID(t, "DocumentRef-doc2", true, "") - helperForExtractElementID(t, "DocumentRef-doc2:", true, "") - helperForExtractElementID(t, "DocumentRef-doc2:SPDXRef-", true, "") - helperForExtractElementID(t, "DocumentRef-doc2:a", true, "") - helperForExtractElementID(t, "DocumentRef-:", true, "") - helperForExtractElementID(t, "DocumentRef-:SPDXRef-file1", true, "") -} - -func helperForExtractElementID(t *testing.T, tst string, wantErr bool, wantElt string) { - eID, err := extractElementID(tst) - if err != nil && wantErr == false { - t.Errorf("testing %v: expected nil error, got %v", tst, err) - } - if err == nil && wantErr == true { - t.Errorf("testing %v: expected non-nil error, got nil", tst) - } - if eID != spdx.ElementID(wantElt) { - if wantElt == "" { - t.Errorf("testing %v: want emptyString for ElementRefID, got %v", tst, eID) - } else { - t.Errorf("testing %v: want %v for ElementRefID, got %v", tst, wantElt, eID) - } - } -} diff --git a/jsonsaver/jsonsaver.go b/jsonsaver/jsonsaver.go deleted file mode 100644 index 4748e16..0000000 --- a/jsonsaver/jsonsaver.go +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package jsonsaver - -import ( - "bytes" - "io" - - "github.com/spdx/tools-golang/jsonsaver/saver2v2" - "github.com/spdx/tools-golang/spdx" -) - -// Save2_2 takes an io.Writer and an SPDX Document (version 2.2), -// and writes it to the writer in json format. It returns error -// if any error is encountered. -func Save2_2(doc *spdx.Document2_2, w io.Writer) error { - var b []byte - buf := bytes.NewBuffer(b) - err := saver2v2.RenderDocument2_2(doc, buf) - if err != nil { - return err - } - w.Write(buf.Bytes()) - return nil -} diff --git a/jsonsaver/jsonsaver_test.go b/jsonsaver/jsonsaver_test.go deleted file mode 100644 index 3d5daa9..0000000 --- a/jsonsaver/jsonsaver_test.go +++ /dev/null @@ -1,228 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package jsonsaver - -import ( - "bytes" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestSave2_2(t *testing.T) { - type args struct { - doc *spdx.Document2_2 - } - test1 := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - DataLicense: "CC0-1.0", - SPDXVersion: "SPDX-2.2", - SPDXIdentifier: "DOCUMENT", - DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", - LicenseListVersion: "3.8", - Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe ()"}, - CreatorOrganizations: []string{"ExampleCodeInspect ()"}, - CreatorTools: []string{"LicenseFind-1.0"}, - DocumentName: "SPDX-Tools-v2.0", - DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-tool-1.2": { - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - OtherLicenses: []*spdx.OtherLicense2_2{ - { - ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - LicenseIdentifier: "LicenseRef-Beerware-4.2", - }, - { - LicenseComment: "This is tye CyperNeko License", - ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-3", - LicenseName: "CyberNeko License", - LicenseCrossReferences: []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - }, - Annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - }, - Relationships: []*spdx.Relationship2_2{ - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, - Relationship: "COPY_OF", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", - RelationshipComment: "This is a comment.", - }, - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - "Package": { - PackageSPDXIdentifier: "Package", - PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - PackageCopyrightText: "Copyright 2008-2010 John Smith", - PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - PackageExternalReferences: []*spdx.PackageExternalReference2_2{ - { - RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - ExternalRefComment: "This is the external ref for Acme", - Category: "OTHER", - Locator: "acmecorp/acmenator/4.1.3-alpha", - }, - { - RefType: "http://spdx.org/rdf/references/cpe23Type", - Category: "SECURITY", - Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - }, - }, - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - }, - PackageHomePage: "http://ftp.gnu.org/gnu/glibc", - PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", - PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", - PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - PackageName: "glibc", - PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", - PackageFileName: "glibc-2.11.1.tar.gz", - PackageVerificationCodeExcludedFile: "./package.spdx", - PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", - PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - PackageSummary: "GNU C library.", - PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", - PackageVersion: "2.11.1", - }, - }, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - }, - }, - } - tests := []struct { - name string - args args - wantErr bool - }{ - { - name: "success", - args: args{ - doc: test1, - }, - wantErr: false, - }, - { - name: "failure", - args: args{ - doc: &spdx.Document2_2{}, - }, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - w := &bytes.Buffer{} - if err := Save2_2(tt.args.doc, w); (err != nil) != tt.wantErr { - t.Errorf("Save2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_annotations.go b/jsonsaver/saver2v2/save_annotations.go deleted file mode 100644 index 0a69c2c..0000000 --- a/jsonsaver/saver2v2/save_annotations.go +++ /dev/null @@ -1,27 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "fmt" - - "github.com/spdx/tools-golang/spdx" -) - -func renderAnnotations2_2(annotations []*spdx.Annotation2_2, eID spdx.DocElementID) ([]interface{}, error) { - - var ann []interface{} - for _, v := range annotations { - if v.AnnotationSPDXIdentifier == eID { - annotation := make(map[string]interface{}) - annotation["annotationDate"] = v.AnnotationDate - annotation["annotationType"] = v.AnnotationType - annotation["annotator"] = fmt.Sprintf("%s: %s", v.AnnotatorType, v.Annotator) - if v.AnnotationComment != "" { - annotation["comment"] = v.AnnotationComment - } - ann = append(ann, annotation) - } - } - return ann, nil -} diff --git a/jsonsaver/saver2v2/save_annotations_test.go b/jsonsaver/saver2v2/save_annotations_test.go deleted file mode 100644 index 5f1fdf2..0000000 --- a/jsonsaver/saver2v2/save_annotations_test.go +++ /dev/null @@ -1,95 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderAnnotations2_2(t *testing.T) { - type args struct { - annotations []*spdx.Annotation2_2 - eID spdx.DocElementID - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2011-03-13T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Suzanne Reviewer", - AnnotationComment: "Another example reviewer.", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Jane Doe ()", - AnnotationComment: "Document level annotation", - }, - }, - eID: spdx.MakeDocElementID("", "File"), - }, - want: []interface{}{ - map[string]interface{}{ - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: File Commenter", - "comment": "File level annotation", - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderAnnotations2_2(tt.args.annotations, tt.args.eID) - if (err != nil) != tt.wantErr { - t.Errorf("renderAnnotations2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderAnnotations2_2() = %v, want %v", v, tt.want[k]) - } - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_creation_info.go b/jsonsaver/saver2v2/save_creation_info.go deleted file mode 100644 index 11b42d8..0000000 --- a/jsonsaver/saver2v2/save_creation_info.go +++ /dev/null @@ -1,77 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "fmt" - - "github.com/spdx/tools-golang/spdx" -) - -func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, jsondocument map[string]interface{}) error { - if ci.SPDXIdentifier != "" { - jsondocument["SPDXID"] = spdx.RenderElementID(ci.SPDXIdentifier) - } - if ci.SPDXVersion != "" { - jsondocument["spdxVersion"] = ci.SPDXVersion - } - if ci.CreatorComment != "" || ci.Created != "" || ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil || ci.LicenseListVersion != "" { - creationInfo := make(map[string]interface{}) - if ci.CreatorComment != "" { - creationInfo["comment"] = ci.CreatorComment - } - if ci.Created != "" { - creationInfo["created"] = ci.Created - - } - if ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil { - var creators []string - for _, v := range ci.CreatorTools { - creators = append(creators, fmt.Sprintf("Tool: %s", v)) - } - for _, v := range ci.CreatorOrganizations { - creators = append(creators, fmt.Sprintf("Organization: %s", v)) - } - for _, v := range ci.CreatorPersons { - creators = append(creators, fmt.Sprintf("Person: %s", v)) - } - - creationInfo["creators"] = creators - } - if ci.LicenseListVersion != "" { - creationInfo["licenseListVersion"] = ci.LicenseListVersion - } - jsondocument["creationInfo"] = creationInfo - } - if ci.DocumentName != "" { - jsondocument["name"] = ci.DocumentName - } - if ci.DataLicense != "" { - jsondocument["dataLicense"] = ci.DataLicense - } - if ci.DocumentComment != "" { - jsondocument["comment"] = ci.DocumentComment - } - if ci.DocumentNamespace != "" { - jsondocument["documentNamespace"] = ci.DocumentNamespace - } - - if ci.ExternalDocumentReferences != nil { - var refs []interface{} - for _, v := range ci.ExternalDocumentReferences { - aa := make(map[string]interface{}) - aa["externalDocumentId"] = fmt.Sprintf("DocumentRef-%s", v.DocumentRefID) - aa["checksum"] = map[string]string{ - "algorithm": v.Alg, - "checksumValue": v.Checksum, - } - aa["spdxDocument"] = v.URI - refs = append(refs, aa) - } - if len(refs) > 0 { - jsondocument["externalDocumentRefs"] = refs - } - } - - return nil -} diff --git a/jsonsaver/saver2v2/save_creation_info_test.go b/jsonsaver/saver2v2/save_creation_info_test.go deleted file mode 100644 index 4498025..0000000 --- a/jsonsaver/saver2v2/save_creation_info_test.go +++ /dev/null @@ -1,90 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderCreationInfo2_2(t *testing.T) { - type args struct { - ci *spdx.CreationInfo2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want map[string]interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - ci: &spdx.CreationInfo2_2{ - DataLicense: "CC0-1.0", - SPDXVersion: "SPDX-2.2", - SPDXIdentifier: "DOCUMENT", - DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", - LicenseListVersion: "3.8", - Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe ()"}, - CreatorOrganizations: []string{"ExampleCodeInspect ()"}, - CreatorTools: []string{"LicenseFind-1.0"}, - DocumentName: "SPDX-Tools-v2.0", - DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-tool-1.2": { - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: map[string]interface{}{ - "dataLicense": "CC0-1.0", - "spdxVersion": "SPDX-2.2", - "SPDXID": "SPDXRef-DOCUMENT", - "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "name": "SPDX-Tools-v2.0", - "comment": "This document was created using SPDX 2.0 using licenses from the web site.", - "creationInfo": map[string]interface{}{ - "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created": "2010-01-29T18:30:22Z", - "creators": []string{"Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, - "licenseListVersion": "3.8", - }, - "externalDocumentRefs": []interface{}{ - map[string]interface{}{ - "externalDocumentId": "DocumentRef-spdx-tool-1.2", - "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - "checksum": map[string]string{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - }, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := renderCreationInfo2_2(tt.args.ci, tt.args.jsondocument); (err != nil) != tt.wantErr { - t.Errorf("renderCreationInfo2_2() error = %v, wantErr %v", err, tt.wantErr) - } - for k, v := range tt.want { - if !reflect.DeepEqual(tt.args.jsondocument[k], v) { - t.Errorf("renderCreationInfo2_2() = %v, want %v", tt.args.jsondocument[k], v) - } - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go deleted file mode 100644 index 43ea907..0000000 --- a/jsonsaver/saver2v2/save_document.go +++ /dev/null @@ -1,110 +0,0 @@ -// Package saver2v2 contains functions to render and write a json -// formatted version of an in-memory SPDX document and its sections -// (version 2.2). -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -package saver2v2 - -import ( - "bytes" - "encoding/json" - "fmt" - - "github.com/spdx/tools-golang/spdx" - "github.com/spdx/tools-golang/spdxlib" -) - -// RenderDocument2_2 is the main entry point to take an SPDX in-memory -// Document (version 2.2), and render it to the received *bytes.Buffer. -// It is only exported in order to be available to the jsonsaver package, -// and typically does not need to be called by client code. -func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { - - jsondocument := make(map[string]interface{}) - // start to parse the creationInfo - if doc.CreationInfo == nil { - return fmt.Errorf("document had nil CreationInfo section") - } - err := renderCreationInfo2_2(doc.CreationInfo, jsondocument) - if err != nil { - return err - } - - // save otherlicenses from sodx struct to json - if doc.OtherLicenses != nil { - _, err = renderOtherLicenses2_2(doc.OtherLicenses, jsondocument) - if err != nil { - return err - } - } - - // save document level annotations - if doc.Annotations != nil { - ann, err := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) - if err != nil { - return err - } - - jsondocument["annotations"] = ann - - } - - // save document describes - describes, _ := spdxlib.GetDescribedPackageIDs2_2(doc) - if describes != nil { - var describesID []string - for _, v := range describes { - describesID = append(describesID, spdx.RenderElementID(v)) - } - jsondocument["documentDescribes"] = describesID - } - allfiles := make(map[spdx.ElementID]*spdx.File2_2) - // save packages from spdx to json - if doc.Packages != nil { - _, err = renderPackage2_2(doc, jsondocument, allfiles) - if err != nil { - return err - } - } - - for k, v := range doc.UnpackagedFiles { - allfiles[k] = v - } - - // save files and snippets from spdx to json - if allfiles != nil { - _, err = renderFiles2_2(doc, jsondocument, allfiles) - if err != nil { - return err - } - _, err = renderSnippets2_2(jsondocument, allfiles) - if err != nil { - return err - } - - } - - // save reviews from spdx to json - if doc.Reviews != nil { - _, err = renderReviews2_2(doc.Reviews, jsondocument) - if err != nil { - return err - } - - } - - // save relationships from spdx to json - if doc.Relationships != nil { - _, err = renderRelationships2_2(doc.Relationships, jsondocument) - if err != nil { - return err - } - - } - - jsonspec, err := json.MarshalIndent(jsondocument, "", "\t") - if err != nil { - return err - } - buf.Write(jsonspec) - return nil -} diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go deleted file mode 100644 index 9651367..0000000 --- a/jsonsaver/saver2v2/save_document_test.go +++ /dev/null @@ -1,436 +0,0 @@ -// Package saver2v2 contains functions to render and write a json -// formatted version of an in-memory SPDX document and its sections -// (version 2.2). -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -package saver2v2 - -import ( - "bytes" - "encoding/json" - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func TestRenderDocument2_2(t *testing.T) { - - test1 := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - DataLicense: "CC0-1.0", - SPDXVersion: "SPDX-2.2", - SPDXIdentifier: "DOCUMENT", - DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", - LicenseListVersion: "3.8", - Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe ()"}, - CreatorOrganizations: []string{"ExampleCodeInspect ()"}, - CreatorTools: []string{"LicenseFind-1.0"}, - DocumentName: "SPDX-Tools-v2.0", - DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-tool-1.2": { - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - OtherLicenses: []*spdx.OtherLicense2_2{ - { - ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - LicenseIdentifier: "LicenseRef-Beerware-4.2", - }, - { - LicenseComment: "This is tye CyperNeko License", - ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-3", - LicenseName: "CyberNeko License", - LicenseCrossReferences: []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - }, - Annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - }, - Relationships: []*spdx.Relationship2_2{ - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, - Relationship: "COPY_OF", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", - RelationshipComment: "This is a comment.", - }, - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - "Package": { - PackageSPDXIdentifier: "Package", - PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - PackageCopyrightText: "Copyright 2008-2010 John Smith", - PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - PackageExternalReferences: []*spdx.PackageExternalReference2_2{ - { - RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - ExternalRefComment: "This is the external ref for Acme", - Category: "OTHER", - Locator: "acmecorp/acmenator/4.1.3-alpha", - }, - { - RefType: "http://spdx.org/rdf/references/cpe23Type", - Category: "SECURITY", - Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - }, - }, - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - }, - PackageHomePage: "http://ftp.gnu.org/gnu/glibc", - PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", - PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", - PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - PackageName: "glibc", - PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", - PackageFileName: "glibc-2.11.1.tar.gz", - PackageVerificationCodeExcludedFile: "./package.spdx", - PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", - PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - PackageSummary: "GNU C library.", - PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", - PackageVersion: "2.11.1", - }, - }, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - }, - }, - } - - want := map[string]interface{}{ - "dataLicense": "CC0-1.0", - "spdxVersion": "SPDX-2.2", - "SPDXID": "SPDXRef-DOCUMENT", - "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "documentDescribes": []string{"SPDXRef-Package"}, - "name": "SPDX-Tools-v2.0", - "comment": "This document was created using SPDX 2.0 using licenses from the web site.", - "creationInfo": map[string]interface{}{ - "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created": "2010-01-29T18:30:22Z", - "creators": []string{"Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, - "licenseListVersion": "3.8", - }, - "externalDocumentRefs": []interface{}{ - map[string]interface{}{ - "externalDocumentId": "DocumentRef-spdx-tool-1.2", - "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - "checksum": map[string]string{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", - }, - }, - }, - "hasExtractedLicensingInfos": []interface{}{ - map[string]interface{}{ - "licenseId": "LicenseRef-Beerware-4.2", - "extractedText": "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - }, - map[string]interface{}{ - "licenseId": "LicenseRef-3", - "comment": "This is tye CyperNeko License", - "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "name": "CyberNeko License", - "seeAlsos": []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - }, - "annotations": []interface{}{ - map[string]interface{}{ - "annotationDate": "2010-02-10T00:00:00Z", - "annotationType": "REVIEW", - "annotator": "Person: Joe Reviewer", - "comment": "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - }, - "relationships": []interface{}{ - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", - "relationshipType": "COPY_OF", - }, - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-Package", - "relationshipType": "CONTAINS", - }, - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-File", - "relationshipType": "DESCRIBES", - "comment": "This is a comment.", - }, - }, - "packages": []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-Package", - "annotations": []interface{}{ - map[string]interface{}{ - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: Package Commenter", - "comment": "Package level annotation", - }, - }, - "attributionTexts": []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, - }, - "copyrightText": "Copyright 2008-2010 John Smith", - "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "externalRefs": []interface{}{ - map[string]interface{}{ - "comment": "This is the external ref for Acme", - "referenceCategory": "OTHER", - "referenceLocator": "acmecorp/acmenator/4.1.3-alpha", - "referenceType": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - }, - map[string]interface{}{ - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - "referenceType": "http://spdx.org/rdf/references/cpe23Type", - }, - }, - "filesAnalyzed": true, - "hasFiles": []string{"SPDXRef-DoapSource"}, - "homepage": "http://ftp.gnu.org/gnu/glibc", - "licenseComments": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-3)", - "licenseDeclared": "(LGPL-2.0-only AND LicenseRef-3)", - "licenseInfoFromFiles": []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - "name": "glibc", - "originator": "Organization: ExampleCodeInspect (contact@example.com)", - "packageFileName": "glibc-2.11.1.tar.gz", - "packageVerificationCode": map[string]interface{}{ - "packageVerificationCodeExcludedFiles": []string{"./package.spdx"}, - "packageVerificationCodeValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - "summary": "GNU C library.", - "supplier": "Person: Jane Doe (jane.doe@example.com)", - "versionInfo": "2.11.1", - }, - }, - "files": []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-DoapSource", - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.", - "fileContributors": []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - "fileDependencies": []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - "fileName": "./src/org/spdx/parser/DOAPProject.java", - "fileTypes": []string{"SOURCE"}, - "licenseConcluded": "Apache-2.0", - "licenseInfoInFiles": []string{"Apache-2.0"}, - }, - map[string]interface{}{ - "SPDXID": "SPDXRef-File", - "annotations": []interface{}{ - map[string]interface{}{ - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: File Commenter", - "comment": "File level annotation", - }, - }, - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, - - map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - }, - "comment": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - "copyrightText": "Copyright 2008-2010 John Smith", - "fileContributors": []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - "fileName": "./package/foo.c", - "fileTypes": []string{"SOURCE"}, - "licenseComments": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", - "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, - "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - }, - }, - "snippets": []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-Snippet", - "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText": "Copyright 2008-2010 John Smith", - "licenseComments": "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - "licenseConcluded": "GPL-2.0-only", - "licenseInfoInSnippets": []string{"GPL-2.0-only"}, - "name": "from linux kernel", - "ranges": []interface{}{ - map[string]interface{}{ - "endPointer": map[string]interface{}{ - "offset": 420, - "reference": "SPDXRef-DoapSource", - }, - "startPointer": map[string]interface{}{ - "offset": 310, - "reference": "SPDXRef-DoapSource", - }, - }, - map[string]interface{}{ - "endPointer": map[string]interface{}{ - "lineNumber": 23, - "reference": "SPDXRef-DoapSource", - }, - "startPointer": map[string]interface{}{ - "lineNumber": 5, - "reference": "SPDXRef-DoapSource", - }, - }, - }, - "snippetFromFile": "SPDXRef-DoapSource", - }, - }, - } - var b []byte - - type args struct { - doc *spdx.Document2_2 - buf *bytes.Buffer - } - tests := []struct { - name string - args args - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success test ", - args: args{ - doc: test1, - buf: bytes.NewBuffer(b), - }, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { - t.Errorf("RenderDocument2_2() error = %v, wantErr %v", err, want) - } - jsonspec, _ := json.MarshalIndent(want, "", "\t") - result := tt.args.buf.Bytes() - if !reflect.DeepEqual(jsonspec, result) { - t.Errorf("RenderDocument2_2() error = %v, wantErr %v", string(jsonspec), string(result)) - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go deleted file mode 100644 index 2464f95..0000000 --- a/jsonsaver/saver2v2/save_files.go +++ /dev/null @@ -1,89 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "sort" - - "github.com/spdx/tools-golang/spdx" -) - -func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { - - var keys []string - for ke := range allfiles { - keys = append(keys, string(ke)) - } - sort.Strings(keys) - - var files []interface{} - for _, k := range keys { - v := allfiles[spdx.ElementID(k)] - file := make(map[string]interface{}) - file["SPDXID"] = spdx.RenderElementID(spdx.ElementID(k)) - ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) - if ann != nil { - file["annotations"] = ann - } - if v.FileContributor != nil { - file["fileContributors"] = v.FileContributor - } - if v.FileComment != "" { - file["comment"] = v.FileComment - } - - // save package checksums - if v.FileChecksums != nil { - var checksums []interface{} - - var algos []string - for alg := range v.FileChecksums { - algos = append(algos, string(alg)) - } - sort.Strings(algos) - - // for _, value := range v.FileChecksums { - for _, algo := range algos { - value := v.FileChecksums[spdx.ChecksumAlgorithm(algo)] - checksum := make(map[string]interface{}) - checksum["algorithm"] = string(value.Algorithm) - checksum["checksumValue"] = value.Value - checksums = append(checksums, checksum) - } - file["checksums"] = checksums - } - if v.FileCopyrightText != "" { - file["copyrightText"] = v.FileCopyrightText - } - if v.FileName != "" { - file["fileName"] = v.FileName - } - if v.FileType != nil { - file["fileTypes"] = v.FileType - } - if v.LicenseComments != "" { - file["licenseComments"] = v.LicenseComments - } - if v.LicenseConcluded != "" { - file["licenseConcluded"] = v.LicenseConcluded - } - if v.LicenseInfoInFile != nil { - file["licenseInfoInFiles"] = v.LicenseInfoInFile - } - if v.FileNotice != "" { - file["noticeText"] = v.FileNotice - } - if v.FileDependencies != nil { - file["fileDependencies"] = v.FileDependencies - } - if v.FileAttributionTexts != nil { - file["attributionTexts"] = v.FileAttributionTexts - } - - files = append(files, file) - } - if len(files) > 0 { - jsondocument["files"] = files - } - return files, nil -} diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go deleted file mode 100644 index 1a31b31..0000000 --- a/jsonsaver/saver2v2/save_files_test.go +++ /dev/null @@ -1,160 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderFiles2_2(t *testing.T) { - type args struct { - doc *spdx.Document2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - doc: &spdx.Document2_2{ - Annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-02-10T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Joe Reviewer", - AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2011-03-13T00:00:00Z", - AnnotationType: "REVIEW", - AnnotatorType: "Person", - Annotator: "Suzanne Reviewer", - AnnotationComment: "Another example reviewer.", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - AnnotationDate: "2010-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Jane Doe ()", - AnnotationComment: "Document level annotation", - }, - }, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was .", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - FileAttributionTexts: []string{"text1", "text2 "}, - }, - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-File", - "annotations": []interface{}{ - map[string]interface{}{ - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: File Commenter", - "comment": "File level annotation", - }, - }, - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, - map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - }, - "comment": "The concluded license was taken from the package level that the file was .", - "copyrightText": "Copyright 2008-2010 John Smith", - "fileContributors": []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - "fileName": "./package/foo.c", - "fileTypes": []string{"SOURCE"}, - "licenseComments": "The concluded license was taken from the package level that the file was included in.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", - "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, - "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - "attributionTexts": []string{"text1", "text2 "}, - }, - }, - }, - { - name: "success empty", - args: args{ - doc: &spdx.Document2_2{ - Annotations: []*spdx.Annotation2_2{}, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{}, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderFiles2_2(tt.args.doc, tt.args.jsondocument, tt.args.doc.UnpackagedFiles) - if (err != nil) != tt.wantErr { - t.Errorf("renderFiles2_2() error = %v, wantErr %v", err, tt.wantErr) - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderFiles2_2() error = %v, want %v", v, tt.want[k]) - } - } - - }) - } -} diff --git a/jsonsaver/saver2v2/save_other_license.go b/jsonsaver/saver2v2/save_other_license.go deleted file mode 100644 index fc8a6b5..0000000 --- a/jsonsaver/saver2v2/save_other_license.go +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "github.com/spdx/tools-golang/spdx" -) - -func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, jsondocument map[string]interface{}) ([]interface{}, error) { - - var licenses []interface{} - for _, v := range otherlicenses { - lic := make(map[string]interface{}) - if v.LicenseIdentifier != "" { - lic["licenseId"] = v.LicenseIdentifier - } - if v.ExtractedText != "" { - lic["extractedText"] = v.ExtractedText - } - if v.LicenseComment != "" { - lic["comment"] = v.LicenseComment - } - if v.LicenseName != "" { - lic["name"] = v.LicenseName - } - if v.LicenseCrossReferences != nil { - lic["seeAlsos"] = v.LicenseCrossReferences - } - licenses = append(licenses, lic) - } - if len(licenses) > 0 { - jsondocument["hasExtractedLicensingInfos"] = licenses - } - return licenses, nil -} diff --git a/jsonsaver/saver2v2/save_other_license_test.go b/jsonsaver/saver2v2/save_other_license_test.go deleted file mode 100644 index bf1a264..0000000 --- a/jsonsaver/saver2v2/save_other_license_test.go +++ /dev/null @@ -1,85 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderOtherLicenses2_2(t *testing.T) { - type args struct { - otherlicenses []*spdx.OtherLicense2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - otherlicenses: []*spdx.OtherLicense2_2{ - { - ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - LicenseIdentifier: "LicenseRef-Beerware-4.2", - }, - { - LicenseComment: "This is tye CyperNeko License", - ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - LicenseIdentifier: "LicenseRef-3", - LicenseName: "CyberNeko License", - LicenseCrossReferences: []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "licenseId": "LicenseRef-Beerware-4.2", - "extractedText": "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp </\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - }, - map[string]interface{}{ - "licenseId": "LicenseRef-3", - "comment": "This is tye CyperNeko License", - "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "name": "CyberNeko License", - "seeAlsos": []string{"http://people.apache.org/~andyc/neko/LICENSE", "http://justasample.url.com"}, - }, - }, - wantErr: false, - }, - { - name: "success empty", - args: args{ - otherlicenses: []*spdx.OtherLicense2_2{ - {}, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderOtherLicenses2_2(tt.args.otherlicenses, tt.args.jsondocument) - if (err != nil) != tt.wantErr { - t.Errorf("renderOtherLicenses2_2() error = %v, wantErr %v", err, tt.wantErr) - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderOtherLicenses2_2() error = %v, want %v", v, tt.want[k]) - } - } - - }) - } -} diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go deleted file mode 100644 index 1599f57..0000000 --- a/jsonsaver/saver2v2/save_package.go +++ /dev/null @@ -1,158 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "fmt" - "sort" - - "github.com/spdx/tools-golang/spdx" -) - -func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { - - var packages []interface{} - - var keys []string - for ke := range doc.Packages { - keys = append(keys, string(ke)) - } - sort.Strings(keys) - - // for k, v := range doc.Packages { - for _, k := range keys { - v := doc.Packages[spdx.ElementID(k)] - pkg := make(map[string]interface{}) - pkg["SPDXID"] = spdx.RenderElementID(spdx.ElementID(k)) - ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.PackageSPDXIdentifier))) - if ann != nil { - pkg["annotations"] = ann - } - if v.PackageAttributionTexts != nil { - pkg["attributionTexts"] = v.PackageAttributionTexts - } - // save package checksums - if v.PackageChecksums != nil { - var checksums []interface{} - - var algos []string - for alg := range v.PackageChecksums { - algos = append(algos, string(alg)) - } - sort.Strings(algos) - - for _, algo := range algos { - value := v.PackageChecksums[spdx.ChecksumAlgorithm(algo)] - checksum := make(map[string]interface{}) - checksum["algorithm"] = string(value.Algorithm) - checksum["checksumValue"] = value.Value - checksums = append(checksums, checksum) - } - pkg["checksums"] = checksums - } - if v.PackageCopyrightText != "" { - pkg["copyrightText"] = v.PackageCopyrightText - } - if v.PackageDescription != "" { - pkg["description"] = v.PackageDescription - } - if v.PackageDownloadLocation != "" { - pkg["downloadLocation"] = v.PackageDownloadLocation - } - - //save document external refereneces - if v.PackageExternalReferences != nil { - var externalrefs []interface{} - for _, value := range v.PackageExternalReferences { - ref := make(map[string]interface{}) - ref["referenceCategory"] = value.Category - ref["referenceLocator"] = value.Locator - ref["referenceType"] = value.RefType - if value.ExternalRefComment != "" { - ref["comment"] = value.ExternalRefComment - } - externalrefs = append(externalrefs, ref) - } - pkg["externalRefs"] = externalrefs - } - - pkg["filesAnalyzed"] = v.FilesAnalyzed - - // save package hass files - if v.Files != nil { - var fileIds []string - for k, v := range v.Files { - allfiles[k] = v - fileIds = append(fileIds, spdx.RenderElementID(k)) - } - pkg["hasFiles"] = fileIds - } - - if v.PackageHomePage != "" { - pkg["homepage"] = v.PackageHomePage - } - if v.PackageLicenseComments != "" { - pkg["licenseComments"] = v.PackageLicenseComments - } - if v.PackageLicenseConcluded != "" { - pkg["licenseConcluded"] = v.PackageLicenseConcluded - } - if v.PackageLicenseDeclared != "" { - pkg["licenseDeclared"] = v.PackageLicenseDeclared - } - if v.PackageLicenseInfoFromFiles != nil { - pkg["licenseInfoFromFiles"] = v.PackageLicenseInfoFromFiles - } - if v.PackageName != "" { - pkg["name"] = v.PackageName - } - if v.PackageSourceInfo != "" { - pkg["sourceInfo"] = v.PackageSourceInfo - } - if v.PackageSummary != "" { - pkg["summary"] = v.PackageSummary - } - if v.PackageVersion != "" { - pkg["versionInfo"] = v.PackageVersion - } - if v.PackageFileName != "" { - pkg["packageFileName"] = v.PackageFileName - } - - //save package originator - if v.PackageOriginatorPerson != "" { - pkg["originator"] = fmt.Sprintf("Person: %s", v.PackageOriginatorPerson) - } - if v.PackageOriginatorOrganization != "" { - pkg["originator"] = fmt.Sprintf("Organization: %s", v.PackageOriginatorOrganization) - } - if v.PackageOriginatorNOASSERTION { - pkg["originator"] = "NOASSERTION" - } - - //save package verification code - if v.PackageVerificationCode != "" { - verification := make(map[string]interface{}) - verification["packageVerificationCodeExcludedFiles"] = []string{v.PackageVerificationCodeExcludedFile} - verification["packageVerificationCodeValue"] = v.PackageVerificationCode - pkg["packageVerificationCode"] = verification - } - - //save package supplier - if v.PackageSupplierPerson != "" { - pkg["supplier"] = fmt.Sprintf("Person: %s", v.PackageSupplierPerson) - } - if v.PackageSupplierOrganization != "" { - pkg["supplier"] = fmt.Sprintf("Organization: %s", v.PackageSupplierOrganization) - } - if v.PackageSupplierNOASSERTION { - pkg["supplier"] = "NOASSERTION" - } - - packages = append(packages, pkg) - } - if len(packages) > 0 { - jsondocument["packages"] = packages - } - return packages, nil -} diff --git a/jsonsaver/saver2v2/save_package_test.go b/jsonsaver/saver2v2/save_package_test.go deleted file mode 100644 index 41a6c9c..0000000 --- a/jsonsaver/saver2v2/save_package_test.go +++ /dev/null @@ -1,233 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderPackage2_2(t *testing.T) { - type args struct { - doc *spdx.Document2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - doc: &spdx.Document2_2{ - Annotations: []*spdx.Annotation2_2{ - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "File Commenter", - AnnotationComment: "File level annotation", - }, - { - AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - AnnotationDate: "2011-01-29T18:30:22Z", - AnnotationType: "OTHER", - AnnotatorType: "Person", - Annotator: "Package Commenter", - AnnotationComment: "Package level annotation", - }, - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - "Package": { - PackageSPDXIdentifier: "Package", - PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - PackageCopyrightText: "Copyright 2008-2010 John Smith", - PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - PackageExternalReferences: []*spdx.PackageExternalReference2_2{ - { - RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - ExternalRefComment: "This is the external ref for Acme", - Category: "OTHER", - Locator: "acmecorp/acmenator/4.1.3-alpha", - }, - { - RefType: "http://spdx.org/rdf/references/cpe23Type", - Category: "SECURITY", - Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - }, - }, - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - }, - PackageHomePage: "http://ftp.gnu.org/gnu/glibc", - PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", - PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", - PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - PackageName: "glibc", - PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", - PackageFileName: "glibc-2.11.1.tar.gz", - PackageVerificationCodeExcludedFile: "./package.spdx", - PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", - PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - PackageSummary: "GNU C library.", - PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", - PackageVersion: "2.11.1", - }, - }, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "File": { - FileSPDXIdentifier: "File", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, - }, - FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", - }, - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-Package", - "annotations": []interface{}{ - map[string]interface{}{ - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: Package Commenter", - "comment": "Package level annotation", - }, - }, - "attributionTexts": []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, - }, - "copyrightText": "Copyright 2008-2010 John Smith", - "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "externalRefs": []interface{}{ - map[string]interface{}{ - "comment": "This is the external ref for Acme", - "referenceCategory": "OTHER", - "referenceLocator": "acmecorp/acmenator/4.1.3-alpha", - "referenceType": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", - }, - map[string]interface{}{ - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - "referenceType": "http://spdx.org/rdf/references/cpe23Type", - }, - }, - "filesAnalyzed": true, - "hasFiles": []string{"SPDXRef-DoapSource"}, - "homepage": "http://ftp.gnu.org/gnu/glibc", - "licenseComments": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-3)", - "licenseDeclared": "(LGPL-2.0-only AND LicenseRef-3)", - "licenseInfoFromFiles": []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, - "name": "glibc", - "originator": "Organization: ExampleCodeInspect (contact@example.com)", - "packageFileName": "glibc-2.11.1.tar.gz", - "packageVerificationCode": map[string]interface{}{ - "packageVerificationCodeExcludedFiles": []string{"./package.spdx"}, - "packageVerificationCodeValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", - }, - "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - "summary": "GNU C library.", - "supplier": "Person: Jane Doe (jane.doe@example.com)", - "versionInfo": "2.11.1", - }, - }, - }, - { - name: "success empty", - args: args{ - doc: &spdx.Document2_2{ - Annotations: []*spdx.Annotation2_2{{}}, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderPackage2_2(tt.args.doc, tt.args.jsondocument, make(map[spdx.ElementID]*spdx.File2_2)) - if (err != nil) != tt.wantErr { - t.Errorf("renderPackage2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderPackage2_2() = %v, want %v", v, tt.want[k]) - } - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_relationships.go b/jsonsaver/saver2v2/save_relationships.go deleted file mode 100644 index 42382b3..0000000 --- a/jsonsaver/saver2v2/save_relationships.go +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "github.com/spdx/tools-golang/spdx" -) - -func renderRelationships2_2(relationships []*spdx.Relationship2_2, jsondocument map[string]interface{}) ([]interface{}, error) { - - var rels []interface{} - for _, v := range relationships { - rel := make(map[string]interface{}) - if len(v.RefA.ElementRefID) != 0 || len(v.RefA.DocumentRefID) != 0 { - rel["spdxElementId"] = spdx.RenderDocElementID(v.RefA) - } - if len(v.RefB.ElementRefID) != 0 || len(v.RefB.DocumentRefID) != 0 { - rel["relatedSpdxElement"] = spdx.RenderDocElementID(v.RefB) - } - if v.Relationship != "" { - rel["relationshipType"] = v.Relationship - } - if v.RelationshipComment != "" { - rel["comment"] = v.RelationshipComment - } - rels = append(rels, rel) - } - if len(rels) > 0 { - jsondocument["relationships"] = rels - } - return rels, nil -} diff --git a/jsonsaver/saver2v2/save_relationships_test.go b/jsonsaver/saver2v2/save_relationships_test.go deleted file mode 100644 index bdbde81..0000000 --- a/jsonsaver/saver2v2/save_relationships_test.go +++ /dev/null @@ -1,94 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderRelationships2_2(t *testing.T) { - type args struct { - relationships []*spdx.Relationship2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - relationships: []*spdx.Relationship2_2{ - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, - Relationship: "COPY_OF", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, - Relationship: "CONTAINS", - }, - { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", - RelationshipComment: "This is a comment.", - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", - "relationshipType": "COPY_OF", - }, - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-Package", - "relationshipType": "CONTAINS", - }, - map[string]interface{}{ - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-File", - "relationshipType": "DESCRIBES", - "comment": "This is a comment.", - }, - }, - }, - { - name: "success empty", - args: args{ - relationships: []*spdx.Relationship2_2{ - {}, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderRelationships2_2(tt.args.relationships, tt.args.jsondocument) - if (err != nil) != tt.wantErr { - t.Errorf("renderRelationships2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderRelationships2_2() = %v, want %v", v, tt.want[k]) - } - } - - }) - } -} diff --git a/jsonsaver/saver2v2/save_reviews.go b/jsonsaver/saver2v2/save_reviews.go deleted file mode 100644 index 307b9cf..0000000 --- a/jsonsaver/saver2v2/save_reviews.go +++ /dev/null @@ -1,33 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "fmt" - - "github.com/spdx/tools-golang/spdx" -) - -func renderReviews2_2(reviews []*spdx.Review2_2, jsondocument map[string]interface{}) ([]interface{}, error) { - - var review []interface{} - for _, v := range reviews { - rev := make(map[string]interface{}) - if len(v.ReviewDate) > 0 { - rev["reviewDate"] = v.ReviewDate - } - if len(v.ReviewerType) > 0 || len(v.Reviewer) > 0 { - rev["reviewer"] = fmt.Sprintf("%s: %s", v.ReviewerType, v.Reviewer) - } - if len(v.ReviewComment) > 0 { - rev["comment"] = v.ReviewComment - } - if len(rev) > 0 { - review = append(review, rev) - } - } - if len(review) > 0 { - jsondocument["revieweds"] = review - } - return review, nil -} diff --git a/jsonsaver/saver2v2/save_reviews_test.go b/jsonsaver/saver2v2/save_reviews_test.go deleted file mode 100644 index fa3d405..0000000 --- a/jsonsaver/saver2v2/save_reviews_test.go +++ /dev/null @@ -1,72 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderReviews2_2(t *testing.T) { - type args struct { - reviews []*spdx.Review2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - reviews: []*spdx.Review2_2{ - { - ReviewDate: "2010-02-10T00:00:00Z", - ReviewerType: "Person", - Reviewer: "Joe Reviewer", - ReviewComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "reviewDate": "2010-02-10T00:00:00Z", - "reviewer": "Person: Joe Reviewer", - "comment": "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", - }, - }, - }, - { - name: "success empty", - args: args{ - reviews: []*spdx.Review2_2{ - {}, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderReviews2_2(tt.args.reviews, tt.args.jsondocument) - if (err != nil) != tt.wantErr { - t.Errorf("renderReviews2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderReviews2_2() = %v, want %v", v, tt.want[k]) - } - } - }) - } -} diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go deleted file mode 100644 index ca08e2e..0000000 --- a/jsonsaver/saver2v2/save_snippets.go +++ /dev/null @@ -1,87 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "sort" - - "github.com/spdx/tools-golang/spdx" -) - -func renderSnippets2_2(jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { - - var snippets []interface{} - for _, value := range allfiles { - snippet := make(map[string]interface{}) - - var keys []string - for ke := range value.Snippets { - keys = append(keys, string(ke)) - } - sort.Strings(keys) - for _, k := range keys { - v := value.Snippets[spdx.ElementID(k)] - snippet["SPDXID"] = spdx.RenderElementID(v.SnippetSPDXIdentifier) - if v.SnippetComment != "" { - snippet["comment"] = v.SnippetComment - } - if v.SnippetCopyrightText != "" { - snippet["copyrightText"] = v.SnippetCopyrightText - } - if v.SnippetLicenseComments != "" { - snippet["licenseComments"] = v.SnippetLicenseComments - } - if v.SnippetLicenseConcluded != "" { - snippet["licenseConcluded"] = v.SnippetLicenseConcluded - } - if v.LicenseInfoInSnippet != nil { - snippet["licenseInfoInSnippets"] = v.LicenseInfoInSnippet - } - if v.SnippetName != "" { - snippet["name"] = v.SnippetName - } - if v.SnippetName != "" { - snippet["snippetFromFile"] = spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier) - } - if v.SnippetAttributionTexts != nil { - snippet["attributionTexts"] = v.SnippetAttributionTexts - } - - // save snippet ranges - var ranges []interface{} - - byterange := map[string]interface{}{ - "endPointer": map[string]interface{}{ - "offset": v.SnippetByteRangeEnd, - "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), - }, - "startPointer": map[string]interface{}{ - "offset": v.SnippetByteRangeStart, - "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), - }, - } - linerange := map[string]interface{}{ - "endPointer": map[string]interface{}{ - "lineNumber": v.SnippetLineRangeEnd, - "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), - }, - "startPointer": map[string]interface{}{ - "lineNumber": v.SnippetLineRangeStart, - "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), - }, - } - if len(byterange) > 0 { - ranges = append(ranges, byterange) - } - if len(linerange) > 0 { - ranges = append(ranges, linerange) - } - snippet["ranges"] = ranges - snippets = append(snippets, snippet) - } - } - if len(snippets) > 0 { - jsondocument["snippets"] = snippets - } - return snippets, nil -} diff --git a/jsonsaver/saver2v2/save_snippets_test.go b/jsonsaver/saver2v2/save_snippets_test.go deleted file mode 100644 index dfe0213..0000000 --- a/jsonsaver/saver2v2/save_snippets_test.go +++ /dev/null @@ -1,127 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package saver2v2 - -import ( - "reflect" - "testing" - - "github.com/spdx/tools-golang/spdx" -) - -func Test_renderSnippets2_2(t *testing.T) { - type args struct { - doc *spdx.Document2_2 - jsondocument map[string]interface{} - } - tests := []struct { - name string - args args - want []interface{} - wantErr bool - }{ - // TODO: Add test cases. - { - name: "success", - args: args{ - doc: &spdx.Document2_2{ - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ - "DoapSource": { - FileSPDXIdentifier: "DoapSource", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - "SHA1": { - Algorithm: "SHA1", - Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ - "Snippet": { - SnippetSPDXIdentifier: "Snippet", - SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, - SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - SnippetCopyrightText: "Copyright 2008-2010 John Smith", - SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - SnippetLicenseConcluded: "GPL-2.0-only", - LicenseInfoInSnippet: []string{"GPL-2.0-only"}, - SnippetName: "from linux kernel", - SnippetByteRangeStart: 310, - SnippetByteRangeEnd: 420, - SnippetLineRangeStart: 5, - SnippetLineRangeEnd: 23, - SnippetAttributionTexts: []string{"text1", "text2 "}, - }, - }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - }, - }, - }, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{ - "SPDXID": "SPDXRef-Snippet", - "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText": "Copyright 2008-2010 John Smith", - "licenseComments": "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - "licenseConcluded": "GPL-2.0-only", - "licenseInfoInSnippets": []string{"GPL-2.0-only"}, - "name": "from linux kernel", - "ranges": []interface{}{ - map[string]interface{}{ - "endPointer": map[string]interface{}{ - "offset": 420, - "reference": "SPDXRef-DoapSource", - }, - "startPointer": map[string]interface{}{ - "offset": 310, - "reference": "SPDXRef-DoapSource", - }, - }, - map[string]interface{}{ - "endPointer": map[string]interface{}{ - "lineNumber": 23, - "reference": "SPDXRef-DoapSource", - }, - "startPointer": map[string]interface{}{ - "lineNumber": 5, - "reference": "SPDXRef-DoapSource", - }, - }, - }, - "snippetFromFile": "SPDXRef-DoapSource", - "attributionTexts": []string{"text1", "text2 "}, - }, - }, - }, - { - name: "success empty", - args: args{ - doc: &spdx.Document2_2{}, - jsondocument: make(map[string]interface{}), - }, - want: []interface{}{ - map[string]interface{}{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := renderSnippets2_2(tt.args.jsondocument, tt.args.doc.UnpackagedFiles) - if (err != nil) != tt.wantErr { - t.Errorf("renderSnippets2_2() error = %v, wantErr %v", err, tt.wantErr) - return - } - for k, v := range got { - if !reflect.DeepEqual(v, tt.want[k]) { - t.Errorf("renderSnippets2_2() = %v, want %v", v, tt.want[k]) - } - } - }) - } -} diff --git a/licensediff/licensediff_test.go b/licensediff/licensediff_test.go index bd53f31..2142efc 100644 --- a/licensediff/licensediff_test.go +++ b/licensediff/licensediff_test.go @@ -15,10 +15,10 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f1 := &spdx.File2_1{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + Checksums: []spdx.Checksum{{Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", Algorithm: spdx.SHA1}}, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ - "LicenseRef-We-will-ignore-LicenseInfoInFile", + LicenseInfoInFiles: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFiles", }, FileCopyrightText: "We'll ignore copyright values", } @@ -27,9 +27,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f2 := &spdx.File2_1{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + Checksums: []spdx.Checksum{{Value: "066c5139bd9a43d15812ec1a1755b08ccf199824", Algorithm: spdx.SHA1}}, LicenseConcluded: "GPL-2.0-or-later", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -39,9 +39,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f3 := &spdx.File2_1{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + Checksums: []spdx.Checksum{{Value: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", Algorithm: spdx.SHA1}}, LicenseConcluded: "MPL-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -52,9 +52,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f4_1 := &spdx.File2_1{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + Checksums: []spdx.Checksum{{Value: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", Algorithm: spdx.SHA1}}, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -62,9 +62,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f4_2 := &spdx.File2_1{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + Checksums: []spdx.Checksum{{Value: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", Algorithm: spdx.SHA1}}, LicenseConcluded: "Apache-2.0 AND MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -75,9 +75,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f5_1 := &spdx.File2_1{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + Checksums: []spdx.Checksum{{Value: "ba226db943bbbf455da77afab6f16dbab156d000", Algorithm: spdx.SHA1}}, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -85,9 +85,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f5_2 := &spdx.File2_1{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + Checksums: []spdx.Checksum{{Value: "b6e0ec7d085c5699b46f6f8d425413702652874d", Algorithm: spdx.SHA1}}, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -98,9 +98,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f6_1 := &spdx.File2_1{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + Checksums: []spdx.Checksum{{Value: "ba226db943bbbf455da77afab6f16dbab156d000", Algorithm: spdx.SHA1}}, LicenseConcluded: "CC0-1.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -108,9 +108,9 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { f6_2 := &spdx.File2_1{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + Checksums: []spdx.Checksum{{Value: "b6e0ec7d085c5699b46f6f8d425413702652874d", Algorithm: spdx.SHA1}}, LicenseConcluded: "Unlicense", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -124,19 +124,19 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "abc123abc123", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "abc123abc123"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f2.FileSPDXIdentifier): f2, - spdx.ElementID(f4_1.FileSPDXIdentifier): f4_1, - spdx.ElementID(f5_1.FileSPDXIdentifier): f5_1, - spdx.ElementID(f6_1.FileSPDXIdentifier): f6_1, + Files: []*spdx.File2_1{ + f1, + f2, + f4_1, + f5_1, + f6_1, }, } p2 := &spdx.Package2_1{ @@ -146,19 +146,19 @@ func Test2_1DifferCanCreateDiffPairs(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "def456def456", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "def456def456"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f3.FileSPDXIdentifier): f3, - spdx.ElementID(f4_2.FileSPDXIdentifier): f4_2, - spdx.ElementID(f5_2.FileSPDXIdentifier): f5_2, - spdx.ElementID(f6_2.FileSPDXIdentifier): f6_2, + Files: []*spdx.File2_1{ + f1, + f3, + f4_2, + f5_2, + f6_2, }, } @@ -254,10 +254,10 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f1 := &spdx.File2_1{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + Checksums: []spdx.Checksum{{Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", Algorithm: spdx.SHA1}}, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ - "LicenseRef-We-will-ignore-LicenseInfoInFile", + LicenseInfoInFiles: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFiles", }, FileCopyrightText: "We'll ignore copyright values", } @@ -266,9 +266,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f2 := &spdx.File2_1{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + Checksums: []spdx.Checksum{{Value: "066c5139bd9a43d15812ec1a1755b08ccf199824", Algorithm: spdx.SHA1}}, LicenseConcluded: "GPL-2.0-or-later", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -278,9 +278,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f3 := &spdx.File2_1{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + Checksums: []spdx.Checksum{{Value: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", Algorithm: spdx.SHA1}}, LicenseConcluded: "MPL-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -291,9 +291,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f4_1 := &spdx.File2_1{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + Checksums: []spdx.Checksum{{Value: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", Algorithm: spdx.SHA1}}, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -301,9 +301,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f4_2 := &spdx.File2_1{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + Checksums: []spdx.Checksum{{Value: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", Algorithm: spdx.SHA1}}, LicenseConcluded: "Apache-2.0 AND MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -314,9 +314,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f5_1 := &spdx.File2_1{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + Checksums: []spdx.Checksum{{Value: "ba226db943bbbf455da77afab6f16dbab156d000", Algorithm: spdx.SHA1}}, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -324,9 +324,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f5_2 := &spdx.File2_1{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + Checksums: []spdx.Checksum{{Value: "b6e0ec7d085c5699b46f6f8d425413702652874d", Algorithm: spdx.SHA1}}, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -337,9 +337,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f6_1 := &spdx.File2_1{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + Checksums: []spdx.Checksum{{Value: "ba226db943bbbf455da77afab6f16dbab156d000", Algorithm: spdx.SHA1}}, LicenseConcluded: "CC0-1.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -347,9 +347,9 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { f6_2 := &spdx.File2_1{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + Checksums: []spdx.Checksum{{Value: "b6e0ec7d085c5699b46f6f8d425413702652874d", Algorithm: spdx.SHA1}}, LicenseConcluded: "Unlicense", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -363,19 +363,19 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "abc123abc123", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "abc123abc123"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f2.FileSPDXIdentifier): f2, - spdx.ElementID(f4_1.FileSPDXIdentifier): f4_1, - spdx.ElementID(f5_1.FileSPDXIdentifier): f5_1, - spdx.ElementID(f6_1.FileSPDXIdentifier): f6_1, + Files: []*spdx.File2_1{ + f1, + f2, + f4_1, + f5_1, + f6_1, }, } p2 := &spdx.Package2_1{ @@ -385,19 +385,19 @@ func Test2_1DifferCanCreateDiffStructuredResults(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "def456def456", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "def456def456"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f3.FileSPDXIdentifier): f3, - spdx.ElementID(f4_2.FileSPDXIdentifier): f4_2, - spdx.ElementID(f5_2.FileSPDXIdentifier): f5_2, - spdx.ElementID(f6_2.FileSPDXIdentifier): f6_2, + Files: []*spdx.File2_1{ + f1, + f3, + f4_2, + f5_2, + f6_2, }, } @@ -501,15 +501,14 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ - "LicenseRef-We-will-ignore-LicenseInfoInFile", + LicenseInfoInFiles: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFiles", }, FileCopyrightText: "We'll ignore copyright values", } @@ -518,14 +517,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "GPL-2.0-or-later", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -535,14 +533,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "MPL-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -553,14 +550,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -568,14 +564,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Apache-2.0 AND MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -586,14 +581,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_1 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -601,14 +595,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -619,14 +612,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "CC0-1.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -634,14 +626,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Unlicense", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -655,19 +646,19 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "abc123abc123", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "abc123abc123"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f2.FileSPDXIdentifier): f2, - spdx.ElementID(f4_1.FileSPDXIdentifier): f4_1, - spdx.ElementID(f5_1.FileSPDXIdentifier): f5_1, - spdx.ElementID(f6_1.FileSPDXIdentifier): f6_1, + Files: []*spdx.File2_2{ + f1, + f2, + f4_1, + f5_1, + f6_1, }, } p2 := &spdx.Package2_2{ @@ -677,19 +668,19 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "def456def456", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "def456def456"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f3.FileSPDXIdentifier): f3, - spdx.ElementID(f4_2.FileSPDXIdentifier): f4_2, - spdx.ElementID(f5_2.FileSPDXIdentifier): f5_2, - spdx.ElementID(f6_2.FileSPDXIdentifier): f6_2, + Files: []*spdx.File2_2{ + f1, + f3, + f4_2, + f5_2, + f6_2, }, } @@ -785,15 +776,14 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ - "LicenseRef-We-will-ignore-LicenseInfoInFile", + LicenseInfoInFiles: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFiles", }, FileCopyrightText: "We'll ignore copyright values", } @@ -802,14 +792,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "GPL-2.0-or-later", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -819,14 +808,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "MPL-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -837,14 +825,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -852,14 +839,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Apache-2.0 AND MIT", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -871,7 +857,7 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -879,15 +865,14 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -898,14 +883,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "CC0-1.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -913,14 +897,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - }, + Checksums: []spdx.Checksum{{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, }, LicenseConcluded: "Unlicense", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "NOASSERTION", }, FileCopyrightText: "NOASSERTION", @@ -934,19 +917,19 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "abc123abc123", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "abc123abc123"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f2.FileSPDXIdentifier): f2, - spdx.ElementID(f4_1.FileSPDXIdentifier): f4_1, - spdx.ElementID(f5_1.FileSPDXIdentifier): f5_1, - spdx.ElementID(f6_1.FileSPDXIdentifier): f6_1, + Files: []*spdx.File2_2{ + f1, + f2, + f4_1, + f5_1, + f6_1, }, } p2 := &spdx.Package2_2{ @@ -956,19 +939,19 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, // fake the verification code for present purposes - PackageVerificationCode: "def456def456", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "def456def456"}, PackageLicenseConcluded: "NOASSERTION", PackageLicenseInfoFromFiles: []string{ "NOASSERTION", }, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID(f1.FileSPDXIdentifier): f1, - spdx.ElementID(f3.FileSPDXIdentifier): f3, - spdx.ElementID(f4_2.FileSPDXIdentifier): f4_2, - spdx.ElementID(f5_2.FileSPDXIdentifier): f5_2, - spdx.ElementID(f6_2.FileSPDXIdentifier): f6_2, + Files: []*spdx.File2_2{ + f1, + f3, + f4_2, + f5_2, + f6_2, }, } diff --git a/rdfloader/parser2v2/license_utils.go b/rdfloader/parser2v2/license_utils.go index 80b0a71..0a823ef 100644 --- a/rdfloader/parser2v2/license_utils.go +++ b/rdfloader/parser2v2/license_utils.go @@ -5,6 +5,7 @@ package parser2v2 import ( "fmt" gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/tools-golang/spdx" "strings" ) @@ -25,7 +26,7 @@ func getLicenseStringFromURI(uri string) string { // returns the checksum algorithm and it's value // In the newer versions, these two strings will be bound to a single checksum struct // whose pointer will be returned. -func (parser *rdfParser2_2) getChecksumFromNode(checksumNode *gordfParser.Node) (algorithm string, value string, err error) { +func (parser *rdfParser2_2) getChecksumFromNode(checksumNode *gordfParser.Node) (algorithm spdx.ChecksumAlgorithm, value string, err error) { var checksumValue, checksumAlgorithm string for _, checksumTriple := range parser.nodeToTriples(checksumNode) { switch checksumTriple.Predicate.ID { @@ -45,7 +46,7 @@ func (parser *rdfParser2_2) getChecksumFromNode(checksumNode *gordfParser.Node) return } } - return checksumAlgorithm, checksumValue, nil + return spdx.ChecksumAlgorithm(checksumAlgorithm), checksumValue, nil } func getAlgorithmFromURI(algorithmURI string) (checksumAlgorithm string, err error) { diff --git a/rdfloader/parser2v2/parse_annotation.go b/rdfloader/parser2v2/parse_annotation.go index 92a5610..18e4533 100644 --- a/rdfloader/parser2v2/parse_annotation.go +++ b/rdfloader/parser2v2/parse_annotation.go @@ -59,8 +59,8 @@ func setAnnotatorFromString(annotatorString string, ann *spdx.Annotation2_2) err return err } if subkey == "Person" || subkey == "Organization" || subkey == "Tool" { - ann.AnnotatorType = subkey - ann.Annotator = subvalue + ann.Annotator.AnnotatorType = subkey + ann.Annotator.Annotator = subvalue return nil } return fmt.Errorf("unrecognized Annotator type %v while parsing annotation", subkey) diff --git a/rdfloader/parser2v2/parse_annotation_test.go b/rdfloader/parser2v2/parse_annotation_test.go index 49a099d..0226d85 100644 --- a/rdfloader/parser2v2/parse_annotation_test.go +++ b/rdfloader/parser2v2/parse_annotation_test.go @@ -31,10 +31,10 @@ func Test_setAnnotatorFromString(t *testing.T) { if err != nil { t.Errorf("unexpected error for a valid annotator") } - if ann.AnnotatorType != "Person" { + if ann.Annotator.AnnotatorType != "Person" { t.Errorf("wrnog annotator type: expected: %s, found: %s", "Person", ann.Annotator) } - if ann.Annotator != "Rishabh" { + if ann.Annotator.Annotator != "Rishabh" { t.Errorf("wrong annotator: expected: %s, found: %s", "Rishabh", ann.Annotator) } } @@ -169,11 +169,11 @@ func Test_rdfParser2_2_parseAnnotationFromNode(t *testing.T) { t.Errorf(`expected: "%s", found "%s"`, expectedDate, ann.AnnotationDate) } expectedAnnotator := "Jane Doe" - if expectedAnnotator != ann.Annotator { + if expectedAnnotator != ann.Annotator.Annotator { t.Errorf(`expected: "%s", found "%s"`, expectedAnnotator, ann.Annotator) } - if ann.AnnotatorType != "Person" { - t.Errorf(`expected: "%s", found "%s"`, "Person", ann.AnnotatorType) + if ann.Annotator.AnnotatorType != "Person" { + t.Errorf(`expected: "%s", found "%s"`, "Person", ann.Annotator.AnnotatorType) } expectedAnnotationType := "OTHER" if expectedAnnotationType != ann.AnnotationType { diff --git a/rdfloader/parser2v2/parse_creation_info.go b/rdfloader/parser2v2/parse_creation_info.go index 45c39b1..dc4da77 100644 --- a/rdfloader/parser2v2/parse_creation_info.go +++ b/rdfloader/parser2v2/parse_creation_info.go @@ -35,20 +35,22 @@ func (parser *rdfParser2_2) parseCreationInfoFromNode(ci *spdx.CreationInfo2_2, return nil } -func setCreator(creator string, ci *spdx.CreationInfo2_2) error { - entityType, entity, err := ExtractSubs(creator, ":") +func setCreator(creatorStr string, ci *spdx.CreationInfo2_2) error { + entityType, entity, err := ExtractSubs(creatorStr, ":") if err != nil { return fmt.Errorf("error setting creator of a creation info: %s", err) } + + creator := spdx.Creator{Creator: entity} + switch entityType { - case "Person": - ci.CreatorPersons = append(ci.CreatorPersons, entity) - case "Organization": - ci.CreatorOrganizations = append(ci.CreatorOrganizations, entity) - case "Tool": - ci.CreatorTools = append(ci.CreatorTools, entity) + case "Person", "Organization", "Tool": + creator.CreatorType = entityType default: return fmt.Errorf("unknown creatorType %v in a creation info", entityType) } + + ci.Creators = append(ci.Creators, creator) + return nil } diff --git a/rdfloader/parser2v2/parse_creation_info_test.go b/rdfloader/parser2v2/parse_creation_info_test.go index 9ea62d9..415d18e 100644 --- a/rdfloader/parser2v2/parse_creation_info_test.go +++ b/rdfloader/parser2v2/parse_creation_info_test.go @@ -29,12 +29,12 @@ func Test_setCreator(t *testing.T) { if err != nil { t.Errorf("error parsing a valid input: %v", err) } - if len(ci.CreatorPersons) != 1 { - t.Errorf("creationInfo should've had 1 creatorPersons, found %d", len(ci.CreatorPersons)) + if len(ci.Creators) != 1 { + t.Errorf("creationInfo should've had 1 creatorPersons, found %d", len(ci.Creators)) } expectedPerson := "Jane Doe" - if ci.CreatorPersons[0] != expectedPerson { - t.Errorf("expected %s, found %s", expectedPerson, ci.CreatorPersons[0]) + if ci.Creators[0].Creator != expectedPerson { + t.Errorf("expected %s, found %s", expectedPerson, ci.Creators[0]) } } @@ -88,12 +88,12 @@ func Test_rdfParser2_2_parseCreationInfoFromNode(t *testing.T) { if ci.LicenseListVersion != "2.6" { t.Errorf(`expected %s, found %s`, "2.6", ci.LicenseListVersion) } - n := len(ci.CreatorPersons) + n := len(ci.Creators) if n != 1 { t.Errorf("expected 1 creatorPersons, found %d", n) } - if ci.CreatorPersons[0] != "fossy" { - t.Errorf("expected %s, found %s", "fossy", ci.CreatorPersons[0]) + if ci.Creators[0].Creator != "fossy" { + t.Errorf("expected %s, found %s", "fossy", ci.Creators[0].Creator) } expectedCreated := "2018-08-24T19:55:34Z" if ci.Created != expectedCreated { diff --git a/rdfloader/parser2v2/parse_file.go b/rdfloader/parser2v2/parse_file.go index b3b0e49..a149712 100644 --- a/rdfloader/parser2v2/parse_file.go +++ b/rdfloader/parser2v2/parse_file.go @@ -56,7 +56,7 @@ func (parser *rdfParser2_2) getFileFromNode(fileNode *gordfParser.Node) (file *s // cardinality: min 0 fileType := "" fileType, err = parser.getFileTypeFromUri(subTriple.Object.ID) - file.FileType = append(file.FileType, fileType) + file.FileTypes = append(file.FileTypes, fileType) case SPDX_CHECKSUM: // 4.4 // cardinality: min 1 err = parser.setFileChecksumFromNode(file, subTriple.Object) @@ -73,7 +73,7 @@ func (parser *rdfParser2_2) getFileFromNode(fileNode *gordfParser.Node) (file *s if err != nil { return nil, fmt.Errorf("error parsing licenseInfoInFile: %v", err) } - file.LicenseInfoInFile = append(file.LicenseInfoInFile, lic.ToLicenseString()) + file.LicenseInfoInFiles = append(file.LicenseInfoInFiles, lic.ToLicenseString()) case SPDX_LICENSE_COMMENTS: // 4.7 // cardinality: max 1 file.LicenseComments = subTriple.Object.ID @@ -97,7 +97,7 @@ func (parser *rdfParser2_2) getFileFromNode(fileNode *gordfParser.Node) (file *s file.FileNotice = getNoticeTextFromNode(subTriple.Object) case SPDX_FILE_CONTRIBUTOR: // 4.14 // cardinality: min 0 - file.FileContributor = append(file.FileContributor, subTriple.Object.ID) + file.FileContributors = append(file.FileContributors, subTriple.Object.ID) case SPDX_FILE_DEPENDENCY: // cardinality: min 0 newFile, err := parser.getFileFromNode(subTriple.Object) @@ -130,13 +130,12 @@ func (parser *rdfParser2_2) setFileChecksumFromNode(file *spdx.File2_2, checksum if err != nil { return fmt.Errorf("error parsing checksumNode of a file: %v", err) } - if file.FileChecksums == nil { - file.FileChecksums = map[spdx.ChecksumAlgorithm]spdx.Checksum{} + if file.Checksums == nil { + file.Checksums = []spdx.Checksum{} } switch checksumAlgorithm { case spdx.MD5, spdx.SHA1, spdx.SHA256: - algorithm := spdx.ChecksumAlgorithm(checksumAlgorithm) - file.FileChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksumValue} + file.Checksums = append(file.Checksums, spdx.Checksum{Algorithm: checksumAlgorithm, Value: checksumValue}) case "": return fmt.Errorf("empty checksum algorithm and value") default: @@ -176,13 +175,13 @@ func (parser *rdfParser2_2) getFileTypeFromUri(uri string) (string, error) { return strings.TrimPrefix(lastPart, "fileType_"), nil } -// populates parser.doc.UnpackagedFiles by a list of files which are not +// populates parser.doc.Files by a list of files which are not // associated with a package by the hasFile attribute // assumes: all the packages are already parsed. func (parser *rdfParser2_2) setUnpackagedFiles() { for fileID := range parser.files { if !parser.assocWithPackage[fileID] { - parser.doc.UnpackagedFiles[fileID] = parser.files[fileID] + parser.doc.Files = append(parser.doc.Files, parser.files[fileID]) } } } diff --git a/rdfloader/parser2v2/parse_file_test.go b/rdfloader/parser2v2/parse_file_test.go index 069eb26..8c5ea0d 100644 --- a/rdfloader/parser2v2/parse_file_test.go +++ b/rdfloader/parser2v2/parse_file_test.go @@ -157,18 +157,18 @@ func Test_rdfParser2_2_setUnpackagedFiles(t *testing.T) { rdfParser.setUnpackagedFiles() - // after setting unpackaged files, parser.doc.UnpackagedFiles must've file2 and file3 - if n := len(rdfParser.doc.UnpackagedFiles); n != 2 { + // after setting unpackaged files, parser.doc.Files must've file2 and file3 + if n := len(rdfParser.doc.Files); n != 2 { t.Errorf("unpackage files should've had 2 files, found %d files", n) } // checking if the unpackagedFiles contain only file2 & file3. - for fileID, _ := range rdfParser.doc.UnpackagedFiles { - switch string(fileID) { + for _, file := range rdfParser.doc.Files { + switch string(file.FileSPDXIdentifier) { case "file2", "file3": continue default: - t.Errorf("unexpected file with id %s found in unpackaged files", fileID) + t.Errorf("unexpected file with id %s found in unpackaged files", file.FileSPDXIdentifier) } } } @@ -207,7 +207,7 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { t.Errorf("error parsing a valid checksum node") } checksumValue := "d2356e0fe1c0b85285d83c6b2ad51b5f" - for _, checksum := range file.FileChecksums { + for _, checksum := range file.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != "" { @@ -237,7 +237,7 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - for _, checksum := range file.FileChecksums { + for _, checksum := range file.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != checksumValue { @@ -267,7 +267,7 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - for _, checksum := range file.FileChecksums { + for _, checksum := range file.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != checksumValue { @@ -508,12 +508,12 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedLicenseConcluded, file.LicenseConcluded) } expectedFileType := "source" - if file.FileType[0] != expectedFileType { - t.Errorf("expected %s, found %s", expectedFileType, file.FileType) + if file.FileTypes[0] != expectedFileType { + t.Errorf("expected %s, found %s", expectedFileType, file.FileTypes) } expectedLicenseInfoInFile := "NOASSERTION" - if file.LicenseInfoInFile[0] != expectedLicenseInfoInFile { - t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFile[0]) + if file.LicenseInfoInFiles[0] != expectedLicenseInfoInFile { + t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFiles[0]) } // TestCase 12: checking if recursive dependencies are resolved. @@ -590,17 +590,17 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedFileName, file.FileName) } - if len(file.FileType) != 1 { - t.Errorf("given file should have 1 fileType attribute. found %d", len(file.FileType)) + if len(file.FileTypes) != 1 { + t.Errorf("given file should have 1 fileType attribute. found %d", len(file.FileTypes)) } expectedFileType = "source" - if file.FileType[0] != expectedFileType { - t.Errorf("expected %s, found %s", expectedFileType, file.FileType) + if file.FileTypes[0] != expectedFileType { + t.Errorf("expected %s, found %s", expectedFileType, file.FileTypes) } expectedChecksum := "0a3a0e1ab72b7c132f5021c538a7a3ea6d539bcd" - for _, checksum := range file.FileChecksums { + for _, checksum := range file.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != expectedChecksum { @@ -614,12 +614,12 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedLicenseConcluded, file.LicenseConcluded) } - if len(file.LicenseInfoInFile) != 1 { - t.Errorf("given file should have 1 licenseInfoInFile attribute. found %d", len(file.LicenseInfoInFile)) + if len(file.LicenseInfoInFiles) != 1 { + t.Errorf("given file should have 1 licenseInfoInFile attribute. found %d", len(file.LicenseInfoInFiles)) } expectedLicenseInfoInFile = "NOASSERTION" - if file.LicenseInfoInFile[0] != expectedLicenseInfoInFile { - t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFile[0]) + if file.LicenseInfoInFiles[0] != expectedLicenseInfoInFile { + t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFiles[0]) } expectedLicenseComments := "no comments" @@ -657,12 +657,12 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedNoticeText, file.FileNotice) } - if n := len(file.FileContributor); n != 1 { + if n := len(file.FileContributors); n != 1 { t.Errorf("given file should have 1 fileContributor. found %d", n) } expectedFileContributor := "Some Organization" - if file.FileContributor[0] != expectedFileContributor { - t.Errorf("expected %s, found %s", expectedFileContributor, file.FileContributor) + if file.FileContributors[0] != expectedFileContributor { + t.Errorf("expected %s, found %s", expectedFileContributor, file.FileContributors) } if n := len(file.FileDependencies); n != 1 { @@ -698,12 +698,12 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedAnnotationType, ann.AnnotationType) } expectedAnnotator := "File Commenter" - if ann.Annotator != expectedAnnotator { + if ann.Annotator.Annotator != expectedAnnotator { t.Errorf("expected %s, found %s", expectedAnnotator, ann.Annotator) } expectedAnnotatorType := "Person" if ann.AnnotationType != expectedAnnotationType { - t.Errorf("expected %s, found %s", expectedAnnotatorType, ann.AnnotatorType) + t.Errorf("expected %s, found %s", expectedAnnotatorType, ann.Annotator.AnnotatorType) } if n := len(parser.doc.Relationships); n != 1 { diff --git a/rdfloader/parser2v2/parse_package.go b/rdfloader/parser2v2/parse_package.go index 47a2af8..41ccab3 100644 --- a/rdfloader/parser2v2/parse_package.go +++ b/rdfloader/parser2v2/parse_package.go @@ -40,8 +40,14 @@ func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (p } pkg.PackageSPDXIdentifier = eId // 3.2 - if existingPkg := parser.doc.Packages[eId]; existingPkg != nil { - pkg = existingPkg + // check if we already have a package initialized for this ID + existingPackageIndex := -1 + for ii, existingPkg := range parser.doc.Packages { + if existingPkg != nil && existingPkg.PackageSPDXIdentifier == eId { + existingPackageIndex = ii + pkg = existingPkg + break + } } // iterate over all the triples associated with the provided package packageNode. @@ -150,7 +156,12 @@ func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (p } } - parser.doc.Packages[pkg.PackageSPDXIdentifier] = pkg + if existingPackageIndex != -1 { + parser.doc.Packages[existingPackageIndex] = pkg + } else { + parser.doc.Packages = append(parser.doc.Packages, pkg) + } + return pkg, nil } @@ -199,10 +210,10 @@ func (parser *rdfParser2_2) setPackageVerificationCode(pkg *spdx.Package2_2, nod switch subTriple.Predicate.ID { case SPDX_PACKAGE_VERIFICATION_CODE_VALUE: // cardinality: exactly 1 - pkg.PackageVerificationCode = subTriple.Object.ID + pkg.PackageVerificationCode.Value = subTriple.Object.ID case SPDX_PACKAGE_VERIFICATION_CODE_EXCLUDED_FILE: // cardinality: min 0 - pkg.PackageVerificationCodeExcludedFile = subTriple.Object.ID + pkg.PackageVerificationCode.ExcludedFiles = append(pkg.PackageVerificationCode.ExcludedFiles, subTriple.Object.ID) case RDF_TYPE: // cardinality: exactly 1 continue @@ -217,9 +228,9 @@ func (parser *rdfParser2_2) setPackageVerificationCode(pkg *spdx.Package2_2, nod // file to indicate the file is associated with a package func (parser *rdfParser2_2) setFileToPackage(pkg *spdx.Package2_2, file *spdx.File2_2) { if pkg.Files == nil { - pkg.Files = map[spdx.ElementID]*spdx.File2_2{} + pkg.Files = []*spdx.File2_2{} } - pkg.Files[file.FileSPDXIdentifier] = file + pkg.Files = append(pkg.Files, file) parser.assocWithPackage[file.FileSPDXIdentifier] = true } @@ -228,22 +239,27 @@ func (parser *rdfParser2_2) setFileToPackage(pkg *spdx.Package2_2, file *spdx.Fi // value: [NOASSERTION | [Person | Organization]: string] func setPackageSupplier(pkg *spdx.Package2_2, value string) error { value = strings.TrimSpace(value) + supplier := &spdx.Supplier{} if strings.ToUpper(value) == "NOASSERTION" { - pkg.PackageSupplierNOASSERTION = true + supplier.Supplier = "NOASSERTION" + pkg.PackageSupplier = supplier return nil } + subKey, subValue, err := ExtractSubs(value, ":") if err != nil { return fmt.Errorf("package supplier must be of the form NOASSERTION or [Person|Organization]: string. found: %s", value) } switch subKey { - case "Person": - pkg.PackageSupplierPerson = subValue - case "Organization": - pkg.PackageSupplierOrganization = subValue + case "Person", "Organization": + supplier.Supplier = subValue + supplier.SupplierType = subKey default: return fmt.Errorf("unknown supplier %s", subKey) } + + pkg.PackageSupplier = supplier + return nil } @@ -252,23 +268,27 @@ func setPackageSupplier(pkg *spdx.Package2_2, value string) error { // value: [NOASSERTION | [Person | Organization]: string] func setPackageOriginator(pkg *spdx.Package2_2, value string) error { value = strings.TrimSpace(value) + originator := &spdx.Originator{} if strings.ToUpper(value) == "NOASSERTION" { - pkg.PackageOriginatorNOASSERTION = true + originator.Originator = "NOASSERTION" + pkg.PackageOriginator = originator return nil } + subKey, subValue, err := ExtractSubs(value, ":") if err != nil { - return fmt.Errorf("package originator must be of the form NOASSERTION or [Person|Organization]: string. found: %s", value) + return fmt.Errorf("package Originator must be of the form NOASSERTION or [Person|Organization]: string. found: %s", value) } - switch subKey { - case "Person": - pkg.PackageOriginatorPerson = subValue - case "Organization": - pkg.PackageOriginatorOrganization = subValue + case "Person", "Organization": + originator.Originator = subValue + originator.OriginatorType = subKey default: - return fmt.Errorf("originator can be either a Person or Organization. found %s", subKey) + return fmt.Errorf("unknown Originator %s", subKey) } + + pkg.PackageOriginator = originator + return nil } @@ -302,12 +322,11 @@ func (parser *rdfParser2_2) setPackageChecksum(pkg *spdx.Package2_2, node *gordf return fmt.Errorf("error getting checksum algorithm and value from %v", node) } if pkg.PackageChecksums == nil { - pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum) + pkg.PackageChecksums = make([]spdx.Checksum, 0, 1) } switch checksumAlgorithm { case spdx.MD5, spdx.SHA1, spdx.SHA256: - algorithm := spdx.ChecksumAlgorithm(checksumAlgorithm) - pkg.PackageChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksumValue} + pkg.PackageChecksums = append(pkg.PackageChecksums, spdx.Checksum{Algorithm: checksumAlgorithm, Value: checksumValue}) default: return fmt.Errorf("unknown checksumAlgorithm %s while parsing a package", checksumAlgorithm) } diff --git a/rdfloader/parser2v2/parse_package_test.go b/rdfloader/parser2v2/parse_package_test.go index 9744760..c1bc7ed 100644 --- a/rdfloader/parser2v2/parse_package_test.go +++ b/rdfloader/parser2v2/parse_package_test.go @@ -19,8 +19,8 @@ func Test_setPackageSupplier(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if !pkg.PackageSupplierNOASSERTION { - t.Errorf("PackageSupplierNOASSERTION must've been set to true") + if pkg.PackageSupplier.Supplier != "NOASSERTION" { + t.Errorf("PackageSupplier must've been set to NOASSERTION") } // TestCase 2: lower-case noassertion must also set the @@ -30,8 +30,8 @@ func Test_setPackageSupplier(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if !pkg.PackageSupplierNOASSERTION { - t.Errorf("PackageSupplierNOASSERTION must've been set to true") + if pkg.PackageSupplier.Supplier != "NOASSERTION" { + t.Errorf("PackageSupplier must've been set to NOASSERTION") } // TestCase 3: invalid input without colon separator. must raise an error @@ -50,8 +50,8 @@ func Test_setPackageSupplier(t *testing.T) { if err != nil { t.Errorf("unexpected error: %v", err) } - if pkg.PackageSupplierPerson != personName { - t.Errorf("PackageSupplierPerson should be %s. found %s", personName, pkg.PackageSupplierPerson) + if pkg.PackageSupplier.Supplier != personName { + t.Errorf("PackageSupplierPerson should be %s. found %s", personName, pkg.PackageSupplier.Supplier) } // TestCase 5: Valid Organization @@ -62,8 +62,8 @@ func Test_setPackageSupplier(t *testing.T) { if err != nil { t.Errorf("unexpected error: %v", err) } - if pkg.PackageSupplierOrganization != orgName { - t.Errorf("PackageSupplierPerson should be %s. found %s", orgName, pkg.PackageSupplierOrganization) + if pkg.PackageSupplier.Supplier != orgName { + t.Errorf("PackageSupplierPerson should be %s. found %s", orgName, pkg.PackageSupplier.Supplier) } // TestCase 6: Invalid EntityType @@ -84,8 +84,8 @@ func Test_setPackageOriginator(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if !pkg.PackageOriginatorNOASSERTION { - t.Errorf("PackageOriginatorNOASSERTION must've been set to true") + if pkg.PackageOriginator.Originator != "NOASSERTION" { + t.Errorf("PackageOriginator must've been set to NOASSERTION") } // TestCase 2: lower-case noassertion must also set the @@ -95,8 +95,8 @@ func Test_setPackageOriginator(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if !pkg.PackageOriginatorNOASSERTION { - t.Errorf("PackageOriginatorNOASSERTION must've been set to true") + if pkg.PackageOriginator.Originator != "NOASSERTION" { + t.Errorf("PackageOriginator must've been set to NOASSERTION") } // TestCase 3: invalid input without colon separator. must raise an error @@ -115,8 +115,8 @@ func Test_setPackageOriginator(t *testing.T) { if err != nil { t.Errorf("unexpected error: %v", err) } - if pkg.PackageOriginatorPerson != personName { - t.Errorf("PackageOriginatorPerson should be %s. found %s", personName, pkg.PackageOriginatorPerson) + if pkg.PackageOriginator.Originator != personName { + t.Errorf("PackageOriginatorPerson should be %s. found %s", personName, pkg.PackageOriginator.Originator) } // TestCase 5: Valid Organization @@ -127,8 +127,8 @@ func Test_setPackageOriginator(t *testing.T) { if err != nil { t.Errorf("unexpected error: %v", err) } - if pkg.PackageOriginatorOrganization != orgName { - t.Errorf("PackageOriginatorOrganization should be %s. found %s", orgName, pkg.PackageOriginatorOrganization) + if pkg.PackageOriginator.Originator != orgName { + t.Errorf("PackageOriginatorOrganization should be %s. found %s", orgName, pkg.PackageOriginator.Originator) } // TestCase 6: Invalid EntityType @@ -175,12 +175,12 @@ func Test_rdfParser2_2_setPackageVerificationCode(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedValue := "cbceb8b5689b75a584efe35587b5d41bd48820ce" - if pkg.PackageVerificationCode != expectedValue { + if pkg.PackageVerificationCode.Value != expectedValue { t.Errorf("expected %v, got %v", expectedValue, pkg.PackageVerificationCode) } expectedExcludedFile := "./package.spdx" - if pkg.PackageVerificationCodeExcludedFile != expectedExcludedFile { - t.Errorf("expected %v, got %v", expectedExcludedFile, pkg.PackageVerificationCodeExcludedFile) + if pkg.PackageVerificationCode.ExcludedFiles[0] != expectedExcludedFile { + t.Errorf("expected %v, got %v", expectedExcludedFile, pkg.PackageVerificationCode.ExcludedFiles) } } diff --git a/rdfloader/parser2v2/parse_snippet_info.go b/rdfloader/parser2v2/parse_snippet_info.go index d9c8279..a09d671 100644 --- a/rdfloader/parser2v2/parse_snippet_info.go +++ b/rdfloader/parser2v2/parse_snippet_info.go @@ -31,7 +31,8 @@ func (parser *rdfParser2_2) getSnippetInformationFromNode2_2(node *gordfParser.N if err != nil { return nil, err } - si.SnippetFromFileSPDXIdentifier, err = ExtractDocElementID(getLastPartOfURI(siTriple.Object.ID)) + docElemID, err := ExtractDocElementID(getLastPartOfURI(siTriple.Object.ID)) + si.SnippetFromFileSPDXIdentifier = docElemID.ElementRefID case SPDX_RANGE: // cardinality: min 1 err = parser.setSnippetRangeFromNode(siTriple.Object, si) @@ -131,12 +132,17 @@ func (parser *rdfParser2_2) setSnippetRangeFromNode(node *gordfParser.Node, si * return fmt.Errorf("start and end range type doesn't match") } + si.Ranges = []spdx.SnippetRange{{ + StartPointer: spdx.SnippetRangePointer{FileSPDXIdentifier: si.SnippetFromFileSPDXIdentifier}, + EndPointer: spdx.SnippetRangePointer{FileSPDXIdentifier: si.SnippetFromFileSPDXIdentifier}, + }} + if startRangeType == LINE_RANGE { - si.SnippetLineRangeStart = start - si.SnippetLineRangeEnd = end + si.Ranges[0].StartPointer.LineNumber = start + si.Ranges[0].EndPointer.LineNumber = end } else { - si.SnippetByteRangeStart = start - si.SnippetByteRangeEnd = end + si.Ranges[0].StartPointer.Offset = start + si.Ranges[0].EndPointer.Offset = end } return nil } diff --git a/rdfloader/parser2v2/parse_spdx_document.go b/rdfloader/parser2v2/parse_spdx_document.go index e98fbf6..6159317 100644 --- a/rdfloader/parser2v2/parse_spdx_document.go +++ b/rdfloader/parser2v2/parse_spdx_document.go @@ -18,8 +18,8 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) if err != nil { return err } - ci.DocumentNamespace = baseUri // 2.5 - ci.SPDXIdentifier = spdx.ElementID(offset) // 2.3 + parser.doc.DocumentNamespace = baseUri // 2.5 + parser.doc.SPDXIdentifier = spdx.ElementID(offset) // 2.3 // parse other associated triples. for _, subTriple := range parser.nodeToTriples(spdxDocNode) { @@ -29,17 +29,17 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) continue case SPDX_SPEC_VERSION: // 2.1: specVersion // cardinality: exactly 1 - ci.SPDXVersion = objectValue + parser.doc.SPDXVersion = objectValue case SPDX_DATA_LICENSE: // 2.2: dataLicense // cardinality: exactly 1 dataLicense, err := parser.getAnyLicenseFromNode(subTriple.Object) if err != nil { return err } - ci.DataLicense = dataLicense.ToLicenseString() + parser.doc.DataLicense = dataLicense.ToLicenseString() case SPDX_NAME: // 2.4: DocumentName // cardinality: exactly 1 - ci.DocumentName = objectValue + parser.doc.DocumentName = objectValue case SPDX_EXTERNAL_DOCUMENT_REF: // 2.6: externalDocumentReferences // cardinality: min 0 var extRef spdx.ExternalDocumentRef2_2 @@ -47,13 +47,13 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) if err != nil { return err } - ci.ExternalDocumentReferences[extRef.DocumentRefID] = extRef + parser.doc.ExternalDocumentReferences = append(parser.doc.ExternalDocumentReferences, extRef) case SPDX_CREATION_INFO: // 2.7 - 2.10: // cardinality: exactly 1 err = parser.parseCreationInfoFromNode(ci, subTriple.Object) case RDFS_COMMENT: // 2.11: Document Comment // cardinality: max 1 - ci.DocumentComment = objectValue + parser.doc.DocumentComment = objectValue case SPDX_REVIEWED: // reviewed: // cardinality: min 0 err = parser.setReviewFromNode(subTriple.Object) @@ -64,7 +64,7 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) if err != nil { return err } - parser.doc.Packages[pkg.PackageSPDXIdentifier] = pkg + parser.doc.Packages = append(parser.doc.Packages, pkg) case SPDX_HAS_EXTRACTED_LICENSING_INFO: // hasExtractedLicensingInfo // cardinality: min 0 extractedLicensingInfo, err := parser.getExtractedLicensingInfoFromNode(subTriple.Object) @@ -102,10 +102,12 @@ func (parser *rdfParser2_2) getExternalDocumentRefFromNode(node *gordfParser.Nod edr.URI = triple.Object.ID case SPDX_CHECKSUM: // cardinality: exactly 1 - edr.Alg, edr.Checksum, err = parser.getChecksumFromNode(triple.Object) + alg, checksum, err := parser.getChecksumFromNode(triple.Object) if err != nil { return edr, err } + edr.Checksum.Value = checksum + edr.Checksum.Algorithm = alg case RDF_TYPE: continue default: diff --git a/rdfloader/parser2v2/parser.go b/rdfloader/parser2v2/parser.go index ec4f7ff..6329dc4 100644 --- a/rdfloader/parser2v2/parser.go +++ b/rdfloader/parser2v2/parser.go @@ -16,19 +16,18 @@ func NewParser2_2(gordfParserObj *gordfParser.Parser, nodeToTriples map[string][ gordfParserObj: gordfParserObj, nodeStringToTriples: nodeToTriples, doc: &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{}, - UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{}, - OtherLicenses: []*spdx.OtherLicense2_2{}, - Relationships: []*spdx.Relationship2_2{}, - Annotations: []*spdx.Annotation2_2{}, - Reviews: []*spdx.Review2_2{}, + ExternalDocumentReferences: []spdx.ExternalDocumentRef2_2{}, + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{}, + Files: []*spdx.File2_2{}, + OtherLicenses: []*spdx.OtherLicense2_2{}, + Relationships: []*spdx.Relationship2_2{}, + Annotations: []*spdx.Annotation2_2{}, + Reviews: []*spdx.Review2_2{}, }, files: map[spdx.ElementID]*spdx.File2_2{}, assocWithPackage: map[spdx.ElementID]bool{}, - cache: map[string]*nodeState{}, + cache: map[string]*nodeState{}, } return &parser } @@ -66,7 +65,7 @@ func LoadFromGoRDFParser(gordfParserObj *gordfParser.Parser) (*spdx.Document2_2, if err != nil { return nil, fmt.Errorf("error parsing a snippet: %v", err) } - err = parser.setSnippetToFileWithID(snippet, snippet.SnippetFromFileSPDXIdentifier.ElementRefID) + err = parser.setSnippetToFileWithID(snippet, snippet.SnippetFromFileSPDXIdentifier) if err != nil { return nil, err } @@ -81,7 +80,7 @@ func LoadFromGoRDFParser(gordfParserObj *gordfParser.Parser) (*spdx.Document2_2, // parsing packages and files sets the files to a files variable which is // associated with the parser and not the document. following method is // necessary to transfer the files which are not set in the packages to the - // UnpackagedFiles attribute of the document + // Files attribute of the document // WARNING: do not relocate following function call. It must be at the end of the function parser.setUnpackagedFiles() return parser.doc, nil diff --git a/rdfloader/parser2v2/parser_test.go b/rdfloader/parser2v2/parser_test.go index 0d9c30d..11b2da6 100644 --- a/rdfloader/parser2v2/parser_test.go +++ b/rdfloader/parser2v2/parser_test.go @@ -24,8 +24,8 @@ func TestNewParser2_2(t *testing.T) { if parser.doc.Packages == nil { t.Errorf("doc.Packages should've been initialised, got %v", parser.doc.Packages) } - if parser.doc.UnpackagedFiles == nil { - t.Errorf("doc.UnpackagedFiles should've been initialised, got %v", parser.doc.UnpackagedFiles) + if parser.doc.Files == nil { + t.Errorf("doc.Files should've been initialised, got %v", parser.doc.Files) } } diff --git a/reporter/reporter_test.go b/reporter/reporter_test.go index 9de377e..eceeb7b 100644 --- a/reporter/reporter_test.go +++ b/reporter/reporter_test.go @@ -13,19 +13,19 @@ import ( func Test2_1ReporterCanMakeReportFromPackage(t *testing.T) { pkg := &spdx.Package2_1{ FilesAnalyzed: true, - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File0"): &spdx.File2_1{FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, - spdx.ElementID("File1"): &spdx.File2_1{FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File2"): &spdx.File2_1{FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, - spdx.ElementID("File3"): &spdx.File2_1{FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, - spdx.ElementID("File4"): &spdx.File2_1{FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File5"): &spdx.File2_1{FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File6"): &spdx.File2_1{FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File7"): &spdx.File2_1{FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File8"): &spdx.File2_1{FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, - spdx.ElementID("File9"): &spdx.File2_1{FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File10"): &spdx.File2_1{FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File11"): &spdx.File2_1{FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, + Files: []*spdx.File2_1{ + {FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, }, } @@ -71,19 +71,19 @@ func Test2_1ReporterReturnsErrorIfPackageFilesNotAnalyzed(t *testing.T) { func Test2_1CanGetCountsOfLicenses(t *testing.T) { pkg := &spdx.Package2_1{ FilesAnalyzed: true, - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File0"): &spdx.File2_1{FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, - spdx.ElementID("File1"): &spdx.File2_1{FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File2"): &spdx.File2_1{FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, - spdx.ElementID("File3"): &spdx.File2_1{FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, - spdx.ElementID("File4"): &spdx.File2_1{FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File5"): &spdx.File2_1{FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File6"): &spdx.File2_1{FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File7"): &spdx.File2_1{FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File8"): &spdx.File2_1{FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, - spdx.ElementID("File9"): &spdx.File2_1{FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File10"): &spdx.File2_1{FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File11"): &spdx.File2_1{FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, + Files: []*spdx.File2_1{ + {FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, }, } @@ -137,19 +137,19 @@ func Test2_1NilPackageReturnsZeroCountsOfLicenses(t *testing.T) { func Test2_2ReporterCanMakeReportFromPackage(t *testing.T) { pkg := &spdx.Package2_2{ FilesAnalyzed: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File0"): &spdx.File2_2{FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, - spdx.ElementID("File1"): &spdx.File2_2{FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File2"): &spdx.File2_2{FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, - spdx.ElementID("File3"): &spdx.File2_2{FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, - spdx.ElementID("File4"): &spdx.File2_2{FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File5"): &spdx.File2_2{FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File6"): &spdx.File2_2{FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File7"): &spdx.File2_2{FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File8"): &spdx.File2_2{FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, - spdx.ElementID("File9"): &spdx.File2_2{FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File10"): &spdx.File2_2{FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File11"): &spdx.File2_2{FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, + Files: []*spdx.File2_2{ + {FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, }, } @@ -195,19 +195,19 @@ func Test2_2ReporterReturnsErrorIfPackageFilesNotAnalyzed(t *testing.T) { func Test2_2CanGetCountsOfLicenses(t *testing.T) { pkg := &spdx.Package2_2{ FilesAnalyzed: true, - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File0"): &spdx.File2_2{FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, - spdx.ElementID("File1"): &spdx.File2_2{FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File2"): &spdx.File2_2{FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, - spdx.ElementID("File3"): &spdx.File2_2{FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, - spdx.ElementID("File4"): &spdx.File2_2{FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File5"): &spdx.File2_2{FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, - spdx.ElementID("File6"): &spdx.File2_2{FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File7"): &spdx.File2_2{FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File8"): &spdx.File2_2{FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, - spdx.ElementID("File9"): &spdx.File2_2{FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File10"): &spdx.File2_2{FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, - spdx.ElementID("File11"): &spdx.File2_2{FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, + Files: []*spdx.File2_2{ + {FileSPDXIdentifier: "File0", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File1", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File2", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File3", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File4", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File5", LicenseConcluded: "NOASSERTION"}, + {FileSPDXIdentifier: "File6", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File7", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File8", LicenseConcluded: "MIT"}, + {FileSPDXIdentifier: "File9", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File10", LicenseConcluded: "GPL-2.0-only"}, + {FileSPDXIdentifier: "File11", LicenseConcluded: "NOASSERTION"}, }, } diff --git a/spdx/annotation.go b/spdx/annotation.go index ede9c8a..560b6f0 100644 --- a/spdx/annotation.go +++ b/spdx/annotation.go @@ -2,54 +2,91 @@ package spdx -// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec. -type Annotation2_1 struct { +import ( + "encoding/json" + "fmt" + "strings" +) - // 8.1: Annotator - // Cardinality: conditional (mandatory, one) if there is an Annotation +type Annotator struct { Annotator string // including AnnotatorType: one of "Person", "Organization" or "Tool" AnnotatorType string +} + +// UnmarshalJSON takes an annotator in the typical one-line format and parses it into an Annotator struct. +// This function is also used when unmarshalling YAML +func (a *Annotator) UnmarshalJSON(data []byte) error { + // annotator will simply be a string + annotatorStr := string(data) + annotatorStr = strings.Trim(annotatorStr, "\"") + + annotatorFields := strings.SplitN(annotatorStr, ": ", 2) + + if len(annotatorFields) != 2 { + return fmt.Errorf("failed to parse Annotator '%s'", annotatorStr) + } + + a.AnnotatorType = annotatorFields[0] + a.Annotator = annotatorFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing an Annotator in string form. +// This function is also used when marshalling to YAML +func (a Annotator) MarshalJSON() ([]byte, error) { + if a.Annotator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", a.AnnotatorType, a.Annotator)) + } + + return []byte{}, nil +} + +// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec. +type Annotation2_1 struct { + // 8.1: Annotator + // Cardinality: conditional (mandatory, one) if there is an Annotation + Annotator Annotator `json:"annotator"` // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationDate string + AnnotationDate string `json:"annotationDate"` // 8.3: Annotation Type: "REVIEW" or "OTHER" // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationType string + AnnotationType string `json:"annotationType"` // 8.4: SPDX Identifier Reference // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationSPDXIdentifier DocElementID + // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. + AnnotationSPDXIdentifier DocElementID `json:"-"` // 8.5: Annotation Comment // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationComment string + AnnotationComment string `json:"comment"` } // Annotation2_2 is an Annotation section of an SPDX Document for version 2.2 of the spec. type Annotation2_2 struct { - // 8.1: Annotator // Cardinality: conditional (mandatory, one) if there is an Annotation - Annotator string - // including AnnotatorType: one of "Person", "Organization" or "Tool" - AnnotatorType string + Annotator Annotator `json:"annotator"` // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationDate string + AnnotationDate string `json:"annotationDate"` // 8.3: Annotation Type: "REVIEW" or "OTHER" // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationType string + AnnotationType string `json:"annotationType"` // 8.4: SPDX Identifier Reference // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationSPDXIdentifier DocElementID + // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. + AnnotationSPDXIdentifier DocElementID `json:"-"` // 8.5: Annotation Comment // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationComment string + AnnotationComment string `json:"comment"` } diff --git a/spdx/checksum.go b/spdx/checksum.go index 872aee2..3295969 100644 --- a/spdx/checksum.go +++ b/spdx/checksum.go @@ -2,25 +2,25 @@ package spdx -// ChecksumAlgorithm2_2 represents the algorithm used to generate the file checksum in the Checksum2_2 struct. +// ChecksumAlgorithm represents the algorithm used to generate the file checksum in the Checksum struct. type ChecksumAlgorithm string // The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum const ( SHA224 ChecksumAlgorithm = "SHA224" - SHA1 = "SHA1" - SHA256 = "SHA256" - SHA384 = "SHA384" - SHA512 = "SHA512" - MD2 = "MD2" - MD4 = "MD4" - MD5 = "MD5" - MD6 = "MD6" + SHA1 ChecksumAlgorithm = "SHA1" + SHA256 ChecksumAlgorithm = "SHA256" + SHA384 ChecksumAlgorithm = "SHA384" + SHA512 ChecksumAlgorithm = "SHA512" + MD2 ChecksumAlgorithm = "MD2" + MD4 ChecksumAlgorithm = "MD4" + MD5 ChecksumAlgorithm = "MD5" + MD6 ChecksumAlgorithm = "MD6" ) -//Checksum2_2 struct Provide a unique identifier to match analysis information on each specific file in a package. -// The Algorithm field describes the ChecksumAlgorithm2_2 used and the Value represents the file checksum +// Checksum provides a unique identifier to match analysis information on each specific file in a package. +// The Algorithm field describes the ChecksumAlgorithm used and the Value represents the file checksum type Checksum struct { - Algorithm ChecksumAlgorithm - Value string + Algorithm ChecksumAlgorithm `json:"algorithm"` + Value string `json:"checksumValue"` } diff --git a/spdx/creation_info.go b/spdx/creation_info.go index 1bdaaab..c0b6f63 100644 --- a/spdx/creation_info.go +++ b/spdx/creation_info.go @@ -2,146 +2,85 @@ package spdx -// CreationInfo2_1 is a Document Creation Information section of an -// SPDX Document for version 2.1 of the spec. -type CreationInfo2_1 struct { +import ( + "encoding/json" + "fmt" + "strings" +) + +// Creator is a wrapper around the Creator SPDX field. The SPDX field contains two values, which requires special +// handling in order to marshal/unmarshal it to/from Go data types. +type Creator struct { + Creator string + // CreatorType should be one of "Person", "Organization", or "Tool" + CreatorType string +} - // 2.1: SPDX Version; should be in the format "SPDX-2.1" - // Cardinality: mandatory, one - SPDXVersion string +// UnmarshalJSON takes an annotator in the typical one-line format and parses it into a Creator struct. +// This function is also used when unmarshalling YAML +func (c *Creator) UnmarshalJSON(data []byte) error { + str := string(data) + str = strings.Trim(str, "\"") + fields := strings.SplitN(str, ": ", 2) - // 2.2: Data License; should be "CC0-1.0" - // Cardinality: mandatory, one - DataLicense string + if len(fields) != 2 { + return fmt.Errorf("failed to parse Creator '%s'", str) + } - // 2.3: SPDX Identifier; should be "DOCUMENT" to represent - // mandatory identifier of SPDXRef-DOCUMENT - // Cardinality: mandatory, one - SPDXIdentifier ElementID + c.CreatorType = fields[0] + c.Creator = fields[1] - // 2.4: Document Name - // Cardinality: mandatory, one - DocumentName string + return nil +} - // 2.5: Document Namespace - // Cardinality: mandatory, one - DocumentNamespace string +// MarshalJSON converts the receiver into a slice of bytes representing a Creator in string form. +// This function is also used with marshalling to YAML +func (c Creator) MarshalJSON() ([]byte, error) { + if c.Creator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", c.CreatorType, c.Creator)) + } - // 2.6: External Document References - // Cardinality: optional, one or many - ExternalDocumentReferences map[string]ExternalDocumentRef2_1 + return []byte{}, nil +} +// CreationInfo2_1 is a Document Creation Information section of an +// SPDX Document for version 2.1 of the spec. +type CreationInfo2_1 struct { // 2.7: License List Version // Cardinality: optional, one - LicenseListVersion string + LicenseListVersion string `json:"licenseListVersion"` // 2.8: Creators: may have multiple keys for Person, Organization // and/or Tool // Cardinality: mandatory, one or many - CreatorPersons []string - CreatorOrganizations []string - CreatorTools []string + Creators []Creator `json:"creators"` // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ // Cardinality: mandatory, one - Created string + Created string `json:"created"` // 2.10: Creator Comment // Cardinality: optional, one - CreatorComment string - - // 2.11: Document Comment - // Cardinality: optional, one - DocumentComment string -} - -// ExternalDocumentRef2_1 is a reference to an external SPDX document -// as defined in section 2.6 for version 2.1 of the spec. -type ExternalDocumentRef2_1 struct { - - // DocumentRefID is the ID string defined in the start of the - // reference. It should _not_ contain the "DocumentRef-" part - // of the mandatory ID string. - DocumentRefID string - - // URI is the URI defined for the external document - URI string - - // Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256" - Alg string - - // Checksum is the actual hash data - Checksum string + CreatorComment string `json:"comment"` } // CreationInfo2_2 is a Document Creation Information section of an // SPDX Document for version 2.2 of the spec. type CreationInfo2_2 struct { - - // 2.1: SPDX Version; should be in the format "SPDX-2.2" - // Cardinality: mandatory, one - SPDXVersion string - - // 2.2: Data License; should be "CC0-1.0" - // Cardinality: mandatory, one - DataLicense string - - // 2.3: SPDX Identifier; should be "DOCUMENT" to represent - // mandatory identifier of SPDXRef-DOCUMENT - // Cardinality: mandatory, one - SPDXIdentifier ElementID - - // 2.4: Document Name - // Cardinality: mandatory, one - DocumentName string - - // 2.5: Document Namespace - // Cardinality: mandatory, one - DocumentNamespace string - - // 2.6: External Document References - // Cardinality: optional, one or many - ExternalDocumentReferences map[string]ExternalDocumentRef2_2 - // 2.7: License List Version // Cardinality: optional, one - LicenseListVersion string + LicenseListVersion string `json:"licenseListVersion"` // 2.8: Creators: may have multiple keys for Person, Organization // and/or Tool // Cardinality: mandatory, one or many - CreatorPersons []string - CreatorOrganizations []string - CreatorTools []string + Creators []Creator `json:"creators"` // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ // Cardinality: mandatory, one - Created string + Created string `json:"created"` // 2.10: Creator Comment // Cardinality: optional, one - CreatorComment string - - // 2.11: Document Comment - // Cardinality: optional, one - DocumentComment string -} - -// ExternalDocumentRef2_2 is a reference to an external SPDX document -// as defined in section 2.6 for version 2.2 of the spec. -type ExternalDocumentRef2_2 struct { - - // DocumentRefID is the ID string defined in the start of the - // reference. It should _not_ contain the "DocumentRef-" part - // of the mandatory ID string. - DocumentRefID string - - // URI is the URI defined for the external document - URI string - - // Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256" - Alg string - - // Checksum is the actual hash data - Checksum string + CreatorComment string `json:"comment"` } diff --git a/spdx/document.go b/spdx/document.go index 6a7bc3d..a3117cb 100644 --- a/spdx/document.go +++ b/spdx/document.go @@ -3,15 +3,75 @@ // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later package spdx +// ExternalDocumentRef2_1 is a reference to an external SPDX document +// as defined in section 2.6 for version 2.1 of the spec. +type ExternalDocumentRef2_1 struct { + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string `json:"externalDocumentId"` + + // URI is the URI defined for the external document + URI string `json:"spdxDocument"` + + // Checksum is the actual hash data + Checksum Checksum `json:"checksum"` +} + +// ExternalDocumentRef2_2 is a reference to an external SPDX document +// as defined in section 2.6 for version 2.2 of the spec. +type ExternalDocumentRef2_2 struct { + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string `json:"externalDocumentId"` + + // URI is the URI defined for the external document + URI string `json:"spdxDocument"` + + // Checksum is the actual hash data + Checksum Checksum `json:"checksum"` +} + // Document2_1 is an SPDX Document for version 2.1 of the spec. // See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf type Document2_1 struct { - CreationInfo *CreationInfo2_1 - Packages map[ElementID]*Package2_1 - UnpackagedFiles map[ElementID]*File2_1 - OtherLicenses []*OtherLicense2_1 - Relationships []*Relationship2_1 - Annotations []*Annotation2_1 + // 2.1: SPDX Version; should be in the format "SPDX-2.1" + // Cardinality: mandatory, one + SPDXVersion string `json:"spdxVersion"` + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string `json:"dataLicense"` + + // 2.3: SPDX Identifier; should be "DOCUMENT" to represent + // mandatory identifier of SPDXRef-DOCUMENT + // Cardinality: mandatory, one + SPDXIdentifier ElementID `json:"SPDXID"` + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string `json:"name"` + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string `json:"documentNamespace"` + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []ExternalDocumentRef2_1 `json:"externalDocumentRefs,omitempty"` + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string `json:"comment,omitempty"` + + CreationInfo *CreationInfo2_1 `json:"creationInfo"` + Packages []*Package2_1 `json:"packages"` + Files []*File2_1 `json:"files"` + OtherLicenses []*OtherLicense2_1 `json:"hasExtractedLicensingInfos"` + Relationships []*Relationship2_1 `json:"relationships"` + Annotations []*Annotation2_1 `json:"annotations"` + Snippets []Snippet2_1 `json:"snippets"` // DEPRECATED in version 2.0 of spec Reviews []*Review2_1 @@ -20,12 +80,42 @@ type Document2_1 struct { // Document2_2 is an SPDX Document for version 2.2 of the spec. // See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT) type Document2_2 struct { - CreationInfo *CreationInfo2_2 - Packages map[ElementID]*Package2_2 - UnpackagedFiles map[ElementID]*File2_2 - OtherLicenses []*OtherLicense2_2 - Relationships []*Relationship2_2 - Annotations []*Annotation2_2 + // 2.1: SPDX Version; should be in the format "SPDX-2.2" + // Cardinality: mandatory, one + SPDXVersion string `json:"spdxVersion"` + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string `json:"dataLicense"` + + // 2.3: SPDX Identifier; should be "DOCUMENT" to represent + // mandatory identifier of SPDXRef-DOCUMENT + // Cardinality: mandatory, one + SPDXIdentifier ElementID `json:"SPDXID"` + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string `json:"name"` + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string `json:"documentNamespace"` + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []ExternalDocumentRef2_2 `json:"externalDocumentRefs,omitempty"` + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string `json:"comment,omitempty"` + + CreationInfo *CreationInfo2_2 `json:"creationInfo"` + Packages []*Package2_2 `json:"packages"` + Files []*File2_2 `json:"files"` + OtherLicenses []*OtherLicense2_2 `json:"hasExtractedLicensingInfos"` + Relationships []*Relationship2_2 `json:"relationships"` + Annotations []*Annotation2_2 `json:"annotations"` + Snippets []Snippet2_2 `json:"snippets"` // DEPRECATED in version 2.0 of spec Reviews []*Review2_2 diff --git a/spdx/file.go b/spdx/file.go index a745dc3..01dbb36 100644 --- a/spdx/file.go +++ b/spdx/file.go @@ -4,68 +4,67 @@ package spdx // File2_1 is a File section of an SPDX Document for version 2.1 of the spec. type File2_1 struct { - // 4.1: File Name // Cardinality: mandatory, one - FileName string + FileName string `json:"fileName"` // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - FileSPDXIdentifier ElementID + FileSPDXIdentifier ElementID `json:"SPDXID"` - // 4.3: File Type + // 4.3: File Types // Cardinality: optional, multiple - FileType []string + FileTypes []string `json:"fileTypes,omitempty"` // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: mandatory, one SHA1, others may be optionally provided - FileChecksumSHA1 string - FileChecksumSHA256 string - FileChecksumMD5 string + Checksums []Checksum `json:"checksums"` // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - LicenseConcluded string + LicenseConcluded string `json:"licenseConcluded"` // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one or many - LicenseInfoInFile []string + LicenseInfoInFiles []string `json:"licenseInfoInFiles"` // 4.7: Comments on License // Cardinality: optional, one - LicenseComments string + LicenseComments string `json:"licenseComments,omitempty"` // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - FileCopyrightText string + FileCopyrightText string `json:"copyrightText"` // DEPRECATED in version 2.1 of spec // 4.9-4.11: Artifact of Project variables (defined below) // Cardinality: optional, one or many - ArtifactOfProjects []*ArtifactOfProject2_1 + ArtifactOfProjects []*ArtifactOfProject2_1 `json:"-"` // 4.12: File Comment // Cardinality: optional, one - FileComment string + FileComment string `json:"comment,omitempty"` // 4.13: File Notice // Cardinality: optional, one - FileNotice string + FileNotice string `json:"noticeText,omitempty"` // 4.14: File Contributor // Cardinality: optional, one or many - FileContributor []string + FileContributors []string `json:"fileContributors,omitempty"` // DEPRECATED in version 2.0 of spec // 4.15: File Dependencies // Cardinality: optional, one or many - FileDependencies []string + FileDependencies []string `json:"-"` // Snippets contained in this File // Note that Snippets could be defined in a different Document! However, - // the only ones that _THIS_ document can contain are this ones that are + // the only ones that _THIS_ document can contain are the ones that are // defined here -- so this should just be an ElementID. - Snippets map[ElementID]*Snippet2_1 + Snippets map[ElementID]*Snippet2_1 `json:"-"` + + Annotations []Annotation2_1 `json:"annotations"` } // ArtifactOfProject2_1 is a DEPRECATED collection of data regarding @@ -90,70 +89,71 @@ type ArtifactOfProject2_1 struct { // File2_2 is a File section of an SPDX Document for version 2.2 of the spec. type File2_2 struct { - // 4.1: File Name // Cardinality: mandatory, one - FileName string + FileName string `json:"fileName"` // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - FileSPDXIdentifier ElementID + FileSPDXIdentifier ElementID `json:"SPDXID"` - // 4.3: File Type + // 4.3: File Types // Cardinality: optional, multiple - FileType []string + FileTypes []string `json:"fileTypes,omitempty"` // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: mandatory, one SHA1, others may be optionally provided - FileChecksums map[ChecksumAlgorithm]Checksum + Checksums []Checksum `json:"checksums"` // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - LicenseConcluded string + LicenseConcluded string `json:"licenseConcluded"` // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one or many - LicenseInfoInFile []string + LicenseInfoInFiles []string `json:"licenseInfoInFiles"` // 4.7: Comments on License // Cardinality: optional, one - LicenseComments string + LicenseComments string `json:"licenseComments,omitempty"` // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - FileCopyrightText string + FileCopyrightText string `json:"copyrightText"` // DEPRECATED in version 2.1 of spec // 4.9-4.11: Artifact of Project variables (defined below) // Cardinality: optional, one or many - ArtifactOfProjects []*ArtifactOfProject2_2 + ArtifactOfProjects []*ArtifactOfProject2_2 `json:"-"` // 4.12: File Comment // Cardinality: optional, one - FileComment string + FileComment string `json:"comment,omitempty"` // 4.13: File Notice // Cardinality: optional, one - FileNotice string + FileNotice string `json:"noticeText,omitempty"` // 4.14: File Contributor // Cardinality: optional, one or many - FileContributor []string + FileContributors []string `json:"fileContributors,omitempty"` // 4.15: File Attribution Text // Cardinality: optional, one or many - FileAttributionTexts []string + FileAttributionTexts []string `json:"attributionTexts,omitempty"` // DEPRECATED in version 2.0 of spec // 4.16: File Dependencies // Cardinality: optional, one or many - FileDependencies []string + FileDependencies []string `json:"-"` // Snippets contained in this File // Note that Snippets could be defined in a different Document! However, // the only ones that _THIS_ document can contain are this ones that are // defined here -- so this should just be an ElementID. - Snippets map[ElementID]*Snippet2_2 + Snippets map[ElementID]*Snippet2_2 `json:"-"` + + Annotations []Annotation2_2 `json:"annotations,omitempty"` } // ArtifactOfProject2_2 is a DEPRECATED collection of data regarding diff --git a/spdx/identifier.go b/spdx/identifier.go index baf44c1..56f8ffc 100644 --- a/spdx/identifier.go +++ b/spdx/identifier.go @@ -2,6 +2,12 @@ package spdx +import ( + "encoding/json" + "fmt" + "strings" +) + // ElementID represents the identifier string portion of an SPDX element // identifier. DocElementID should be used for any attributes which can // contain identifiers defined in a different SPDX document. @@ -28,6 +34,62 @@ type DocElementID struct { SpecialID string } +// UnmarshalJSON takes a SPDX Identifier string parses it into a DocElementID struct. +// This function is also used when unmarshalling YAML +func (d *DocElementID) UnmarshalJSON(data []byte) error { + // SPDX identifier will simply be a string + idStr := string(data) + idStr = strings.Trim(idStr, "\"") + + // handle special cases + if idStr == "NONE" || idStr == "NOASSERTION" { + d.SpecialID = idStr + return nil + } + + var idFields []string + // handle DocumentRef- if present + if strings.HasPrefix(idStr, "DocumentRef-") { + // strip out the "DocumentRef-" so we can get the value + idFields = strings.SplitN(idStr, "DocumentRef-", 2) + idStr = idFields[1] + + // an SPDXRef can appear after a DocumentRef, separated by a colon + idFields = strings.SplitN(idStr, ":", 2) + d.DocumentRefID = idFields[0] + + if len(idFields) == 2 { + idStr = idFields[1] + } else { + return nil + } + } + + // handle SPDXRef- + idFields = strings.SplitN(idStr, "SPDXRef-", 2) + if len(idFields) != 2 { + return fmt.Errorf("failed to parse SPDX Identifier '%s'", idStr) + } + + d.ElementRefID = ElementID(idFields[1]) + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing a DocElementID in string form. +// This function is also used when marshalling to YAML +func (d DocElementID) MarshalJSON() ([]byte, error) { + if d.DocumentRefID != "" && d.ElementRefID != "" { + return json.Marshal(fmt.Sprintf("DocumentRef-%s:SPDXRef-%s", d.DocumentRefID, d.ElementRefID)) + } else if d.ElementRefID != "" { + return json.Marshal(fmt.Sprintf("SPDXRef-%s", d.ElementRefID)) + } else if d.SpecialID != "" { + return json.Marshal(d.SpecialID) + } + + return []byte{}, fmt.Errorf("failed to marshal empty DocElementID") +} + // TODO: add equivalents for LicenseRef- identifiers // MakeDocElementID takes strings (without prefixes) for the DocumentRef- diff --git a/spdx/other_license.go b/spdx/other_license.go index a509c47..6e43676 100644 --- a/spdx/other_license.go +++ b/spdx/other_license.go @@ -5,57 +5,55 @@ package spdx // OtherLicense2_1 is an Other License Information section of an // SPDX Document for version 2.1 of the spec. type OtherLicense2_1 struct { - // 6.1: License Identifier: "LicenseRef-[idstring]" // Cardinality: conditional (mandatory, one) if license is not // on SPDX License List - LicenseIdentifier string + LicenseIdentifier string `json:"licenseId"` // 6.2: Extracted Text // Cardinality: conditional (mandatory, one) if there is a // License Identifier assigned - ExtractedText string + ExtractedText string `json:"extractedText"` // 6.3: License Name: single line of text or "NOASSERTION" // Cardinality: conditional (mandatory, one) if license is not // on SPDX License List - LicenseName string + LicenseName string `json:"name,omitempty"` // 6.4: License Cross Reference // Cardinality: conditional (optional, one or many) if license // is not on SPDX License List - LicenseCrossReferences []string + LicenseCrossReferences []string `json:"seeAlsos,omitempty"` // 6.5: License Comment // Cardinality: optional, one - LicenseComment string + LicenseComment string `json:"comment,omitempty"` } // OtherLicense2_2 is an Other License Information section of an // SPDX Document for version 2.2 of the spec. type OtherLicense2_2 struct { - // 6.1: License Identifier: "LicenseRef-[idstring]" // Cardinality: conditional (mandatory, one) if license is not // on SPDX License List - LicenseIdentifier string + LicenseIdentifier string `json:"licenseId"` // 6.2: Extracted Text // Cardinality: conditional (mandatory, one) if there is a // License Identifier assigned - ExtractedText string + ExtractedText string `json:"extractedText"` // 6.3: License Name: single line of text or "NOASSERTION" // Cardinality: conditional (mandatory, one) if license is not // on SPDX License List - LicenseName string + LicenseName string `json:"name,omitempty"` // 6.4: License Cross Reference // Cardinality: conditional (optional, one or many) if license // is not on SPDX License List - LicenseCrossReferences []string + LicenseCrossReferences []string `json:"seeAlsos,omitempty"` // 6.5: License Comment // Cardinality: optional, one - LicenseComment string + LicenseComment string `json:"comment,omitempty"` } diff --git a/spdx/package.go b/spdx/package.go index 9aeb8a2..e6c4522 100644 --- a/spdx/package.go +++ b/spdx/package.go @@ -2,140 +2,225 @@ package spdx +import ( + "encoding/json" + "fmt" + "strings" +) + +type Supplier struct { + // can be "NOASSERTION" + Supplier string + // SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION" + SupplierType string +} + +// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct. +// This function is also used when unmarshalling YAML +func (s *Supplier) UnmarshalJSON(data []byte) error { + // the value is just a string presented as a slice of bytes + supplierStr := string(data) + supplierStr = strings.Trim(supplierStr, "\"") + + if supplierStr == "NOASSERTION" { + s.Supplier = supplierStr + return nil + } + + supplierFields := strings.SplitN(supplierStr, ": ", 2) + + if len(supplierFields) != 2 { + return fmt.Errorf("failed to parse Supplier '%s'", supplierStr) + } + + s.SupplierType = supplierFields[0] + s.Supplier = supplierFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form. +// This function is also used when marshalling to YAML +func (s Supplier) MarshalJSON() ([]byte, error) { + if s.Supplier == "NOASSERTION" { + return json.Marshal(s.Supplier) + } else if s.SupplierType != "" && s.Supplier != "" { + return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier)) + } + + return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s) +} + +type Originator struct { + // can be "NOASSERTION" + Originator string + // OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION" + OriginatorType string +} + +// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct. +// This function is also used when unmarshalling YAML +func (o *Originator) UnmarshalJSON(data []byte) error { + // the value is just a string presented as a slice of bytes + originatorStr := string(data) + originatorStr = strings.Trim(originatorStr, "\"") + + if originatorStr == "NOASSERTION" { + o.Originator = originatorStr + return nil + } + + originatorFields := strings.SplitN(originatorStr, ": ", 2) + + if len(originatorFields) != 2 { + return fmt.Errorf("failed to parse Originator '%s'", originatorStr) + } + + o.OriginatorType = originatorFields[0] + o.Originator = originatorFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form. +// This function is also used when marshalling to YAML +func (o Originator) MarshalJSON() ([]byte, error) { + if o.Originator == "NOASSERTION" { + return json.Marshal(o.Originator) + } else if o.Originator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator)) + } + + return []byte{}, nil +} + +type PackageVerificationCode struct { + // Cardinality: mandatory, one if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + Value string `json:"packageVerificationCodeValue"` + // Spec also allows specifying files to exclude from the + // verification code algorithm; intended to enable exclusion of + // the SPDX document file itself. + ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"` +} + // Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec. type Package2_1 struct { - // 3.1: Package Name // Cardinality: mandatory, one - PackageName string + PackageName string `json:"name"` // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - PackageSPDXIdentifier ElementID + PackageSPDXIdentifier ElementID `json:"SPDXID"` // 3.3: Package Version // Cardinality: optional, one - PackageVersion string + PackageVersion string `json:"versionInfo,omitempty"` // 3.4: Package File Name // Cardinality: optional, one - PackageFileName string + PackageFileName string `json:"packageFileName,omitempty"` // 3.5: Package Supplier: may have single result for either Person or Organization, // or NOASSERTION // Cardinality: optional, one - PackageSupplierPerson string - PackageSupplierOrganization string - PackageSupplierNOASSERTION bool + PackageSupplier *Supplier `json:"supplier,omitempty"` // 3.6: Package Originator: may have single result for either Person or Organization, // or NOASSERTION // Cardinality: optional, one - PackageOriginatorPerson string - PackageOriginatorOrganization string - PackageOriginatorNOASSERTION bool + PackageOriginator *Originator `json:"originator,omitempty"` // 3.7: Package Download Location // Cardinality: mandatory, one - PackageDownloadLocation string + PackageDownloadLocation string `json:"downloadLocation"` // 3.8: FilesAnalyzed // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool + FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` // NOT PART OF SPEC: did FilesAnalyzed tag appear? - IsFilesAnalyzedTagPresent bool + IsFilesAnalyzedTagPresent bool `json:"-"` // 3.9: Package Verification Code - // Cardinality: mandatory, one if filesAnalyzed is true / omitted; - // zero (must be omitted) if filesAnalyzed is false - PackageVerificationCode string - // Spec also allows specifying a single file to exclude from the - // verification code algorithm; intended to enable exclusion of - // the SPDX document file itself. - PackageVerificationCodeExcludedFile string + PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"` // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: optional, one or many - PackageChecksumSHA1 string - PackageChecksumSHA256 string - PackageChecksumMD5 string + PackageChecksums []Checksum `json:"checksums,omitempty"` // 3.11: Package Home Page // Cardinality: optional, one - PackageHomePage string + PackageHomePage string `json:"homepage,omitempty"` // 3.12: Source Information // Cardinality: optional, one - PackageSourceInfo string + PackageSourceInfo string `json:"sourceInfo,omitempty"` // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageLicenseConcluded string + PackageLicenseConcluded string `json:"licenseConcluded"` // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; // zero (must be omitted) if filesAnalyzed is false - PackageLicenseInfoFromFiles []string + PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageLicenseDeclared string + PackageLicenseDeclared string `json:"licenseDeclared"` // 3.16: Comments on License // Cardinality: optional, one - PackageLicenseComments string + PackageLicenseComments string `json:"licenseComments,omitempty"` // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageCopyrightText string + PackageCopyrightText string `json:"copyrightText"` // 3.18: Package Summary Description // Cardinality: optional, one - PackageSummary string + PackageSummary string `json:"summary,omitempty"` // 3.19: Package Detailed Description // Cardinality: optional, one - PackageDescription string + PackageDescription string `json:"description,omitempty"` // 3.20: Package Comment // Cardinality: optional, one - PackageComment string + PackageComment string `json:"comment,omitempty"` // 3.21: Package External Reference // Cardinality: optional, one or many - PackageExternalReferences []*PackageExternalReference2_1 - - // 3.22: Package External Reference Comment - // Cardinality: conditional (optional, one) for each External Reference - // contained within PackageExternalReference2_1 struct, if present + PackageExternalReferences []*PackageExternalReference2_1 `json:"externalRefs,omitempty"` // Files contained in this Package - Files map[ElementID]*File2_1 + Files []*File2_1 + + Annotations []Annotation2_1 `json:"annotations,omitempty"` } // PackageExternalReference2_1 is an External Reference to additional info // about a Package, as defined in section 3.21 in version 2.1 of the spec. type PackageExternalReference2_1 struct { - // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" - Category string + Category string `json:"referenceCategory"` // type is an [idstring] as defined in Appendix VI; // called RefType here due to "type" being a Golang keyword - RefType string + RefType string `json:"referenceType"` // locator is a unique string to access the package-specific // info, metadata or content within the target location - Locator string + Locator string `json:"referenceLocator"` // 3.22: Package External Reference Comment // Cardinality: conditional (optional, one) for each External Reference - ExternalRefComment string + ExternalRefComment string `json:"comment"` } // Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec. type Package2_2 struct { - // NOT PART OF SPEC // flag: does this "package" contain files that were in fact "unpackaged", // e.g. included directly in the Document without being in a Package? @@ -143,101 +228,91 @@ type Package2_2 struct { // 3.1: Package Name // Cardinality: mandatory, one - PackageName string + PackageName string `json:"name"` // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - PackageSPDXIdentifier ElementID + PackageSPDXIdentifier ElementID `json:"SPDXID"` // 3.3: Package Version // Cardinality: optional, one - PackageVersion string + PackageVersion string `json:"versionInfo,omitempty"` // 3.4: Package File Name // Cardinality: optional, one - PackageFileName string + PackageFileName string `json:"packageFileName,omitempty"` // 3.5: Package Supplier: may have single result for either Person or Organization, // or NOASSERTION // Cardinality: optional, one - PackageSupplierPerson string - PackageSupplierOrganization string - PackageSupplierNOASSERTION bool + PackageSupplier *Supplier `json:"supplier,omitempty"` // 3.6: Package Originator: may have single result for either Person or Organization, // or NOASSERTION // Cardinality: optional, one - PackageOriginatorPerson string - PackageOriginatorOrganization string - PackageOriginatorNOASSERTION bool + PackageOriginator *Originator `json:"originator,omitempty"` // 3.7: Package Download Location // Cardinality: mandatory, one - PackageDownloadLocation string + PackageDownloadLocation string `json:"downloadLocation"` // 3.8: FilesAnalyzed // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool + FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` // NOT PART OF SPEC: did FilesAnalyzed tag appear? IsFilesAnalyzedTagPresent bool // 3.9: Package Verification Code - // Cardinality: mandatory, one if filesAnalyzed is true / omitted; - // zero (must be omitted) if filesAnalyzed is false - PackageVerificationCode string - // Spec also allows specifying a single file to exclude from the - // verification code algorithm; intended to enable exclusion of - // the SPDX document file itself. - PackageVerificationCodeExcludedFile string + PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"` // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: optional, one or many - PackageChecksums map[ChecksumAlgorithm]Checksum + PackageChecksums []Checksum `json:"checksums"` // 3.11: Package Home Page // Cardinality: optional, one - PackageHomePage string + PackageHomePage string `json:"homepage,omitempty"` // 3.12: Source Information // Cardinality: optional, one - PackageSourceInfo string + PackageSourceInfo string `json:"sourceInfo,omitempty"` // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageLicenseConcluded string + PackageLicenseConcluded string `json:"licenseConcluded"` // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; // zero (must be omitted) if filesAnalyzed is false - PackageLicenseInfoFromFiles []string + PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageLicenseDeclared string + PackageLicenseDeclared string `json:"licenseDeclared"` // 3.16: Comments on License // Cardinality: optional, one - PackageLicenseComments string + PackageLicenseComments string `json:"licenseComments,omitempty"` // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - PackageCopyrightText string + PackageCopyrightText string `json:"copyrightText"` // 3.18: Package Summary Description // Cardinality: optional, one - PackageSummary string + PackageSummary string `json:"summary,omitempty"` // 3.19: Package Detailed Description // Cardinality: optional, one - PackageDescription string + PackageDescription string `json:"description,omitempty"` // 3.20: Package Comment // Cardinality: optional, one - PackageComment string + PackageComment string `json:"comment,omitempty"` // 3.21: Package External Reference // Cardinality: optional, one or many - PackageExternalReferences []*PackageExternalReference2_2 + PackageExternalReferences []*PackageExternalReference2_2 `json:"externalRefs,omitempty"` // 3.22: Package External Reference Comment // Cardinality: conditional (optional, one) for each External Reference @@ -245,28 +320,29 @@ type Package2_2 struct { // 3.23: Package Attribution Text // Cardinality: optional, one or many - PackageAttributionTexts []string + PackageAttributionTexts []string `json:"attributionTexts,omitempty"` // Files contained in this Package - Files map[ElementID]*File2_2 + Files []*File2_2 + + Annotations []Annotation2_2 `json:"annotations"` } // PackageExternalReference2_2 is an External Reference to additional info // about a Package, as defined in section 3.21 in version 2.2 of the spec. type PackageExternalReference2_2 struct { - - // category is "SECURITY", "PACKAGE-MANAGER", "PERSISTENT-ID" or "OTHER" - Category string + // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" + Category string `json:"referenceCategory"` // type is an [idstring] as defined in Appendix VI; // called RefType here due to "type" being a Golang keyword - RefType string + RefType string `json:"referenceType"` // locator is a unique string to access the package-specific // info, metadata or content within the target location - Locator string + Locator string `json:"referenceLocator"` // 3.22: Package External Reference Comment // Cardinality: conditional (optional, one) for each External Reference - ExternalRefComment string + ExternalRefComment string `json:"comment"` } diff --git a/spdx/relationship.go b/spdx/relationship.go index 9e06838..9127727 100644 --- a/spdx/relationship.go +++ b/spdx/relationship.go @@ -11,13 +11,13 @@ type Relationship2_1 struct { // one mandatory for SPDX Document with multiple packages // RefA and RefB are first and second item // Relationship is type from 7.1.1 - RefA DocElementID - RefB DocElementID - Relationship string + RefA DocElementID `json:"spdxElementId"` + RefB DocElementID `json:"relatedSpdxElement"` + Relationship string `json:"relationshipType"` // 7.2: Relationship Comment // Cardinality: optional, one - RelationshipComment string + RelationshipComment string `json:"comment,omitempty"` } // Relationship2_2 is a Relationship section of an SPDX Document for @@ -29,11 +29,11 @@ type Relationship2_2 struct { // one mandatory for SPDX Document with multiple packages // RefA and RefB are first and second item // Relationship is type from 7.1.1 - RefA DocElementID - RefB DocElementID - Relationship string + RefA DocElementID `json:"spdxElementId"` + RefB DocElementID `json:"relatedSpdxElement"` + Relationship string `json:"relationshipType"` // 7.2: Relationship Comment // Cardinality: optional, one - RelationshipComment string + RelationshipComment string `json:"comment,omitempty"` } diff --git a/spdx/snippet.go b/spdx/snippet.go index 5fe37ca..6bffb8c 100644 --- a/spdx/snippet.go +++ b/spdx/snippet.go @@ -2,50 +2,60 @@ package spdx +type SnippetRangePointer struct { + // 5.3: Snippet Byte Range: [start byte]:[end byte] + // Cardinality: mandatory, one + Offset int `json:"offset,omitempty"` + + // 5.4: Snippet Line Range: [start line]:[end line] + // Cardinality: optional, one + LineNumber int `json:"lineNumber,omitempty"` + + FileSPDXIdentifier ElementID `json:"reference"` +} + +type SnippetRange struct { + StartPointer SnippetRangePointer `json:"startPointer"` + EndPointer SnippetRangePointer `json:"endPointer"` +} + // Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec. type Snippet2_1 struct { // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - SnippetSPDXIdentifier ElementID + SnippetSPDXIdentifier ElementID `json:"SPDXID"` // 5.2: Snippet from File SPDX Identifier // Cardinality: mandatory, one - SnippetFromFileSPDXIdentifier DocElementID + SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"` - // 5.3: Snippet Byte Range: [start byte]:[end byte] - // Cardinality: mandatory, one - SnippetByteRangeStart int - SnippetByteRangeEnd int - - // 5.4: Snippet Line Range: [start line]:[end line] - // Cardinality: optional, one - SnippetLineRangeStart int - SnippetLineRangeEnd int + // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to + Ranges []SnippetRange `json:"ranges"` // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - SnippetLicenseConcluded string + SnippetLicenseConcluded string `json:"licenseConcluded"` // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: optional, one or many - LicenseInfoInSnippet []string + LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` // 5.7: Snippet Comments on License // Cardinality: optional, one - SnippetLicenseComments string + SnippetLicenseComments string `json:"licenseComments,omitempty"` // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - SnippetCopyrightText string + SnippetCopyrightText string `json:"copyrightText"` // 5.9: Snippet Comment // Cardinality: optional, one - SnippetComment string + SnippetComment string `json:"comment,omitempty"` // 5.10: Snippet Name // Cardinality: optional, one - SnippetName string + SnippetName string `json:"name,omitempty"` } // Snippet2_2 is a Snippet section of an SPDX Document for version 2.2 of the spec. @@ -53,47 +63,40 @@ type Snippet2_2 struct { // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" // Cardinality: mandatory, one - SnippetSPDXIdentifier ElementID + SnippetSPDXIdentifier ElementID `json:"SPDXID"` // 5.2: Snippet from File SPDX Identifier // Cardinality: mandatory, one - SnippetFromFileSPDXIdentifier DocElementID + SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"` - // 5.3: Snippet Byte Range: [start byte]:[end byte] - // Cardinality: mandatory, one - SnippetByteRangeStart int - SnippetByteRangeEnd int - - // 5.4: Snippet Line Range: [start line]:[end line] - // Cardinality: optional, one - SnippetLineRangeStart int - SnippetLineRangeEnd int + // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to + Ranges []SnippetRange `json:"ranges"` // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - SnippetLicenseConcluded string + SnippetLicenseConcluded string `json:"licenseConcluded"` // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: optional, one or many - LicenseInfoInSnippet []string + LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` // 5.7: Snippet Comments on License // Cardinality: optional, one - SnippetLicenseComments string + SnippetLicenseComments string `json:"licenseComments,omitempty"` // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" // Cardinality: mandatory, one - SnippetCopyrightText string + SnippetCopyrightText string `json:"copyrightText"` // 5.9: Snippet Comment // Cardinality: optional, one - SnippetComment string + SnippetComment string `json:"comment,omitempty"` // 5.10: Snippet Name // Cardinality: optional, one - SnippetName string + SnippetName string `json:"name,omitempty"` // 5.11: Snippet Attribution Text // Cardinality: optional, one or many - SnippetAttributionTexts []string + SnippetAttributionTexts []string `json:"-"` } diff --git a/spdxlib/described_elements.go b/spdxlib/described_elements.go index e8373da..21d8e7e 100644 --- a/spdxlib/described_elements.go +++ b/spdxlib/described_elements.go @@ -23,8 +23,8 @@ func GetDescribedPackageIDs2_1(doc *spdx.Document2_1) ([]spdx.ElementID, error) } if len(doc.Packages) == 1 { // get first (only) one and return its ID - for i := range doc.Packages { - return []spdx.ElementID{i}, nil + for _, pkg := range doc.Packages { + return []spdx.ElementID{pkg.PackageSPDXIdentifier}, nil } } @@ -74,8 +74,8 @@ func GetDescribedPackageIDs2_2(doc *spdx.Document2_2) ([]spdx.ElementID, error) } if len(doc.Packages) == 1 { // get first (only) one and return its ID - for i := range doc.Packages { - return []spdx.ElementID{i}, nil + for _, pkg := range doc.Packages { + return []spdx.ElementID{pkg.PackageSPDXIdentifier}, nil } } diff --git a/spdxlib/described_elements_test.go b/spdxlib/described_elements_test.go index 32fa726..4c2a1a1 100644 --- a/spdxlib/described_elements_test.go +++ b/spdxlib/described_elements_test.go @@ -13,17 +13,16 @@ import ( func Test2_1CanGetIDsOfDescribedPackages(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): &spdx.Package2_1{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_1{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): &spdx.Package2_1{PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): &spdx.Package2_1{PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): &spdx.Package2_1{PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_1{ &spdx.Relationship2_1{ @@ -75,13 +74,12 @@ func Test2_1GetDescribedPackagesReturnsSinglePackageIfOnlyOne(t *testing.T) { // set up document and one package, but no relationships // b/c only one package doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): &spdx.Package2_1{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, }, } @@ -102,17 +100,16 @@ func Test2_1GetDescribedPackagesReturnsSinglePackageIfOnlyOne(t *testing.T) { func Test2_1FailsToGetDescribedPackagesIfMoreThanOneWithoutDescribesRelationship(t *testing.T) { // set up document and multiple packages, but no DESCRIBES relationships doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): &spdx.Package2_1{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_1{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): &spdx.Package2_1{PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): &spdx.Package2_1{PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): &spdx.Package2_1{PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_1{ // different relationship @@ -133,14 +130,13 @@ func Test2_1FailsToGetDescribedPackagesIfMoreThanOneWithoutDescribesRelationship func Test2_1FailsToGetDescribedPackagesIfMoreThanOneWithNilRelationships(t *testing.T) { // set up document and multiple packages, but no relationships slice doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): &spdx.Package2_1{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_1{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, }, } @@ -153,12 +149,11 @@ func Test2_1FailsToGetDescribedPackagesIfMoreThanOneWithNilRelationships(t *test func Test2_1FailsToGetDescribedPackagesIfZeroPackagesInMap(t *testing.T) { // set up document but no packages doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{}, } _, err := GetDescribedPackageIDs2_1(doc) @@ -170,11 +165,10 @@ func Test2_1FailsToGetDescribedPackagesIfZeroPackagesInMap(t *testing.T) { func Test2_1FailsToGetDescribedPackagesIfNilMap(t *testing.T) { // set up document but no packages doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, } _, err := GetDescribedPackageIDs2_1(doc) @@ -188,17 +182,16 @@ func Test2_1FailsToGetDescribedPackagesIfNilMap(t *testing.T) { func Test2_2CanGetIDsOfDescribedPackages(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): &spdx.Package2_2{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_2{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): &spdx.Package2_2{PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): &spdx.Package2_2{PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): &spdx.Package2_2{PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_2{ &spdx.Relationship2_2{ @@ -250,13 +243,12 @@ func Test2_2GetDescribedPackagesReturnsSinglePackageIfOnlyOne(t *testing.T) { // set up document and one package, but no relationships // b/c only one package doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): &spdx.Package2_2{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, }, } @@ -277,17 +269,16 @@ func Test2_2GetDescribedPackagesReturnsSinglePackageIfOnlyOne(t *testing.T) { func Test2_2FailsToGetDescribedPackagesIfMoreThanOneWithoutDescribesRelationship(t *testing.T) { // set up document and multiple packages, but no DESCRIBES relationships doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): &spdx.Package2_2{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_2{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): &spdx.Package2_2{PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): &spdx.Package2_2{PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): &spdx.Package2_2{PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_2{ // different relationship @@ -308,14 +299,13 @@ func Test2_2FailsToGetDescribedPackagesIfMoreThanOneWithoutDescribesRelationship func Test2_2FailsToGetDescribedPackagesIfMoreThanOneWithNilRelationships(t *testing.T) { // set up document and multiple packages, but no relationships slice doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): &spdx.Package2_2{PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): &spdx.Package2_2{PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, }, } @@ -328,12 +318,11 @@ func Test2_2FailsToGetDescribedPackagesIfMoreThanOneWithNilRelationships(t *test func Test2_2FailsToGetDescribedPackagesIfZeroPackagesInMap(t *testing.T) { // set up document but no packages doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{}, } _, err := GetDescribedPackageIDs2_2(doc) @@ -345,11 +334,10 @@ func Test2_2FailsToGetDescribedPackagesIfZeroPackagesInMap(t *testing.T) { func Test2_2FailsToGetDescribedPackagesIfNilMap(t *testing.T) { // set up document but no packages doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, } _, err := GetDescribedPackageIDs2_2(doc) diff --git a/spdxlib/documents.go b/spdxlib/documents.go index bd689e7..1f7122a 100644 --- a/spdxlib/documents.go +++ b/spdxlib/documents.go @@ -16,7 +16,7 @@ func ValidateDocument2_1(doc *spdx.Document2_1) error { validElementIDs[docPackage.PackageSPDXIdentifier] = true } - for _, unpackagedFile := range doc.UnpackagedFiles { + for _, unpackagedFile := range doc.Files { validElementIDs[unpackagedFile.FileSPDXIdentifier] = true } @@ -46,7 +46,7 @@ func ValidateDocument2_2(doc *spdx.Document2_2) error { validElementIDs[docPackage.PackageSPDXIdentifier] = true } - for _, unpackagedFile := range doc.UnpackagedFiles { + for _, unpackagedFile := range doc.Files { validElementIDs[unpackagedFile.FileSPDXIdentifier] = true } diff --git a/spdxlib/documents_test.go b/spdxlib/documents_test.go index 60a39b9..aa1f6c3 100644 --- a/spdxlib/documents_test.go +++ b/spdxlib/documents_test.go @@ -13,17 +13,16 @@ import ( func Test2_1ValidDocumentPassesValidation(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_1{ { @@ -60,15 +59,14 @@ func Test2_1ValidDocumentPassesValidation(t *testing.T) { func Test2_1InvalidDocumentFailsValidation(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, }, Relationships: []*spdx.Relationship2_1{ { @@ -101,17 +99,16 @@ func Test2_1InvalidDocumentFailsValidation(t *testing.T) { func Test2_2ValidDocumentPassesValidation(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_2{ { @@ -148,15 +145,14 @@ func Test2_2ValidDocumentPassesValidation(t *testing.T) { func Test2_2InvalidDocumentFailsValidation(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, }, Relationships: []*spdx.Relationship2_2{ { diff --git a/spdxlib/relationships_test.go b/spdxlib/relationships_test.go index 3c0ef24..e710d6e 100644 --- a/spdxlib/relationships_test.go +++ b/spdxlib/relationships_test.go @@ -13,17 +13,16 @@ import ( func Test2_1FilterForDependencies(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_1{ - CreationInfo: &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_1{}, + Packages: []*spdx.Package2_1{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_1{ { @@ -82,17 +81,16 @@ func Test2_1FilterForDependencies(t *testing.T) { func Test2_2FindsDependsOnRelationships(t *testing.T) { // set up document and some packages and relationships doc := &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - }, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, - spdx.ElementID("p2"): {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, - spdx.ElementID("p3"): {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, - spdx.ElementID("p4"): {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, - spdx.ElementID("p5"): {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + CreationInfo: &spdx.CreationInfo2_2{}, + Packages: []*spdx.Package2_2{ + {PackageName: "pkg1", PackageSPDXIdentifier: "p1"}, + {PackageName: "pkg2", PackageSPDXIdentifier: "p2"}, + {PackageName: "pkg3", PackageSPDXIdentifier: "p3"}, + {PackageName: "pkg4", PackageSPDXIdentifier: "p4"}, + {PackageName: "pkg5", PackageSPDXIdentifier: "p5"}, }, Relationships: []*spdx.Relationship2_2{ { diff --git a/tvloader/parser2v1/parse_annotation.go b/tvloader/parser2v1/parse_annotation.go index 65680d9..ca2e850 100644 --- a/tvloader/parser2v1/parse_annotation.go +++ b/tvloader/parser2v1/parse_annotation.go @@ -18,8 +18,8 @@ func (parser *tvParser2_1) parsePairForAnnotation2_1(tag string, value string) e return err } if subkey == "Person" || subkey == "Organization" || subkey == "Tool" { - parser.ann.AnnotatorType = subkey - parser.ann.Annotator = subvalue + parser.ann.Annotator.AnnotatorType = subkey + parser.ann.Annotator.Annotator = subvalue return nil } return fmt.Errorf("unrecognized Annotator type %v", subkey) diff --git a/tvloader/parser2v1/parse_annotation_test.go b/tvloader/parser2v1/parse_annotation_test.go index 3fdce9f..eb0f4cf 100644 --- a/tvloader/parser2v1/parse_annotation_test.go +++ b/tvloader/parser2v1/parse_annotation_test.go @@ -70,11 +70,11 @@ func TestParser2_1CanParseAnnotationTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.ann.Annotator != "John Doe" { + if parser.ann.Annotator.Annotator != "John Doe" { t.Errorf("got %v for Annotator, expected John Doe", parser.ann.Annotator) } - if parser.ann.AnnotatorType != "Person" { - t.Errorf("got %v for AnnotatorType, expected Person", parser.ann.AnnotatorType) + if parser.ann.Annotator.AnnotatorType != "Person" { + t.Errorf("got %v for AnnotatorType, expected Person", parser.ann.Annotator.AnnotatorType) } // Annotation Date @@ -156,4 +156,3 @@ func TestParser2_1FailsIfAnnotationRefInvalid(t *testing.T) { t.Errorf("expected non-nil error, got nil") } } - diff --git a/tvloader/parser2v1/parse_creation_info.go b/tvloader/parser2v1/parse_creation_info.go index 8742bf2..df16008 100644 --- a/tvloader/parser2v1/parse_creation_info.go +++ b/tvloader/parser2v1/parse_creation_info.go @@ -17,39 +17,11 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string // create an SPDX Creation Info data struct if we don't have one already if parser.doc.CreationInfo == nil { - parser.doc.CreationInfo = &spdx.CreationInfo2_1{ - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_1{}, - } + parser.doc.CreationInfo = &spdx.CreationInfo2_1{} } ci := parser.doc.CreationInfo switch tag { - case "SPDXVersion": - ci.SPDXVersion = value - case "DataLicense": - ci.DataLicense = value - case "SPDXID": - eID, err := extractElementID(value) - if err != nil { - return err - } - ci.SPDXIdentifier = eID - case "DocumentName": - ci.DocumentName = value - case "DocumentNamespace": - ci.DocumentNamespace = value - case "ExternalDocumentRef": - documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) - if err != nil { - return err - } - edr := spdx.ExternalDocumentRef2_1{ - DocumentRefID: documentRefID, - URI: uri, - Alg: alg, - Checksum: checksum, - } - ci.ExternalDocumentReferences[documentRefID] = edr case "LicenseListVersion": ci.LicenseListVersion = value case "Creator": @@ -57,22 +29,20 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string if err != nil { return err } + + creator := spdx.Creator{Creator: subvalue} switch subkey { - case "Person": - ci.CreatorPersons = append(ci.CreatorPersons, subvalue) - case "Organization": - ci.CreatorOrganizations = append(ci.CreatorOrganizations, subvalue) - case "Tool": - ci.CreatorTools = append(ci.CreatorTools, subvalue) + case "Person", "Organization", "Tool": + creator.CreatorType = subkey default: return fmt.Errorf("unrecognized Creator type %v", subkey) } + + ci.Creators = append(ci.Creators, creator) case "Created": ci.Created = value case "CreatorComment": ci.CreatorComment = value - case "DocumentComment": - ci.DocumentComment = value // tag for going on to package section case "PackageName": @@ -91,7 +61,7 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string return parser.parsePairFromPackage2_1(tag, value) // tag for going on to _unpackaged_ file section case "FileName": - // leave pkg as nil, so that packages will be placed in UnpackagedFiles + // leave pkg as nil, so that packages will be placed in Files parser.st = psFile2_1 parser.pkg = nil return parser.parsePairFromFile2_1(tag, value) diff --git a/tvloader/parser2v1/parse_creation_info_test.go b/tvloader/parser2v1/parse_creation_info_test.go index 2a8c094..83058dd 100644 --- a/tvloader/parser2v1/parse_creation_info_test.go +++ b/tvloader/parser2v1/parse_creation_info_test.go @@ -58,7 +58,7 @@ func TestParser2_1CIMovesToFileAfterParsingFileNameTagWithNoPackages(t *testing. t.Errorf("parser is in state %v, expected %v", parser.st, psFile2_1) } // and current package should be nil, meaning Files are placed in the - // UnpackagedFiles map instead of in a Package + // Files map instead of in a Package if parser.pkg != nil { t.Fatalf("expected pkg to be nil, got non-nil pkg") } @@ -179,7 +179,7 @@ func TestParser2_1HasCreationInfoAfterCallToParseFirstTag(t *testing.T) { doc: &spdx.Document2_1{}, st: psCreationInfo2_1, } - err := parser.parsePairFromCreationInfo2_1("SPDXVersion", "SPDX-2.1") + err := parser.parsePairFromCreationInfo2_1("LicenseListVersion", "3.9") if err != nil { t.Errorf("got error when calling parsePairFromCreationInfo2_1: %v", err) } @@ -194,96 +194,8 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { st: psCreationInfo2_1, } - // SPDX Version - err := parser.parsePairFromCreationInfo2_1("SPDXVersion", "SPDX-2.1") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.SPDXVersion != "SPDX-2.1" { - t.Errorf("got %v for SPDXVersion", parser.doc.CreationInfo.SPDXVersion) - } - - // Data License - err = parser.parsePairFromCreationInfo2_1("DataLicense", "CC0-1.0") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("got %v for DataLicense", parser.doc.CreationInfo.DataLicense) - } - - // SPDX Identifier - err = parser.parsePairFromCreationInfo2_1("SPDXID", "SPDXRef-DOCUMENT") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.SPDXIdentifier != "DOCUMENT" { - t.Errorf("got %v for SPDXIdentifier", parser.doc.CreationInfo.SPDXIdentifier) - } - - // Document Name - err = parser.parsePairFromCreationInfo2_1("DocumentName", "xyz-2.1.5") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentName != "xyz-2.1.5" { - t.Errorf("got %v for DocumentName", parser.doc.CreationInfo.DocumentName) - } - - // Document Namespace - err = parser.parsePairFromCreationInfo2_1("DocumentNamespace", "http://example.com/xyz-2.1.5.spdx") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentNamespace != "http://example.com/xyz-2.1.5.spdx" { - t.Errorf("got %v for DocumentNamespace", parser.doc.CreationInfo.DocumentNamespace) - } - - // External Document Reference - refs := []string{ - "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759", - "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2760", - } - wantRef0 := spdx.ExternalDocumentRef2_1{ - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - } - wantRef1 := spdx.ExternalDocumentRef2_1{ - DocumentRefID: "xyz-2.1.2", - URI: "http://example.com/xyz-2.1.2", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2760", - } - err = parser.parsePairFromCreationInfo2_1("ExternalDocumentRef", refs[0]) - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - err = parser.parsePairFromCreationInfo2_1("ExternalDocumentRef", refs[1]) - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 { - t.Errorf("got %d ExternalDocumentReferences, expected %d", len(parser.doc.CreationInfo.ExternalDocumentReferences), 2) - } - gotRef0 := parser.doc.CreationInfo.ExternalDocumentReferences["spdx-tool-1.2"] - if gotRef0.DocumentRefID != wantRef0.DocumentRefID || - gotRef0.URI != wantRef0.URI || - gotRef0.Alg != wantRef0.Alg || - gotRef0.Checksum != wantRef0.Checksum { - t.Errorf("got %#v for ExternalDocumentReferences[0], wanted %#v", gotRef0, wantRef0) - } - gotRef1 := parser.doc.CreationInfo.ExternalDocumentReferences["xyz-2.1.2"] - if gotRef1.DocumentRefID != wantRef1.DocumentRefID || - gotRef1.URI != wantRef1.URI || - gotRef1.Alg != wantRef1.Alg || - gotRef1.Checksum != wantRef1.Checksum { - t.Errorf("got %#v for ExternalDocumentReferences[1], wanted %#v", gotRef1, wantRef1) - } - // License List Version - err = parser.parsePairFromCreationInfo2_1("LicenseListVersion", "2.2") + err := parser.parsePairFromCreationInfo2_1("LicenseListVersion", "2.2") if err != nil { t.Errorf("expected nil error, got %v", err) } @@ -304,10 +216,10 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorPersons) != 2 || - parser.doc.CreationInfo.CreatorPersons[0] != "Person A" || - parser.doc.CreationInfo.CreatorPersons[1] != "Person B" { - t.Errorf("got %v for CreatorPersons", parser.doc.CreationInfo.CreatorPersons) + if len(parser.doc.CreationInfo.Creators) != 2 || + parser.doc.CreationInfo.Creators[0].Creator != "Person A" || + parser.doc.CreationInfo.Creators[1].Creator != "Person B" { + t.Errorf("got %+v for Creators", parser.doc.CreationInfo.Creators) } // Creators: Organizations @@ -323,10 +235,10 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorOrganizations) != 2 || - parser.doc.CreationInfo.CreatorOrganizations[0] != "Organization A" || - parser.doc.CreationInfo.CreatorOrganizations[1] != "Organization B" { - t.Errorf("got %v for CreatorOrganizations", parser.doc.CreationInfo.CreatorOrganizations) + if len(parser.doc.CreationInfo.Creators) != 4 || + parser.doc.CreationInfo.Creators[2].Creator != "Organization A" || + parser.doc.CreationInfo.Creators[3].Creator != "Organization B" { + t.Errorf("got %+v for CreatorOrganizations", parser.doc.CreationInfo.Creators) } // Creators: Tools @@ -342,10 +254,10 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorTools) != 2 || - parser.doc.CreationInfo.CreatorTools[0] != "Tool A" || - parser.doc.CreationInfo.CreatorTools[1] != "Tool B" { - t.Errorf("got %v for CreatorTools", parser.doc.CreationInfo.CreatorTools) + if len(parser.doc.CreationInfo.Creators) != 6 || + parser.doc.CreationInfo.Creators[4].Creator != "Tool A" || + parser.doc.CreationInfo.Creators[5].Creator != "Tool B" { + t.Errorf("got %v for CreatorTools", parser.doc.CreationInfo.Creators) } // Created date @@ -365,16 +277,6 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { if parser.doc.CreationInfo.CreatorComment != "Blah whatever" { t.Errorf("got %v for CreatorComment", parser.doc.CreationInfo.CreatorComment) } - - // Document Comment - err = parser.parsePairFromCreationInfo2_1("DocumentComment", "Blah whatever") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentComment != "Blah whatever" { - t.Errorf("got %v for DocumentComment", parser.doc.CreationInfo.DocumentComment) - } - } func TestParser2_1InvalidCreatorTagsFail(t *testing.T) { diff --git a/tvloader/parser2v1/parse_file.go b/tvloader/parser2v1/parse_file.go index 7347384..81768bb 100644 --- a/tvloader/parser2v1/parse_file.go +++ b/tvloader/parser2v1/parse_file.go @@ -49,37 +49,37 @@ func (parser *tvParser2_1) parsePairFromFile2_1(tag string, value string) error } parser.file.FileSPDXIdentifier = eID if parser.pkg == nil { - if parser.doc.UnpackagedFiles == nil { - parser.doc.UnpackagedFiles = map[spdx.ElementID]*spdx.File2_1{} + if parser.doc.Files == nil { + parser.doc.Files = []*spdx.File2_1{} } - parser.doc.UnpackagedFiles[eID] = parser.file + parser.doc.Files = append(parser.doc.Files, parser.file) } else { if parser.pkg.Files == nil { - parser.pkg.Files = map[spdx.ElementID]*spdx.File2_1{} + parser.pkg.Files = []*spdx.File2_1{} } - parser.pkg.Files[eID] = parser.file + parser.pkg.Files = append(parser.pkg.Files, parser.file) } case "FileType": - parser.file.FileType = append(parser.file.FileType, value) + parser.file.FileTypes = append(parser.file.FileTypes, value) case "FileChecksum": subkey, subvalue, err := extractSubs(value) if err != nil { return err } - switch subkey { - case "SHA1": - parser.file.FileChecksumSHA1 = subvalue - case "SHA256": - parser.file.FileChecksumSHA256 = subvalue - case "MD5": - parser.file.FileChecksumMD5 = subvalue + if parser.file.Checksums == nil { + parser.file.Checksums = []spdx.Checksum{} + } + switch spdx.ChecksumAlgorithm(subkey) { + case spdx.SHA1, spdx.SHA256, spdx.MD5: + algorithm := spdx.ChecksumAlgorithm(subkey) + parser.file.Checksums = append(parser.file.Checksums, spdx.Checksum{Algorithm: algorithm, Value: subvalue}) default: return fmt.Errorf("got unknown checksum type %s", subkey) } case "LicenseConcluded": parser.file.LicenseConcluded = value case "LicenseInfoInFile": - parser.file.LicenseInfoInFile = append(parser.file.LicenseInfoInFile, value) + parser.file.LicenseInfoInFiles = append(parser.file.LicenseInfoInFiles, value) case "LicenseComments": parser.file.LicenseComments = value case "FileCopyrightText": @@ -103,7 +103,7 @@ func (parser *tvParser2_1) parsePairFromFile2_1(tag string, value string) error case "FileNotice": parser.file.FileNotice = value case "FileContributor": - parser.file.FileContributor = append(parser.file.FileContributor, value) + parser.file.FileContributors = append(parser.file.FileContributors, value) case "FileDependency": parser.file.FileDependencies = append(parser.file.FileDependencies, value) // for relationship tags, pass along but don't change state diff --git a/tvloader/parser2v1/parse_file_test.go b/tvloader/parser2v1/parse_file_test.go index 9f42b55..375f967 100644 --- a/tvloader/parser2v1/parse_file_test.go +++ b/tvloader/parser2v1/parse_file_test.go @@ -13,23 +13,23 @@ func TestParser2_1FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { fileOldName := "f1.txt" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: fileOldName, FileSPDXIdentifier: "f1"}, } fileOld := parser.file - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = fileOld + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, fileOld) // the Package's Files should have this one only if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } // now add a new file @@ -55,11 +55,11 @@ func TestParser2_1FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } // now parse an SPDX identifier tag @@ -71,17 +71,17 @@ func TestParser2_1FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 2 { t.Fatalf("expected 2 files, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } - if parser.pkg.Files["f2ID"] != parser.file { - t.Errorf("expected file %v in Files[f2ID], got %v", parser.file, parser.pkg.Files["f2ID"]) + if parser.pkg.Files[1] != parser.file { + t.Errorf("expected file %v in Files[f2ID], got %v", parser.file, parser.pkg.Files[1]) } - if parser.pkg.Files["f2ID"].FileName != fileName { - t.Errorf("expected file name %s in Files[f2ID], got %s", fileName, parser.pkg.Files["f2ID"].FileName) + if parser.pkg.Files[1].FileName != fileName { + t.Errorf("expected file name %s in Files[f2ID], got %s", fileName, parser.pkg.Files[1].FileName) } } @@ -103,12 +103,12 @@ func TestParser2_1FileAddsToPackageOrUnpackagedFiles(t *testing.T) { t.Errorf("got error when calling parsePair2_1: %v", err) } fileOld := parser.file - // should have been added to UnpackagedFiles - if len(parser.doc.UnpackagedFiles) != 1 { - t.Fatalf("expected 1 file in UnpackagedFiles, got %d", len(parser.doc.UnpackagedFiles)) + // should have been added to Files + if len(parser.doc.Files) != 1 { + t.Fatalf("expected 1 file in Files, got %d", len(parser.doc.Files)) } - if parser.doc.UnpackagedFiles["f2ID"] != fileOld { - t.Errorf("expected file %v in UnpackagedFiles[f2ID], got %v", fileOld, parser.doc.UnpackagedFiles["f2ID"]) + if parser.doc.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f2ID], got %v", fileOld, parser.doc.Files[0]) } // now create a package and a new file err = parser.parsePair2_1("PackageName", "package1") @@ -127,19 +127,19 @@ func TestParser2_1FileAddsToPackageOrUnpackagedFiles(t *testing.T) { if err != nil { t.Errorf("got error when calling parsePair2_1: %v", err) } - // UnpackagedFiles should still be size 1 and have old file only - if len(parser.doc.UnpackagedFiles) != 1 { - t.Fatalf("expected 1 file in UnpackagedFiles, got %d", len(parser.doc.UnpackagedFiles)) + // Files should still be size 1 and have old file only + if len(parser.doc.Files) != 1 { + t.Fatalf("expected 1 file in Files, got %d", len(parser.doc.Files)) } - if parser.doc.UnpackagedFiles["f2ID"] != fileOld { - t.Errorf("expected file %v in UnpackagedFiles[f2ID], got %v", fileOld, parser.doc.UnpackagedFiles["f2ID"]) + if parser.doc.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f2ID], got %v", fileOld, parser.doc.Files[0]) } // and new package should have gotten the new file if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file in Files, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f3ID"] != parser.file { - t.Errorf("expected file %v in Files[f3ID], got %v", parser.file, parser.pkg.Files["f3ID"]) + if parser.pkg.Files[0] != parser.file { + t.Errorf("expected file %v in Files[f3ID], got %v", parser.file, parser.pkg.Files[0]) } } @@ -149,15 +149,15 @@ func TestParser2_1FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { f1Name := "f1.txt" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: p1Name, PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: p1Name, PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: f1Name, FileSPDXIdentifier: "f1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = p1 - parser.pkg.Files["f1"] = f1 + parser.doc.Packages = append(parser.doc.Packages, p1) + parser.pkg.Files = append(parser.pkg.Files, f1) // now add a new package p2Name := "package2" @@ -193,21 +193,21 @@ func TestParser2_1FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { if len(parser.doc.Packages) != 1 { t.Fatalf("expected 1 package, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["package1"] != p1 { - t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages["package1"]) + if parser.doc.Packages[0] != p1 { + t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages[0]) } - if parser.doc.Packages["package1"].PackageName != p1Name { - t.Errorf("expected package name %s in Packages[package1], got %s", p1Name, parser.doc.Packages["package1"].PackageName) + if parser.doc.Packages[0].PackageName != p1Name { + t.Errorf("expected package name %s in Packages[package1], got %s", p1Name, parser.doc.Packages[0].PackageName) } // and the first Package's Files should be of size 1 and have f1 only - if len(parser.doc.Packages["package1"].Files) != 1 { - t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages["package1"].Files)) + if len(parser.doc.Packages[0].Files) != 1 { + t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages[0].Files)) } - if parser.doc.Packages["package1"].Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages["package1"].Files["f1"]) + if parser.doc.Packages[0].Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages[0].Files[0]) } - if parser.doc.Packages["package1"].Files["f1"].FileName != f1Name { - t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.doc.Packages["package1"].Files["f1"].FileName) + if parser.doc.Packages[0].Files[0].FileName != f1Name { + t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.doc.Packages[0].Files[0].FileName) } // and the current file should be nil if parser.file != nil { @@ -217,13 +217,13 @@ func TestParser2_1FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { func TestParser2_1FileMovesToSnippetAfterParsingSnippetSPDXIDTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) fileCurrent := parser.file err := parser.parsePair2_1("SnippetSPDXID", "SPDXRef-Test1") @@ -242,13 +242,13 @@ func TestParser2_1FileMovesToSnippetAfterParsingSnippetSPDXIDTag(t *testing.T) { func TestParser2_1FileMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("LicenseID", "LicenseRef-TestLic") if err != nil { @@ -261,13 +261,13 @@ func TestParser2_1FileMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) func TestParser2_1FileMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("Reviewer", "Person: John Doe") if err != nil { @@ -280,13 +280,13 @@ func TestParser2_1FileMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_1FileStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") if err != nil { @@ -309,13 +309,13 @@ func TestParser2_1FileStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_1FileStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("Annotator", "Person: John Doe ()") if err != nil { @@ -361,11 +361,11 @@ func TestParser2_1FileStaysAfterParsingAnnotationTags(t *testing.T) { // ===== File data section tests ===== func TestParser2_1CanParseFileTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -393,8 +393,8 @@ func TestParser2_1CanParseFileTags(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Errorf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != parser.file { - t.Errorf("expected Files[f1] to be %v, got %v", parser.file, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != parser.file { + t.Errorf("expected Files[f1] to be %v, got %v", parser.file, parser.pkg.Files[0]) } // File Type @@ -410,18 +410,18 @@ func TestParser2_1CanParseFileTags(t *testing.T) { } for _, typeWant := range fileTypes { flagFound := false - for _, typeCheck := range parser.file.FileType { + for _, typeCheck := range parser.file.FileTypes { if typeWant == typeCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in FileType", typeWant) + t.Errorf("didn't find %s in FileTypes", typeWant) } } - if len(fileTypes) != len(parser.file.FileType) { - t.Errorf("expected %d types in FileType, got %d", len(fileTypes), - len(parser.file.FileType)) + if len(fileTypes) != len(parser.file.FileTypes) { + t.Errorf("expected %d types in FileTypes, got %d", len(fileTypes), + len(parser.file.FileTypes)) } // File Checksums @@ -443,16 +443,22 @@ func TestParser2_1CanParseFileTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.file.FileChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, parser.file.FileChecksumSHA1) - } - if parser.file.FileChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for FileChecksumSHA256, got %s", codeSha256, parser.file.FileChecksumSHA256) - } - if parser.file.FileChecksumMD5 != codeMd5 { - t.Errorf("expected %s for FileChecksumMD5, got %s", codeMd5, parser.file.FileChecksumMD5) + for _, checksum := range parser.file.Checksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeMd5, checksum.Value) + } + } } - // Concluded License err = parser.parsePairFromFile2_1("LicenseConcluded", "Apache-2.0 OR GPL-2.0-or-later") if err != nil { @@ -476,18 +482,18 @@ func TestParser2_1CanParseFileTags(t *testing.T) { } for _, licWant := range lics { flagFound := false - for _, licCheck := range parser.file.LicenseInfoInFile { + for _, licCheck := range parser.file.LicenseInfoInFiles { if licWant == licCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in LicenseInfoInFile", licWant) + t.Errorf("didn't find %s in LicenseInfoInFiles", licWant) } } - if len(lics) != len(parser.file.LicenseInfoInFile) { - t.Errorf("expected %d licenses in LicenseInfoInFile, got %d", len(lics), - len(parser.file.LicenseInfoInFile)) + if len(lics) != len(parser.file.LicenseInfoInFiles) { + t.Errorf("expected %d licenses in LicenseInfoInFiles, got %d", len(lics), + len(parser.file.LicenseInfoInFiles)) } // Comments on License @@ -625,18 +631,18 @@ func TestParser2_1CanParseFileTags(t *testing.T) { } for _, contribWant := range contribs { flagFound := false - for _, contribCheck := range parser.file.FileContributor { + for _, contribCheck := range parser.file.FileContributors { if contribWant == contribCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in FileContributor", contribWant) + t.Errorf("didn't find %s in FileContributors", contribWant) } } - if len(contribs) != len(parser.file.FileContributor) { - t.Errorf("expected %d contribenses in FileContributor, got %d", len(contribs), - len(parser.file.FileContributor)) + if len(contribs) != len(parser.file.FileContributors) { + t.Errorf("expected %d contribenses in FileContributors, got %d", len(contribs), + len(parser.file.FileContributors)) } // File Dependencies @@ -670,13 +676,13 @@ func TestParser2_1CanParseFileTags(t *testing.T) { func TestParser2_1FileCreatesRelationshipInDocument(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-whatever") if err != nil { @@ -692,13 +698,13 @@ func TestParser2_1FileCreatesRelationshipInDocument(t *testing.T) { func TestParser2_1FileCreatesAnnotationInDocument(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_1("Annotator", "Person: John Doe ()") if err != nil { @@ -714,13 +720,13 @@ func TestParser2_1FileCreatesAnnotationInDocument(t *testing.T) { func TestParser2_1FileUnknownTagFails(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromFile2_1("blah", "something") if err == nil { @@ -730,13 +736,13 @@ func TestParser2_1FileUnknownTagFails(t *testing.T) { func TestFileAOPPointerChangesAfterTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromFile2_1("ArtifactOfProjectName", "project1") if err != nil { @@ -787,11 +793,11 @@ func TestFileAOPPointerChangesAfterTags(t *testing.T) { func TestParser2_1FailsIfInvalidSPDXIDInFileSection(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -807,11 +813,11 @@ func TestParser2_1FailsIfInvalidSPDXIDInFileSection(t *testing.T) { func TestParser2_1FailsIfInvalidChecksumFormatInFileSection(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -827,11 +833,11 @@ func TestParser2_1FailsIfInvalidChecksumFormatInFileSection(t *testing.T) { func TestParser2_1FailsIfUnknownChecksumTypeInFileSection(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -847,11 +853,11 @@ func TestParser2_1FailsIfUnknownChecksumTypeInFileSection(t *testing.T) { func TestParser2_1FailsIfArtifactHomePageBeforeArtifactName(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -867,11 +873,11 @@ func TestParser2_1FailsIfArtifactHomePageBeforeArtifactName(t *testing.T) { func TestParser2_1FailsIfArtifactURIBeforeArtifactName(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_1("FileName", "f1.txt") @@ -888,7 +894,7 @@ func TestParser2_1FailsIfArtifactURIBeforeArtifactName(t *testing.T) { func TestParser2_1FilesWithoutSpdxIdThrowError(t *testing.T) { // case 1: The previous file (packaged or unpackaged) does not contain spdxID parser1 := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, file: &spdx.File2_1{FileName: "FileName"}, } diff --git a/tvloader/parser2v1/parse_other_license_test.go b/tvloader/parser2v1/parse_other_license_test.go index d97eb1c..5ae520b 100644 --- a/tvloader/parser2v1/parse_other_license_test.go +++ b/tvloader/parser2v1/parse_other_license_test.go @@ -14,9 +14,9 @@ func TestParser2_1OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) olname1 := "License 11" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: olid1, @@ -24,8 +24,8 @@ func TestParser2_1OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) }, } olic1 := parser.otherLic - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // the Document's OtherLicenses should have this one only @@ -90,13 +90,13 @@ func TestParser2_1OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) func TestParser2_1OLMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_1("Reviewer", "Person: John Doe") @@ -110,17 +110,17 @@ func TestParser2_1OLMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_1OtherLicenseStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-whatever", LicenseName: "the whatever license", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") @@ -152,17 +152,17 @@ func TestParser2_1OtherLicenseStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_1OtherLicenseStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-whatever", LicenseName: "the whatever license", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_1("Annotator", "Person: John Doe ()") @@ -209,24 +209,24 @@ func TestParser2_1OtherLicenseStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } func TestParser2_1OLFailsAfterParsingOtherSectionTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", LicenseName: "License 11", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // can't go back to old sections @@ -247,13 +247,13 @@ func TestParser2_1OLFailsAfterParsingOtherSectionTags(t *testing.T) { // ===== Other License data section tests ===== func TestParser2_1CanParseOtherLicenseTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // License Identifier @@ -323,13 +323,13 @@ func TestParser2_1CanParseOtherLicenseTags(t *testing.T) { func TestParser2_1OLUnknownTagFails(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psOtherLicense2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePairFromOtherLicense2_1("blah", "something") diff --git a/tvloader/parser2v1/parse_package.go b/tvloader/parser2v1/parse_package.go index a867107..22fc1ed 100644 --- a/tvloader/parser2v1/parse_package.go +++ b/tvloader/parser2v1/parse_package.go @@ -45,16 +45,17 @@ func (parser *tvParser2_1) parsePairFromPackage2_1(tag string, value string) err } parser.pkg.PackageSPDXIdentifier = eID if parser.doc.Packages == nil { - parser.doc.Packages = map[spdx.ElementID]*spdx.Package2_1{} + parser.doc.Packages = []*spdx.Package2_1{} } - parser.doc.Packages[eID] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) case "PackageVersion": parser.pkg.PackageVersion = value case "PackageFileName": parser.pkg.PackageFileName = value case "PackageSupplier": + parser.pkg.PackageSupplier = &spdx.Supplier{} if value == "NOASSERTION" { - parser.pkg.PackageSupplierNOASSERTION = true + parser.pkg.PackageSupplier.Supplier = value break } subkey, subvalue, err := extractSubs(value) @@ -62,16 +63,16 @@ func (parser *tvParser2_1) parsePairFromPackage2_1(tag string, value string) err return err } switch subkey { - case "Person": - parser.pkg.PackageSupplierPerson = subvalue - case "Organization": - parser.pkg.PackageSupplierOrganization = subvalue + case "Person", "Organization": + parser.pkg.PackageSupplier.Supplier = subvalue + parser.pkg.PackageSupplier.SupplierType = subkey default: return fmt.Errorf("unrecognized PackageSupplier type %v", subkey) } case "PackageOriginator": + parser.pkg.PackageOriginator = &spdx.Originator{} if value == "NOASSERTION" { - parser.pkg.PackageOriginatorNOASSERTION = true + parser.pkg.PackageOriginator.Originator = value break } subkey, subvalue, err := extractSubs(value) @@ -79,10 +80,9 @@ func (parser *tvParser2_1) parsePairFromPackage2_1(tag string, value string) err return err } switch subkey { - case "Person": - parser.pkg.PackageOriginatorPerson = subvalue - case "Organization": - parser.pkg.PackageOriginatorOrganization = subvalue + case "Person", "Organization": + parser.pkg.PackageOriginator.Originator = subvalue + parser.pkg.PackageOriginator.OriginatorType = subkey default: return fmt.Errorf("unrecognized PackageOriginator type %v", subkey) } @@ -96,21 +96,19 @@ func (parser *tvParser2_1) parsePairFromPackage2_1(tag string, value string) err parser.pkg.FilesAnalyzed = true } case "PackageVerificationCode": - code, excludesFileName := extractCodeAndExcludes(value) - parser.pkg.PackageVerificationCode = code - parser.pkg.PackageVerificationCodeExcludedFile = excludesFileName + parser.pkg.PackageVerificationCode = extractCodeAndExcludes(value) case "PackageChecksum": subkey, subvalue, err := extractSubs(value) if err != nil { return err } - switch subkey { - case "SHA1": - parser.pkg.PackageChecksumSHA1 = subvalue - case "SHA256": - parser.pkg.PackageChecksumSHA256 = subvalue - case "MD5": - parser.pkg.PackageChecksumMD5 = subvalue + if parser.pkg.PackageChecksums == nil { + parser.pkg.PackageChecksums = []spdx.Checksum{} + } + switch spdx.ChecksumAlgorithm(subkey) { + case spdx.SHA1, spdx.SHA256, spdx.MD5: + algorithm := spdx.ChecksumAlgorithm(subkey) + parser.pkg.PackageChecksums = append(parser.pkg.PackageChecksums, spdx.Checksum{Algorithm: algorithm, Value: subvalue}) default: return fmt.Errorf("got unknown checksum type %s", subkey) } @@ -184,13 +182,13 @@ func (parser *tvParser2_1) parsePairFromPackage2_1(tag string, value string) err // ===== Helper functions ===== -func extractCodeAndExcludes(value string) (string, string) { +func extractCodeAndExcludes(value string) spdx.PackageVerificationCode { // FIXME this should probably be done using regular expressions instead // split by paren + word "excludes:" sp := strings.SplitN(value, "(excludes:", 2) if len(sp) < 2 { // not found; return the whole string as just the code - return value, "" + return spdx.PackageVerificationCode{Value: value, ExcludedFiles: []string{}} } // if we're here, code is in first part and excludes filename is in @@ -198,7 +196,7 @@ func extractCodeAndExcludes(value string) (string, string) { code := strings.TrimSpace(sp[0]) parsedSp := strings.SplitN(sp[1], ")", 2) fileName := strings.TrimSpace(parsedSp[0]) - return code, fileName + return spdx.PackageVerificationCode{Value: code, ExcludedFiles: []string{fileName}} } func extractPackageExternalReference(value string) (string, string, string, error) { diff --git a/tvloader/parser2v1/parse_package_test.go b/tvloader/parser2v1/parse_package_test.go index 3cda3ce..734fc91 100644 --- a/tvloader/parser2v1/parse_package_test.go +++ b/tvloader/parser2v1/parse_package_test.go @@ -13,19 +13,12 @@ func TestParser2_1PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T pkgOldName := "p1" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: pkgOldName, PackageSPDXIdentifier: "p1"}, } pkgOld := parser.pkg - parser.doc.Packages["p1"] = pkgOld - // the Document's Packages should have this one only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) - } - if len(parser.doc.Packages) != 1 { - t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) - } + parser.doc.Packages = append(parser.doc.Packages, pkgOld) // now add a new package pkgName := "p2" @@ -57,8 +50,8 @@ func TestParser2_1PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T t.Errorf("expected IsFilesAnalyzedTagPresent to default to false, got true") } // and the Document's Packages should still be of size 1 and have pkgOld only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("Expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != pkgOld { + t.Errorf("Expected package %v, got %v", pkgOld, parser.doc.Packages[0]) } if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) @@ -67,9 +60,9 @@ func TestParser2_1PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T func TestParser2_1PackageStartsNewPackageAfterParsingPackageNameTagWhileInUnpackaged(t *testing.T) { // pkg is nil, so that Files appearing before the first PackageName tag - // are added to UnpackagedFiles instead of Packages + // are added to Files instead of Packages parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psFile2_1, pkg: nil, } @@ -112,11 +105,11 @@ func TestParser2_1PackageStartsNewPackageAfterParsingPackageNameTagWhileInUnpack func TestParser2_1PackageMovesToFileAfterParsingFileNameTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) pkgCurrent := parser.pkg err := parser.parsePair2_1("FileName", "testFile") @@ -135,11 +128,11 @@ func TestParser2_1PackageMovesToFileAfterParsingFileNameTag(t *testing.T) { func TestParser2_1PackageMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("LicenseID", "LicenseRef-TestLic") if err != nil { @@ -152,11 +145,11 @@ func TestParser2_1PackageMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing. func TestParser2_1PackageMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("Reviewer", "Person: John Doe") if err != nil { @@ -169,11 +162,11 @@ func TestParser2_1PackageMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_1PackageStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") if err != nil { @@ -196,11 +189,11 @@ func TestParser2_1PackageStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_1PackageStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("Annotator", "Person: John Doe ()") if err != nil { @@ -246,7 +239,7 @@ func TestParser2_1PackageStaysAfterParsingAnnotationTags(t *testing.T) { // ===== Package data section tests ===== func TestParser2_1CanParsePackageTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -282,8 +275,8 @@ func TestParser2_1CanParsePackageTags(t *testing.T) { if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["p1"] != parser.pkg { - t.Errorf("expected to point to parser.pkg, got %v", parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != parser.pkg { + t.Errorf("expected to point to parser.pkg, got %v", parser.doc.Packages[0]) } // Package Version @@ -353,14 +346,22 @@ func TestParser2_1CanParsePackageTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for PackageChecksumSHA1, got %s", codeSha1, parser.pkg.PackageChecksumSHA1) - } - if parser.pkg.PackageChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for PackageChecksumSHA256, got %s", codeSha256, parser.pkg.PackageChecksumSHA256) - } - if parser.pkg.PackageChecksumMD5 != codeMd5 { - t.Errorf("expected %s for PackageChecksumMD5, got %s", codeMd5, parser.pkg.PackageChecksumMD5) + + for _, checksum := range parser.pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for PackageChecksum SHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for PackageChecksum SHA256, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for PackageChecksum MD5, got %s", codeMd5, checksum.Value) + } + } } // Package Home Page @@ -555,119 +556,119 @@ func TestParser2_1CanParsePackageTags(t *testing.T) { func TestParser2_1CanParsePackageSupplierPersonTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: Person err := parser.parsePairFromPackage2_1("PackageSupplier", "Person: John Doe") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierPerson != "John Doe" { - t.Errorf("got %v for PackageSupplierPerson", parser.pkg.PackageSupplierPerson) + if parser.pkg.PackageSupplier.Supplier != "John Doe" { + t.Errorf("got %v for PackageSupplierPerson", parser.pkg.PackageSupplier.Supplier) } } func TestParser2_1CanParsePackageSupplierOrganizationTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: Organization err := parser.parsePairFromPackage2_1("PackageSupplier", "Organization: John Doe, Inc.") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierOrganization != "John Doe, Inc." { - t.Errorf("got %v for PackageSupplierOrganization", parser.pkg.PackageSupplierOrganization) + if parser.pkg.PackageSupplier.Supplier != "John Doe, Inc." { + t.Errorf("got %v for PackageSupplierOrganization", parser.pkg.PackageSupplier.Supplier) } } func TestParser2_1CanParsePackageSupplierNOASSERTIONTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: NOASSERTION err := parser.parsePairFromPackage2_1("PackageSupplier", "NOASSERTION") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierNOASSERTION != true { + if parser.pkg.PackageSupplier.Supplier != "NOASSERTION" { t.Errorf("got false for PackageSupplierNOASSERTION") } } func TestParser2_1CanParsePackageOriginatorPersonTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: Person err := parser.parsePairFromPackage2_1("PackageOriginator", "Person: John Doe") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorPerson != "John Doe" { - t.Errorf("got %v for PackageOriginatorPerson", parser.pkg.PackageOriginatorPerson) + if parser.pkg.PackageOriginator.Originator != "John Doe" { + t.Errorf("got %v for PackageOriginatorPerson", parser.pkg.PackageOriginator.Originator) } } func TestParser2_1CanParsePackageOriginatorOrganizationTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: Organization err := parser.parsePairFromPackage2_1("PackageOriginator", "Organization: John Doe, Inc.") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorOrganization != "John Doe, Inc." { - t.Errorf("got %v for PackageOriginatorOrganization", parser.pkg.PackageOriginatorOrganization) + if parser.pkg.PackageOriginator.Originator != "John Doe, Inc." { + t.Errorf("got %v for PackageOriginatorOrganization", parser.pkg.PackageOriginator.Originator) } } func TestParser2_1CanParsePackageOriginatorNOASSERTIONTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: NOASSERTION err := parser.parsePairFromPackage2_1("PackageOriginator", "NOASSERTION") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorNOASSERTION != true { + if parser.pkg.PackageOriginator.Originator != "NOASSERTION" { t.Errorf("got false for PackageOriginatorNOASSERTION") } } func TestParser2_1CanParsePackageVerificationCodeTagWithExcludes(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Verification Code with excludes parenthetical code := "d6a770ba38583ed4bb4525bd96e50461655d2758" @@ -677,22 +678,22 @@ func TestParser2_1CanParsePackageVerificationCodeTagWithExcludes(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageVerificationCode != code { + if parser.pkg.PackageVerificationCode.Value != code { t.Errorf("got %v for PackageVerificationCode", parser.pkg.PackageVerificationCode) } - if parser.pkg.PackageVerificationCodeExcludedFile != fileName { - t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCodeExcludedFile) + if len(parser.pkg.PackageVerificationCode.ExcludedFiles) != 1 || parser.pkg.PackageVerificationCode.ExcludedFiles[0] != fileName { + t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCode.ExcludedFiles) } } func TestParser2_1CanParsePackageVerificationCodeTagWithoutExcludes(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Verification Code without excludes parenthetical code := "d6a770ba38583ed4bb4525bd96e50461655d2758" @@ -700,22 +701,22 @@ func TestParser2_1CanParsePackageVerificationCodeTagWithoutExcludes(t *testing.T if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageVerificationCode != code { + if parser.pkg.PackageVerificationCode.Value != code { t.Errorf("got %v for PackageVerificationCode", parser.pkg.PackageVerificationCode) } - if parser.pkg.PackageVerificationCodeExcludedFile != "" { - t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCodeExcludedFile) + if len(parser.pkg.PackageVerificationCode.ExcludedFiles) != 0 { + t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCode.ExcludedFiles) } } func TestPackageExternalRefPointerChangesAfterTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) ref1 := "SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*" err := parser.parsePairFromPackage2_1("ExternalRef", ref1) @@ -756,11 +757,11 @@ func TestPackageExternalRefPointerChangesAfterTags(t *testing.T) { func TestParser2_1PackageCreatesRelationshipInDocument(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-whatever") if err != nil { @@ -776,11 +777,11 @@ func TestParser2_1PackageCreatesRelationshipInDocument(t *testing.T) { func TestParser2_1PackageCreatesAnnotationInDocument(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_1("Annotator", "Person: John Doe ()") if err != nil { @@ -796,11 +797,11 @@ func TestParser2_1PackageCreatesAnnotationInDocument(t *testing.T) { func TestParser2_1PackageUnknownTagFails(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePairFromPackage2_1("blah", "something") if err == nil { @@ -810,7 +811,7 @@ func TestParser2_1PackageUnknownTagFails(t *testing.T) { func TestParser2_1FailsIfInvalidSPDXIDInPackageSection(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -829,7 +830,7 @@ func TestParser2_1FailsIfInvalidSPDXIDInPackageSection(t *testing.T) { func TestParser2_1FailsIfInvalidPackageSupplierFormat(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -848,7 +849,7 @@ func TestParser2_1FailsIfInvalidPackageSupplierFormat(t *testing.T) { func TestParser2_1FailsIfUnknownPackageSupplierType(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -867,7 +868,7 @@ func TestParser2_1FailsIfUnknownPackageSupplierType(t *testing.T) { func TestParser2_1FailsIfInvalidPackageOriginatorFormat(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -886,7 +887,7 @@ func TestParser2_1FailsIfInvalidPackageOriginatorFormat(t *testing.T) { func TestParser2_1FailsIfUnknownPackageOriginatorType(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -905,7 +906,7 @@ func TestParser2_1FailsIfUnknownPackageOriginatorType(t *testing.T) { func TestParser2_1SetsFilesAnalyzedTagsCorrectly(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -930,7 +931,7 @@ func TestParser2_1SetsFilesAnalyzedTagsCorrectly(t *testing.T) { func TestParser2_1FailsIfInvalidPackageChecksumFormat(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -949,7 +950,7 @@ func TestParser2_1FailsIfInvalidPackageChecksumFormat(t *testing.T) { func TestParser2_1FailsIfInvalidPackageChecksumType(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -968,7 +969,7 @@ func TestParser2_1FailsIfInvalidPackageChecksumType(t *testing.T) { func TestParser2_1FailsIfInvalidExternalRefFormat(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -987,7 +988,7 @@ func TestParser2_1FailsIfInvalidExternalRefFormat(t *testing.T) { func TestParser2_1FailsIfExternalRefCommentBeforeExternalRef(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{}, } @@ -1011,12 +1012,12 @@ func TestCanCheckAndExtractExcludesFilenameAndCode(t *testing.T) { fileName := "./package.spdx" fullCodeValue := "d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx)" - gotCode, gotFileName := extractCodeAndExcludes(fullCodeValue) - if gotCode != code { + gotCode := extractCodeAndExcludes(fullCodeValue) + if gotCode.Value != code { t.Errorf("got %v for gotCode", gotCode) } - if gotFileName != fileName { - t.Errorf("got %v for gotFileName", gotFileName) + if len(gotCode.ExcludedFiles) != 1 || gotCode.ExcludedFiles[0] != fileName { + t.Errorf("got %v for gotFileName", gotCode.ExcludedFiles) } } @@ -1073,15 +1074,15 @@ func TestParser2_1PackageWithoutSpdxIdentifierThrowsError(t *testing.T) { // More than one package, the previous package doesn't contain the SPDXID pkgOldName := "p1" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psPackage2_1, pkg: &spdx.Package2_1{PackageName: pkgOldName}, } pkgOld := parser.pkg - parser.doc.Packages["p1"] = pkgOld + parser.doc.Packages = append(parser.doc.Packages, pkgOld) // the Document's Packages should have this one only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != pkgOld { + t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages[0]) } if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) diff --git a/tvloader/parser2v1/parse_review_test.go b/tvloader/parser2v1/parse_review_test.go index efcde5c..2ef7006 100644 --- a/tvloader/parser2v1/parse_review_test.go +++ b/tvloader/parser2v1/parse_review_test.go @@ -12,9 +12,9 @@ func TestParser2_1ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { // create the first review rev1 := "John Doe" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -25,8 +25,8 @@ func TestParser2_1ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) r1 := parser.rev @@ -82,9 +82,9 @@ func TestParser2_1ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_1ReviewStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -95,8 +95,8 @@ func TestParser2_1ReviewStaysAfterParsingRelationshipTags(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -129,9 +129,9 @@ func TestParser2_1ReviewStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_1ReviewStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -142,8 +142,8 @@ func TestParser2_1ReviewStaysAfterParsingAnnotationTags(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -191,16 +191,16 @@ func TestParser2_1ReviewStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } func TestParser2_1ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -208,8 +208,8 @@ func TestParser2_1ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -235,9 +235,9 @@ func TestParser2_1ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { // ===== Review data section tests ===== func TestParser2_1CanParseReviewTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -245,8 +245,8 @@ func TestParser2_1CanParseReviewTags(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -274,9 +274,9 @@ func TestParser2_1CanParseReviewTags(t *testing.T) { func TestParser2_1CanParseReviewerPersonTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -284,8 +284,8 @@ func TestParser2_1CanParseReviewerPersonTag(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -304,9 +304,9 @@ func TestParser2_1CanParseReviewerPersonTag(t *testing.T) { func TestParser2_1CanParseReviewerOrganizationTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -314,8 +314,8 @@ func TestParser2_1CanParseReviewerOrganizationTag(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -334,9 +334,9 @@ func TestParser2_1CanParseReviewerOrganizationTag(t *testing.T) { func TestParser2_1CanParseReviewerToolTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -344,8 +344,8 @@ func TestParser2_1CanParseReviewerToolTag(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -364,8 +364,8 @@ func TestParser2_1CanParseReviewerToolTag(t *testing.T) { func TestParser2_1FailsIfReviewerInvalidFormat(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, - st: psReview2_1, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, + st: psReview2_1, rev: &spdx.Review2_1{}, } parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -378,8 +378,8 @@ func TestParser2_1FailsIfReviewerInvalidFormat(t *testing.T) { func TestParser2_1FailsIfReviewerUnknownType(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, - st: psReview2_1, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, + st: psReview2_1, rev: &spdx.Review2_1{}, } parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -392,9 +392,9 @@ func TestParser2_1FailsIfReviewerUnknownType(t *testing.T) { func TestParser2_1ReviewUnknownTagFails(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psReview2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_1{ LicenseIdentifier: "LicenseRef-Lic11", @@ -402,8 +402,8 @@ func TestParser2_1ReviewUnknownTagFails(t *testing.T) { }, rev: &spdx.Review2_1{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -412,5 +412,3 @@ func TestParser2_1ReviewUnknownTagFails(t *testing.T) { t.Errorf("expected error from parsing unknown tag") } } - - diff --git a/tvloader/parser2v1/parse_snippet.go b/tvloader/parser2v1/parse_snippet.go index d590383..33392d5 100644 --- a/tvloader/parser2v1/parse_snippet.go +++ b/tvloader/parser2v1/parse_snippet.go @@ -51,7 +51,7 @@ func (parser *tvParser2_1) parsePairFromSnippet2_1(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetFromFileSPDXIdentifier = deID + parser.snippet.SnippetFromFileSPDXIdentifier = deID.ElementRefID case "SnippetByteRange": byteStart, byteEnd, err := extractSubs(value) if err != nil { @@ -65,8 +65,12 @@ func (parser *tvParser2_1) parsePairFromSnippet2_1(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetByteRangeStart = bIntStart - parser.snippet.SnippetByteRangeEnd = bIntEnd + + if parser.snippet.Ranges == nil { + parser.snippet.Ranges = []spdx.SnippetRange{} + } + byteRange := spdx.SnippetRange{StartPointer: spdx.SnippetRangePointer{Offset: bIntStart}, EndPointer: spdx.SnippetRangePointer{Offset: bIntEnd}} + parser.snippet.Ranges = append(parser.snippet.Ranges, byteRange) case "SnippetLineRange": lineStart, lineEnd, err := extractSubs(value) if err != nil { @@ -80,8 +84,12 @@ func (parser *tvParser2_1) parsePairFromSnippet2_1(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetLineRangeStart = lInttStart - parser.snippet.SnippetLineRangeEnd = lInttEnd + + if parser.snippet.Ranges == nil { + parser.snippet.Ranges = []spdx.SnippetRange{} + } + lineRange := spdx.SnippetRange{StartPointer: spdx.SnippetRangePointer{LineNumber: lInttStart}, EndPointer: spdx.SnippetRangePointer{LineNumber: lInttEnd}} + parser.snippet.Ranges = append(parser.snippet.Ranges, lineRange) case "SnippetLicenseConcluded": parser.snippet.SnippetLicenseConcluded = value case "LicenseInfoInSnippet": diff --git a/tvloader/parser2v1/parse_snippet_test.go b/tvloader/parser2v1/parse_snippet_test.go index 603abc5..ea747f4 100644 --- a/tvloader/parser2v1/parse_snippet_test.go +++ b/tvloader/parser2v1/parse_snippet_test.go @@ -12,15 +12,15 @@ func TestParser2_1SnippetStartsNewSnippetAfterParsingSnippetSPDXIDTag(t *testing // create the first snippet sid1 := spdx.ElementID("s1") parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: sid1}, } s1 := parser.snippet - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets[sid1] = parser.snippet // the File's Snippets should have this one only @@ -71,16 +71,16 @@ func TestParser2_1SnippetStartsNewSnippetAfterParsingSnippetSPDXIDTag(t *testing func TestParser2_1SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet // now add a new package @@ -113,21 +113,21 @@ func TestParser2_1SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T if len(parser.doc.Packages) != 1 { t.Errorf("Expected len(Packages) to be 1, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["package1"] != p1 { - t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages["package1"]) + if parser.doc.Packages[0] != p1 { + t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages[0]) } - if parser.doc.Packages["package1"].PackageName != "package1" { - t.Errorf("expected package name %s in Packages[package1], got %s", "package1", parser.doc.Packages["package1"].PackageName) + if parser.doc.Packages[0].PackageName != "package1" { + t.Errorf("expected package name %s in Packages[package1], got %s", "package1", parser.doc.Packages[0].PackageName) } // and the first Package's Files should be of size 1 and have f1 only - if len(parser.doc.Packages["package1"].Files) != 1 { - t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages["package1"].Files)) + if len(parser.doc.Packages[0].Files) != 1 { + t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages[0].Files)) } - if parser.doc.Packages["package1"].Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages["package1"].Files["f1"]) + if parser.doc.Packages[0].Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages[0].Files[0]) } - if parser.doc.Packages["package1"].Files["f1"].FileName != "f1.txt" { - t.Errorf("expected file name %s in Files[f1], got %s", "f1.txt", parser.doc.Packages["package1"].Files["f1"].FileName) + if parser.doc.Packages[0].Files[0].FileName != "f1.txt" { + t.Errorf("expected file name %s in Files[f1], got %s", "f1.txt", parser.doc.Packages[0].Files[0].FileName) } // and the new Package should have no files if len(parser.pkg.Files) != 0 { @@ -146,16 +146,16 @@ func TestParser2_1SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T func TestParser2_1SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { f1Name := "f1.txt" parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet f2Name := "f2.txt" @@ -184,11 +184,11 @@ func TestParser2_1SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Errorf("Expected len(Files) to be 1, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != f1Name { - t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != f1Name { + t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.pkg.Files[0].FileName) } // and the current snippet should be nil if parser.snippet != nil { @@ -198,14 +198,14 @@ func TestParser2_1SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { func TestParser2_1SnippetMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_1("LicenseID", "LicenseRef-TestLic") @@ -219,14 +219,14 @@ func TestParser2_1SnippetMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing. func TestParser2_1SnippetMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_1("Reviewer", "Person: John Doe") @@ -240,14 +240,14 @@ func TestParser2_1SnippetMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_1SnippetStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_1("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") @@ -279,14 +279,14 @@ func TestParser2_1SnippetStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_1SnippetStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_1("Annotator", "Person: John Doe ()") @@ -333,7 +333,7 @@ func TestParser2_1SnippetStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } @@ -341,14 +341,14 @@ func TestParser2_1SnippetStaysAfterParsingAnnotationTags(t *testing.T) { // ===== Snippet data section tests ===== func TestParser2_1CanParseSnippetTags(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // Snippet SPDX Identifier err := parser.parsePairFromSnippet2_1("SnippetSPDXID", "SPDXRef-s1") @@ -365,7 +365,7 @@ func TestParser2_1CanParseSnippetTags(t *testing.T) { t.Errorf("expected nil error, got %v", err) } wantDeID := spdx.DocElementID{DocumentRefID: "", ElementRefID: spdx.ElementID("f1")} - if parser.snippet.SnippetFromFileSPDXIdentifier != wantDeID { + if parser.snippet.SnippetFromFileSPDXIdentifier != wantDeID.ElementRefID { t.Errorf("got %v for SnippetFromFileSPDXIdentifier", parser.snippet.SnippetFromFileSPDXIdentifier) } @@ -374,11 +374,11 @@ func TestParser2_1CanParseSnippetTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.snippet.SnippetByteRangeStart != 20 { - t.Errorf("got %v for SnippetByteRangeStart", parser.snippet.SnippetByteRangeStart) + if parser.snippet.Ranges[0].StartPointer.Offset != 20 { + t.Errorf("got %v for SnippetByteRangeStart", parser.snippet.Ranges[0].StartPointer.Offset) } - if parser.snippet.SnippetByteRangeEnd != 320 { - t.Errorf("got %v for SnippetByteRangeEnd", parser.snippet.SnippetByteRangeEnd) + if parser.snippet.Ranges[0].EndPointer.Offset != 320 { + t.Errorf("got %v for SnippetByteRangeEnd", parser.snippet.Ranges[0].EndPointer.Offset) } // Snippet Line Range @@ -386,11 +386,11 @@ func TestParser2_1CanParseSnippetTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.snippet.SnippetLineRangeStart != 5 { - t.Errorf("got %v for SnippetLineRangeStart", parser.snippet.SnippetLineRangeStart) + if parser.snippet.Ranges[1].StartPointer.LineNumber != 5 { + t.Errorf("got %v for SnippetLineRangeStart", parser.snippet.Ranges[1].StartPointer.LineNumber) } - if parser.snippet.SnippetLineRangeEnd != 12 { - t.Errorf("got %v for SnippetLineRangeEnd", parser.snippet.SnippetLineRangeEnd) + if parser.snippet.Ranges[1].EndPointer.LineNumber != 12 { + t.Errorf("got %v for SnippetLineRangeEnd", parser.snippet.Ranges[1].EndPointer.LineNumber) } // Snippet Concluded License @@ -469,14 +469,14 @@ func TestParser2_1CanParseSnippetTags(t *testing.T) { func TestParser2_1SnippetUnknownTagFails(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromSnippet2_1("blah", "something") if err == nil { @@ -486,14 +486,14 @@ func TestParser2_1SnippetUnknownTagFails(t *testing.T) { func TestParser2_1FailsForInvalidSnippetSPDXID(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // invalid Snippet SPDX Identifier err := parser.parsePairFromSnippet2_1("SnippetSPDXID", "whoops") @@ -504,14 +504,14 @@ func TestParser2_1FailsForInvalidSnippetSPDXID(t *testing.T) { func TestParser2_1FailsForInvalidSnippetFromFileSPDXID(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_1("SnippetSPDXID", "SPDXRef-s1") @@ -527,14 +527,14 @@ func TestParser2_1FailsForInvalidSnippetFromFileSPDXID(t *testing.T) { func TestParser2_1FailsForInvalidSnippetByteValues(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_1("SnippetSPDXID", "SPDXRef-s1") @@ -558,14 +558,14 @@ func TestParser2_1FailsForInvalidSnippetByteValues(t *testing.T) { func TestParser2_1FailsForInvalidSnippetLineValues(t *testing.T) { parser := tvParser2_1{ - doc: &spdx.Document2_1{Packages: map[spdx.ElementID]*spdx.Package2_1{}}, + doc: &spdx.Document2_1{Packages: []*spdx.Package2_1{}}, st: psSnippet2_1, - pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_1{}}, + pkg: &spdx.Package2_1{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_1{}}, file: &spdx.File2_1{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_1{}}, snippet: &spdx.Snippet2_1{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_1("SnippetSPDXID", "SPDXRef-s1") diff --git a/tvloader/parser2v1/parser.go b/tvloader/parser2v1/parser.go index f4a5ae1..70f4819 100644 --- a/tvloader/parser2v1/parser.go +++ b/tvloader/parser2v1/parser.go @@ -59,12 +59,44 @@ func (parser *tvParser2_1) parsePairFromStart2_1(tag string, value string) error // create an SPDX Document data struct if we don't have one already if parser.doc == nil { - parser.doc = &spdx.Document2_1{} + parser.doc = &spdx.Document2_1{ + ExternalDocumentReferences: []spdx.ExternalDocumentRef2_1{}, + } } - // move to Creation Info parser state - parser.st = psCreationInfo2_1 + switch tag { + case "SPDXVersion": + parser.doc.SPDXVersion = value + case "DataLicense": + parser.doc.DataLicense = value + case "SPDXID": + eID, err := extractElementID(value) + if err != nil { + return err + } + parser.doc.SPDXIdentifier = eID + case "DocumentName": + parser.doc.DocumentName = value + case "DocumentNamespace": + parser.doc.DocumentNamespace = value + case "ExternalDocumentRef": + documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) + if err != nil { + return err + } + edr := spdx.ExternalDocumentRef2_1{ + DocumentRefID: documentRefID, + URI: uri, + Checksum: spdx.Checksum{Algorithm: spdx.ChecksumAlgorithm(alg), Value: checksum}, + } + parser.doc.ExternalDocumentReferences = append(parser.doc.ExternalDocumentReferences, edr) + case "DocumentComment": + parser.doc.DocumentComment = value + default: + // move to Creation Info parser state + parser.st = psCreationInfo2_1 + return parser.parsePairFromCreationInfo2_1(tag, value) + } - // and ask Creation Info subfunc to parse - return parser.parsePairFromCreationInfo2_1(tag, value) + return nil } diff --git a/tvloader/parser2v1/parser_test.go b/tvloader/parser2v1/parser_test.go index 9fe051f..e895445 100644 --- a/tvloader/parser2v1/parser_test.go +++ b/tvloader/parser2v1/parser_test.go @@ -24,14 +24,14 @@ func TestParser2_1CanParseTagValues(t *testing.T) { if err != nil { t.Errorf("got error when calling ParseTagValues: %v", err) } - if doc.CreationInfo.SPDXVersion != "SPDX-2.1" { - t.Errorf("expected SPDXVersion to be SPDX-2.1, got %v", doc.CreationInfo.SPDXVersion) + if doc.SPDXVersion != "SPDX-2.1" { + t.Errorf("expected SPDXVersion to be SPDX-2.1, got %v", doc.SPDXVersion) } - if doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("expected DataLicense to be CC0-1.0, got %v", doc.CreationInfo.DataLicense) + if doc.DataLicense != "CC0-1.0" { + t.Errorf("expected DataLicense to be CC0-1.0, got %v", doc.DataLicense) } - if doc.CreationInfo.SPDXIdentifier != "DOCUMENT" { - t.Errorf("expected SPDXIdentifier to be DOCUMENT, got %v", doc.CreationInfo.SPDXIdentifier) + if doc.SPDXIdentifier != "DOCUMENT" { + t.Errorf("expected SPDXIdentifier to be DOCUMENT, got %v", doc.SPDXIdentifier) } } @@ -58,18 +58,6 @@ func TestParser2_1HasDocumentAfterCallToParseFirstTag(t *testing.T) { } } -// ===== Parser start state change tests ===== -func TestParser2_1StartMovesToCreationInfoStateAfterParsingFirstTag(t *testing.T) { - parser := tvParser2_1{} - err := parser.parsePair2_1("SPDXVersion", "b") - if err != nil { - t.Errorf("got error when calling parsePair2_1: %v", err) - } - if parser.st != psCreationInfo2_1 { - t.Errorf("parser is in state %v, expected %v", parser.st, psCreationInfo2_1) - } -} - func TestParser2_1StartFailsToParseIfInInvalidState(t *testing.T) { parser := tvParser2_1{st: psReview2_1} err := parser.parsePairFromStart2_1("SPDXVersion", "SPDX-2.1") diff --git a/tvloader/parser2v2/parse_annotation.go b/tvloader/parser2v2/parse_annotation.go index 8cd5b76..4c5188e 100644 --- a/tvloader/parser2v2/parse_annotation.go +++ b/tvloader/parser2v2/parse_annotation.go @@ -18,8 +18,8 @@ func (parser *tvParser2_2) parsePairForAnnotation2_2(tag string, value string) e return err } if subkey == "Person" || subkey == "Organization" || subkey == "Tool" { - parser.ann.AnnotatorType = subkey - parser.ann.Annotator = subvalue + parser.ann.Annotator.AnnotatorType = subkey + parser.ann.Annotator.Annotator = subvalue return nil } return fmt.Errorf("unrecognized Annotator type %v", subkey) diff --git a/tvloader/parser2v2/parse_annotation_test.go b/tvloader/parser2v2/parse_annotation_test.go index 7a12adf..cdd0541 100644 --- a/tvloader/parser2v2/parse_annotation_test.go +++ b/tvloader/parser2v2/parse_annotation_test.go @@ -70,11 +70,11 @@ func TestParser2_2CanParseAnnotationTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.ann.Annotator != "John Doe" { - t.Errorf("got %v for Annotator, expected John Doe", parser.ann.Annotator) + if parser.ann.Annotator.Annotator != "John Doe" { + t.Errorf("got %+v for Annotator, expected John Doe", parser.ann.Annotator.Annotator) } - if parser.ann.AnnotatorType != "Person" { - t.Errorf("got %v for AnnotatorType, expected Person", parser.ann.AnnotatorType) + if parser.ann.Annotator.AnnotatorType != "Person" { + t.Errorf("got %v for AnnotatorType, expected Person", parser.ann.Annotator.AnnotatorType) } // Annotation Date diff --git a/tvloader/parser2v2/parse_creation_info.go b/tvloader/parser2v2/parse_creation_info.go index c2bfe40..f8406fc 100644 --- a/tvloader/parser2v2/parse_creation_info.go +++ b/tvloader/parser2v2/parse_creation_info.go @@ -17,39 +17,11 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string // create an SPDX Creation Info data struct if we don't have one already if parser.doc.CreationInfo == nil { - parser.doc.CreationInfo = &spdx.CreationInfo2_2{ - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, - } + parser.doc.CreationInfo = &spdx.CreationInfo2_2{} } ci := parser.doc.CreationInfo switch tag { - case "SPDXVersion": - ci.SPDXVersion = value - case "DataLicense": - ci.DataLicense = value - case "SPDXID": - eID, err := extractElementID(value) - if err != nil { - return err - } - ci.SPDXIdentifier = eID - case "DocumentName": - ci.DocumentName = value - case "DocumentNamespace": - ci.DocumentNamespace = value - case "ExternalDocumentRef": - documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) - if err != nil { - return err - } - edr := spdx.ExternalDocumentRef2_2{ - DocumentRefID: documentRefID, - URI: uri, - Alg: alg, - Checksum: checksum, - } - ci.ExternalDocumentReferences[documentRefID] = edr case "LicenseListVersion": ci.LicenseListVersion = value case "Creator": @@ -57,22 +29,20 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string if err != nil { return err } + + creator := spdx.Creator{Creator: subvalue} switch subkey { - case "Person": - ci.CreatorPersons = append(ci.CreatorPersons, subvalue) - case "Organization": - ci.CreatorOrganizations = append(ci.CreatorOrganizations, subvalue) - case "Tool": - ci.CreatorTools = append(ci.CreatorTools, subvalue) + case "Person", "Organization", "Tool": + creator.CreatorType = subkey default: return fmt.Errorf("unrecognized Creator type %v", subkey) } + + ci.Creators = append(ci.Creators, creator) case "Created": ci.Created = value case "CreatorComment": ci.CreatorComment = value - case "DocumentComment": - ci.DocumentComment = value // tag for going on to package section case "PackageName": @@ -91,7 +61,7 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string return parser.parsePairFromPackage2_2(tag, value) // tag for going on to _unpackaged_ file section case "FileName": - // leave pkg as nil, so that packages will be placed in UnpackagedFiles + // leave pkg as nil, so that packages will be placed in Files parser.st = psFile2_2 parser.pkg = nil return parser.parsePairFromFile2_2(tag, value) diff --git a/tvloader/parser2v2/parse_creation_info_test.go b/tvloader/parser2v2/parse_creation_info_test.go index e12fc01..7121346 100644 --- a/tvloader/parser2v2/parse_creation_info_test.go +++ b/tvloader/parser2v2/parse_creation_info_test.go @@ -58,7 +58,7 @@ func TestParser2_2CIMovesToFileAfterParsingFileNameTagWithNoPackages(t *testing. t.Errorf("parser is in state %v, expected %v", parser.st, psFile2_2) } // and current package should be nil, meaning Files are placed in the - // UnpackagedFiles map instead of in a Package + // Files map instead of in a Package if parser.pkg != nil { t.Fatalf("expected pkg to be nil, got non-nil pkg") } @@ -179,7 +179,7 @@ func TestParser2_2HasCreationInfoAfterCallToParseFirstTag(t *testing.T) { doc: &spdx.Document2_2{}, st: psCreationInfo2_2, } - err := parser.parsePairFromCreationInfo2_2("SPDXVersion", "SPDX-2.2") + err := parser.parsePairFromCreationInfo2_2("LicenseListVersion", "3.9") if err != nil { t.Errorf("got error when calling parsePairFromCreationInfo2_2: %v", err) } @@ -194,96 +194,8 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { st: psCreationInfo2_2, } - // SPDX Version - err := parser.parsePairFromCreationInfo2_2("SPDXVersion", "SPDX-2.2") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.SPDXVersion != "SPDX-2.2" { - t.Errorf("got %v for SPDXVersion", parser.doc.CreationInfo.SPDXVersion) - } - - // Data License - err = parser.parsePairFromCreationInfo2_2("DataLicense", "CC0-1.0") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("got %v for DataLicense", parser.doc.CreationInfo.DataLicense) - } - - // SPDX Identifier - err = parser.parsePairFromCreationInfo2_2("SPDXID", "SPDXRef-DOCUMENT") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.SPDXIdentifier != "DOCUMENT" { - t.Errorf("got %v for SPDXIdentifier", parser.doc.CreationInfo.SPDXIdentifier) - } - - // Document Name - err = parser.parsePairFromCreationInfo2_2("DocumentName", "xyz-2.1.5") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentName != "xyz-2.1.5" { - t.Errorf("got %v for DocumentName", parser.doc.CreationInfo.DocumentName) - } - - // Document Namespace - err = parser.parsePairFromCreationInfo2_2("DocumentNamespace", "http://example.com/xyz-2.1.5.spdx") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentNamespace != "http://example.com/xyz-2.1.5.spdx" { - t.Errorf("got %v for DocumentNamespace", parser.doc.CreationInfo.DocumentNamespace) - } - - // External Document Reference - refs := []string{ - "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759", - "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2760", - } - wantRef0 := spdx.ExternalDocumentRef2_2{ - DocumentRefID: "spdx-tool-1.2", - URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", - } - wantRef1 := spdx.ExternalDocumentRef2_2{ - DocumentRefID: "xyz-2.1.2", - URI: "http://example.com/xyz-2.1.2", - Alg: "SHA1", - Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2760", - } - err = parser.parsePairFromCreationInfo2_2("ExternalDocumentRef", refs[0]) - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - err = parser.parsePairFromCreationInfo2_2("ExternalDocumentRef", refs[1]) - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 { - t.Errorf("got %d ExternalDocumentReferences, expected %d", len(parser.doc.CreationInfo.ExternalDocumentReferences), 2) - } - gotRef0 := parser.doc.CreationInfo.ExternalDocumentReferences["spdx-tool-1.2"] - if gotRef0.DocumentRefID != wantRef0.DocumentRefID || - gotRef0.URI != wantRef0.URI || - gotRef0.Alg != wantRef0.Alg || - gotRef0.Checksum != wantRef0.Checksum { - t.Errorf("got %#v for ExternalDocumentReferences[0], wanted %#v", gotRef0, wantRef0) - } - gotRef1 := parser.doc.CreationInfo.ExternalDocumentReferences["xyz-2.1.2"] - if gotRef1.DocumentRefID != wantRef1.DocumentRefID || - gotRef1.URI != wantRef1.URI || - gotRef1.Alg != wantRef1.Alg || - gotRef1.Checksum != wantRef1.Checksum { - t.Errorf("got %#v for ExternalDocumentReferences[1], wanted %#v", gotRef1, wantRef1) - } - // License List Version - err = parser.parsePairFromCreationInfo2_2("LicenseListVersion", "2.2") + err := parser.parsePairFromCreationInfo2_2("LicenseListVersion", "2.2") if err != nil { t.Errorf("expected nil error, got %v", err) } @@ -304,10 +216,10 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorPersons) != 2 || - parser.doc.CreationInfo.CreatorPersons[0] != "Person A" || - parser.doc.CreationInfo.CreatorPersons[1] != "Person B" { - t.Errorf("got %v for CreatorPersons", parser.doc.CreationInfo.CreatorPersons) + if len(parser.doc.CreationInfo.Creators) != 2 || + parser.doc.CreationInfo.Creators[0].Creator != "Person A" || + parser.doc.CreationInfo.Creators[1].Creator != "Person B" { + t.Errorf("got %v for CreatorPersons", parser.doc.CreationInfo.Creators) } // Creators: Organizations @@ -323,10 +235,10 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorOrganizations) != 2 || - parser.doc.CreationInfo.CreatorOrganizations[0] != "Organization A" || - parser.doc.CreationInfo.CreatorOrganizations[1] != "Organization B" { - t.Errorf("got %v for CreatorOrganizations", parser.doc.CreationInfo.CreatorOrganizations) + if len(parser.doc.CreationInfo.Creators) != 4 || + parser.doc.CreationInfo.Creators[2].Creator != "Organization A" || + parser.doc.CreationInfo.Creators[3].Creator != "Organization B" { + t.Errorf("got %v for CreatorOrganizations", parser.doc.CreationInfo.Creators) } // Creators: Tools @@ -342,10 +254,10 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.CreatorTools) != 2 || - parser.doc.CreationInfo.CreatorTools[0] != "Tool A" || - parser.doc.CreationInfo.CreatorTools[1] != "Tool B" { - t.Errorf("got %v for CreatorTools", parser.doc.CreationInfo.CreatorTools) + if len(parser.doc.CreationInfo.Creators) != 6 || + parser.doc.CreationInfo.Creators[4].Creator != "Tool A" || + parser.doc.CreationInfo.Creators[5].Creator != "Tool B" { + t.Errorf("got %v for CreatorTools", parser.doc.CreationInfo.Creators) } // Created date @@ -365,16 +277,6 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { if parser.doc.CreationInfo.CreatorComment != "Blah whatever" { t.Errorf("got %v for CreatorComment", parser.doc.CreationInfo.CreatorComment) } - - // Document Comment - err = parser.parsePairFromCreationInfo2_2("DocumentComment", "Blah whatever") - if err != nil { - t.Errorf("expected nil error, got %v", err) - } - if parser.doc.CreationInfo.DocumentComment != "Blah whatever" { - t.Errorf("got %v for DocumentComment", parser.doc.CreationInfo.DocumentComment) - } - } func TestParser2_2InvalidCreatorTagsFail(t *testing.T) { diff --git a/tvloader/parser2v2/parse_file.go b/tvloader/parser2v2/parse_file.go index 27ec6a4..e564147 100644 --- a/tvloader/parser2v2/parse_file.go +++ b/tvloader/parser2v2/parse_file.go @@ -49,37 +49,37 @@ func (parser *tvParser2_2) parsePairFromFile2_2(tag string, value string) error } parser.file.FileSPDXIdentifier = eID if parser.pkg == nil { - if parser.doc.UnpackagedFiles == nil { - parser.doc.UnpackagedFiles = map[spdx.ElementID]*spdx.File2_2{} + if parser.doc.Files == nil { + parser.doc.Files = []*spdx.File2_2{} } - parser.doc.UnpackagedFiles[eID] = parser.file + parser.doc.Files = append(parser.doc.Files, parser.file) } else { if parser.pkg.Files == nil { - parser.pkg.Files = map[spdx.ElementID]*spdx.File2_2{} + parser.pkg.Files = []*spdx.File2_2{} } - parser.pkg.Files[eID] = parser.file + parser.pkg.Files = append(parser.pkg.Files, parser.file) } case "FileType": - parser.file.FileType = append(parser.file.FileType, value) + parser.file.FileTypes = append(parser.file.FileTypes, value) case "FileChecksum": subkey, subvalue, err := extractSubs(value) if err != nil { return err } - if parser.file.FileChecksums == nil { - parser.file.FileChecksums = map[spdx.ChecksumAlgorithm]spdx.Checksum{} + if parser.file.Checksums == nil { + parser.file.Checksums = []spdx.Checksum{} } - switch subkey { + switch spdx.ChecksumAlgorithm(subkey) { case spdx.SHA1, spdx.SHA256, spdx.MD5: algorithm := spdx.ChecksumAlgorithm(subkey) - parser.file.FileChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: subvalue} + parser.file.Checksums = append(parser.file.Checksums, spdx.Checksum{Algorithm: algorithm, Value: subvalue}) default: return fmt.Errorf("got unknown checksum type %s", subkey) } case "LicenseConcluded": parser.file.LicenseConcluded = value case "LicenseInfoInFile": - parser.file.LicenseInfoInFile = append(parser.file.LicenseInfoInFile, value) + parser.file.LicenseInfoInFiles = append(parser.file.LicenseInfoInFiles, value) case "LicenseComments": parser.file.LicenseComments = value case "FileCopyrightText": @@ -103,7 +103,7 @@ func (parser *tvParser2_2) parsePairFromFile2_2(tag string, value string) error case "FileNotice": parser.file.FileNotice = value case "FileContributor": - parser.file.FileContributor = append(parser.file.FileContributor, value) + parser.file.FileContributors = append(parser.file.FileContributors, value) case "FileDependency": parser.file.FileDependencies = append(parser.file.FileDependencies, value) case "FileAttributionText": diff --git a/tvloader/parser2v2/parse_file_test.go b/tvloader/parser2v2/parse_file_test.go index 689a2df..30f9f5e 100644 --- a/tvloader/parser2v2/parse_file_test.go +++ b/tvloader/parser2v2/parse_file_test.go @@ -13,23 +13,23 @@ func TestParser2_2FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { fileOldName := "f1.txt" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: fileOldName, FileSPDXIdentifier: "f1"}, } fileOld := parser.file - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = fileOld + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, fileOld) // the Package's Files should have this one only if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } // now add a new file @@ -55,11 +55,11 @@ func TestParser2_2FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } // now parse an SPDX identifier tag @@ -71,17 +71,17 @@ func TestParser2_2FileStartsNewFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 2 { t.Fatalf("expected 2 files, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != fileOld { - t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f1], got %v", fileOld, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != fileOldName { - t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != fileOldName { + t.Errorf("expected file name %s in Files[f1], got %s", fileOldName, parser.pkg.Files[0].FileName) } - if parser.pkg.Files["f2ID"] != parser.file { - t.Errorf("expected file %v in Files[f2ID], got %v", parser.file, parser.pkg.Files["f2ID"]) + if parser.pkg.Files[1] != parser.file { + t.Errorf("expected file %v in Files[f2ID], got %v", parser.file, parser.pkg.Files[1]) } - if parser.pkg.Files["f2ID"].FileName != fileName { - t.Errorf("expected file name %s in Files[f2ID], got %s", fileName, parser.pkg.Files["f2ID"].FileName) + if parser.pkg.Files[1].FileName != fileName { + t.Errorf("expected file name %s in Files[f2ID], got %s", fileName, parser.pkg.Files[1].FileName) } } @@ -103,12 +103,12 @@ func TestParser2_2FileAddsToPackageOrUnpackagedFiles(t *testing.T) { t.Errorf("got error when calling parsePair2_2: %v", err) } fileOld := parser.file - // should have been added to UnpackagedFiles - if len(parser.doc.UnpackagedFiles) != 1 { - t.Fatalf("expected 1 file in UnpackagedFiles, got %d", len(parser.doc.UnpackagedFiles)) + // should have been added to Files + if len(parser.doc.Files) != 1 { + t.Fatalf("expected 1 file in Files, got %d", len(parser.doc.Files)) } - if parser.doc.UnpackagedFiles["f2ID"] != fileOld { - t.Errorf("expected file %v in UnpackagedFiles[f2ID], got %v", fileOld, parser.doc.UnpackagedFiles["f2ID"]) + if parser.doc.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f2ID], got %v", fileOld, parser.doc.Files[0]) } // now create a package and a new file err = parser.parsePair2_2("PackageName", "package1") @@ -127,19 +127,19 @@ func TestParser2_2FileAddsToPackageOrUnpackagedFiles(t *testing.T) { if err != nil { t.Errorf("got error when calling parsePair2_2: %v", err) } - // UnpackagedFiles should still be size 1 and have old file only - if len(parser.doc.UnpackagedFiles) != 1 { - t.Fatalf("expected 1 file in UnpackagedFiles, got %d", len(parser.doc.UnpackagedFiles)) + // Files should still be size 1 and have old file only + if len(parser.doc.Files) != 1 { + t.Fatalf("expected 1 file in Files, got %d", len(parser.doc.Files)) } - if parser.doc.UnpackagedFiles["f2ID"] != fileOld { - t.Errorf("expected file %v in UnpackagedFiles[f2ID], got %v", fileOld, parser.doc.UnpackagedFiles["f2ID"]) + if parser.doc.Files[0] != fileOld { + t.Errorf("expected file %v in Files[f2ID], got %v", fileOld, parser.doc.Files[0]) } // and new package should have gotten the new file if len(parser.pkg.Files) != 1 { t.Fatalf("expected 1 file in Files, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f3ID"] != parser.file { - t.Errorf("expected file %v in Files[f3ID], got %v", parser.file, parser.pkg.Files["f3ID"]) + if parser.pkg.Files[0] != parser.file { + t.Errorf("expected file %v in Files[f3ID], got %v", parser.file, parser.pkg.Files[0]) } } @@ -149,15 +149,15 @@ func TestParser2_2FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { f1Name := "f1.txt" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: p1Name, PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: p1Name, PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: f1Name, FileSPDXIdentifier: "f1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = p1 - parser.pkg.Files["f1"] = f1 + parser.doc.Packages = append(parser.doc.Packages, p1) + parser.pkg.Files = append(parser.pkg.Files, f1) // now add a new package p2Name := "package2" @@ -193,21 +193,21 @@ func TestParser2_2FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { if len(parser.doc.Packages) != 1 { t.Fatalf("expected 1 package, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["package1"] != p1 { - t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages["package1"]) + if parser.doc.Packages[0] != p1 { + t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages[0]) } - if parser.doc.Packages["package1"].PackageName != p1Name { - t.Errorf("expected package name %s in Packages[package1], got %s", p1Name, parser.doc.Packages["package1"].PackageName) + if parser.doc.Packages[0].PackageName != p1Name { + t.Errorf("expected package name %s in Packages[package1], got %s", p1Name, parser.doc.Packages[0].PackageName) } // and the first Package's Files should be of size 1 and have f1 only - if len(parser.doc.Packages["package1"].Files) != 1 { - t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages["package1"].Files)) + if len(parser.doc.Packages[0].Files) != 1 { + t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages[0].Files)) } - if parser.doc.Packages["package1"].Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages["package1"].Files["f1"]) + if parser.doc.Packages[0].Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages[0].Files[0]) } - if parser.doc.Packages["package1"].Files["f1"].FileName != f1Name { - t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.doc.Packages["package1"].Files["f1"].FileName) + if parser.doc.Packages[0].Files[0].FileName != f1Name { + t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.doc.Packages[0].Files[0].FileName) } // and the current file should be nil if parser.file != nil { @@ -217,13 +217,13 @@ func TestParser2_2FileStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { func TestParser2_2FileMovesToSnippetAfterParsingSnippetSPDXIDTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) fileCurrent := parser.file err := parser.parsePair2_2("SnippetSPDXID", "SPDXRef-Test1") @@ -242,13 +242,13 @@ func TestParser2_2FileMovesToSnippetAfterParsingSnippetSPDXIDTag(t *testing.T) { func TestParser2_2FileMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f2"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("LicenseID", "LicenseRef-TestLic") if err != nil { @@ -261,13 +261,13 @@ func TestParser2_2FileMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) func TestParser2_2FileMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("Reviewer", "Person: John Doe") if err != nil { @@ -280,13 +280,13 @@ func TestParser2_2FileMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_2FileStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") if err != nil { @@ -309,13 +309,13 @@ func TestParser2_2FileStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_2FileStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("Annotator", "Person: John Doe ()") if err != nil { @@ -361,11 +361,11 @@ func TestParser2_2FileStaysAfterParsingAnnotationTags(t *testing.T) { // ===== File data section tests ===== func TestParser2_2CanParseFileTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -393,8 +393,8 @@ func TestParser2_2CanParseFileTags(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Errorf("expected 1 file, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != parser.file { - t.Errorf("expected Files[f1] to be %v, got %v", parser.file, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != parser.file { + t.Errorf("expected Files[f1] to be %v, got %v", parser.file, parser.pkg.Files[0]) } // File Type @@ -410,18 +410,18 @@ func TestParser2_2CanParseFileTags(t *testing.T) { } for _, typeWant := range fileTypes { flagFound := false - for _, typeCheck := range parser.file.FileType { + for _, typeCheck := range parser.file.FileTypes { if typeWant == typeCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in FileType", typeWant) + t.Errorf("didn't find %s in FileTypes", typeWant) } } - if len(fileTypes) != len(parser.file.FileType) { - t.Errorf("expected %d types in FileType, got %d", len(fileTypes), - len(parser.file.FileType)) + if len(fileTypes) != len(parser.file.FileTypes) { + t.Errorf("expected %d types in FileTypes, got %d", len(fileTypes), + len(parser.file.FileTypes)) } // File Checksums @@ -443,7 +443,7 @@ func TestParser2_2CanParseFileTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - for _, checksum := range parser.file.FileChecksums { + for _, checksum := range parser.file.Checksums { switch checksum.Algorithm { case spdx.SHA1: if checksum.Value != codeSha1 { @@ -482,18 +482,18 @@ func TestParser2_2CanParseFileTags(t *testing.T) { } for _, licWant := range lics { flagFound := false - for _, licCheck := range parser.file.LicenseInfoInFile { + for _, licCheck := range parser.file.LicenseInfoInFiles { if licWant == licCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in LicenseInfoInFile", licWant) + t.Errorf("didn't find %s in LicenseInfoInFiles", licWant) } } - if len(lics) != len(parser.file.LicenseInfoInFile) { - t.Errorf("expected %d licenses in LicenseInfoInFile, got %d", len(lics), - len(parser.file.LicenseInfoInFile)) + if len(lics) != len(parser.file.LicenseInfoInFiles) { + t.Errorf("expected %d licenses in LicenseInfoInFiles, got %d", len(lics), + len(parser.file.LicenseInfoInFiles)) } // Comments on License @@ -631,18 +631,18 @@ func TestParser2_2CanParseFileTags(t *testing.T) { } for _, contribWant := range contribs { flagFound := false - for _, contribCheck := range parser.file.FileContributor { + for _, contribCheck := range parser.file.FileContributors { if contribWant == contribCheck { flagFound = true } } if flagFound == false { - t.Errorf("didn't find %s in FileContributor", contribWant) + t.Errorf("didn't find %s in FileContributors", contribWant) } } - if len(contribs) != len(parser.file.FileContributor) { - t.Errorf("expected %d contribenses in FileContributor, got %d", len(contribs), - len(parser.file.FileContributor)) + if len(contribs) != len(parser.file.FileContributors) { + t.Errorf("expected %d contribenses in FileContributors, got %d", len(contribs), + len(parser.file.FileContributors)) } // File Dependencies @@ -703,13 +703,13 @@ func TestParser2_2CanParseFileTags(t *testing.T) { func TestParser2_2FileCreatesRelationshipInDocument(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-whatever") if err != nil { @@ -725,13 +725,13 @@ func TestParser2_2FileCreatesRelationshipInDocument(t *testing.T) { func TestParser2_2FileCreatesAnnotationInDocument(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePair2_2("Annotator", "Person: John Doe ()") if err != nil { @@ -747,13 +747,13 @@ func TestParser2_2FileCreatesAnnotationInDocument(t *testing.T) { func TestParser2_2FileUnknownTagFails(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromFile2_2("blah", "something") if err == nil { @@ -763,13 +763,13 @@ func TestParser2_2FileUnknownTagFails(t *testing.T) { func TestFileAOPPointerChangesAfterTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromFile2_2("ArtifactOfProjectName", "project1") if err != nil { @@ -820,11 +820,11 @@ func TestFileAOPPointerChangesAfterTags(t *testing.T) { func TestParser2_2FailsIfInvalidSPDXIDInFileSection(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -840,11 +840,11 @@ func TestParser2_2FailsIfInvalidSPDXIDInFileSection(t *testing.T) { func TestParser2_2FailsIfInvalidChecksumFormatInFileSection(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -860,11 +860,11 @@ func TestParser2_2FailsIfInvalidChecksumFormatInFileSection(t *testing.T) { func TestParser2_1FailsIfUnknownChecksumTypeInFileSection(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -880,11 +880,11 @@ func TestParser2_1FailsIfUnknownChecksumTypeInFileSection(t *testing.T) { func TestParser2_2FailsIfArtifactHomePageBeforeArtifactName(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -900,11 +900,11 @@ func TestParser2_2FailsIfArtifactHomePageBeforeArtifactName(t *testing.T) { func TestParser2_2FailsIfArtifactURIBeforeArtifactName(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, } - parser.doc.Packages["test"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // start with File Name err := parser.parsePairFromFile2_2("FileName", "f1.txt") @@ -921,7 +921,7 @@ func TestParser2_2FailsIfArtifactURIBeforeArtifactName(t *testing.T) { func TestParser2_2FilesWithoutSpdxIdThrowError(t *testing.T) { // case 1: The previous file (packaged or unpackaged) does not contain spdx ID parser1 := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, file: &spdx.File2_2{FileName: "FileName"}, } diff --git a/tvloader/parser2v2/parse_other_license_test.go b/tvloader/parser2v2/parse_other_license_test.go index ebf4170..e0607ee 100644 --- a/tvloader/parser2v2/parse_other_license_test.go +++ b/tvloader/parser2v2/parse_other_license_test.go @@ -14,9 +14,9 @@ func TestParser2_2OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) olname1 := "License 11" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: olid1, @@ -24,8 +24,8 @@ func TestParser2_2OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) }, } olic1 := parser.otherLic - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // the Document's OtherLicenses should have this one only @@ -90,13 +90,13 @@ func TestParser2_2OLStartsNewOtherLicenseAfterParsingLicenseIDTag(t *testing.T) func TestParser2_2OLMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_2("Reviewer", "Person: John Doe") @@ -110,17 +110,17 @@ func TestParser2_2OLMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_2OtherLicenseStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-whatever", LicenseName: "the whatever license", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") @@ -152,17 +152,17 @@ func TestParser2_2OtherLicenseStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_2OtherLicenseStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-whatever", LicenseName: "the whatever license", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePair2_2("Annotator", "Person: John Doe ()") @@ -209,24 +209,24 @@ func TestParser2_2OtherLicenseStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } func TestParser2_2OLFailsAfterParsingOtherSectionTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", LicenseName: "License 11", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // can't go back to old sections @@ -247,13 +247,13 @@ func TestParser2_2OLFailsAfterParsingOtherSectionTags(t *testing.T) { // ===== Other License data section tests ===== func TestParser2_2CanParseOtherLicenseTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) // License Identifier @@ -323,13 +323,13 @@ func TestParser2_2CanParseOtherLicenseTags(t *testing.T) { func TestParser2_2OLUnknownTagFails(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psOtherLicense2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) err := parser.parsePairFromOtherLicense2_2("blah", "something") diff --git a/tvloader/parser2v2/parse_package.go b/tvloader/parser2v2/parse_package.go index 15f7dc6..4d6caf9 100644 --- a/tvloader/parser2v2/parse_package.go +++ b/tvloader/parser2v2/parse_package.go @@ -45,47 +45,51 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err } parser.pkg.PackageSPDXIdentifier = eID if parser.doc.Packages == nil { - parser.doc.Packages = map[spdx.ElementID]*spdx.Package2_2{} + parser.doc.Packages = []*spdx.Package2_2{} } - parser.doc.Packages[eID] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) case "PackageVersion": parser.pkg.PackageVersion = value case "PackageFileName": parser.pkg.PackageFileName = value case "PackageSupplier": + supplier := &spdx.Supplier{Supplier: value} if value == "NOASSERTION" { - parser.pkg.PackageSupplierNOASSERTION = true + parser.pkg.PackageSupplier = supplier break } + subkey, subvalue, err := extractSubs(value) if err != nil { return err } switch subkey { - case "Person": - parser.pkg.PackageSupplierPerson = subvalue - case "Organization": - parser.pkg.PackageSupplierOrganization = subvalue + case "Person", "Organization": + supplier.Supplier = subvalue + supplier.SupplierType = subkey default: return fmt.Errorf("unrecognized PackageSupplier type %v", subkey) } + parser.pkg.PackageSupplier = supplier case "PackageOriginator": + originator := &spdx.Originator{Originator: value} if value == "NOASSERTION" { - parser.pkg.PackageOriginatorNOASSERTION = true + parser.pkg.PackageOriginator = originator break } + subkey, subvalue, err := extractSubs(value) if err != nil { return err } switch subkey { - case "Person": - parser.pkg.PackageOriginatorPerson = subvalue - case "Organization": - parser.pkg.PackageOriginatorOrganization = subvalue + case "Person", "Organization": + originator.Originator = subvalue + originator.OriginatorType = subkey default: return fmt.Errorf("unrecognized PackageOriginator type %v", subkey) } + parser.pkg.PackageOriginator = originator case "PackageDownloadLocation": parser.pkg.PackageDownloadLocation = value case "FilesAnalyzed": @@ -96,21 +100,19 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err parser.pkg.FilesAnalyzed = true } case "PackageVerificationCode": - code, excludesFileName := extractCodeAndExcludes(value) - parser.pkg.PackageVerificationCode = code - parser.pkg.PackageVerificationCodeExcludedFile = excludesFileName + parser.pkg.PackageVerificationCode = extractCodeAndExcludes(value) case "PackageChecksum": subkey, subvalue, err := extractSubs(value) if err != nil { return err } if parser.pkg.PackageChecksums == nil { - parser.pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum, 9) + parser.pkg.PackageChecksums = []spdx.Checksum{} } - switch subkey { + switch spdx.ChecksumAlgorithm(subkey) { case spdx.SHA1, spdx.SHA256, spdx.MD5: algorithm := spdx.ChecksumAlgorithm(subkey) - parser.pkg.PackageChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: subvalue} + parser.pkg.PackageChecksums = append(parser.pkg.PackageChecksums, spdx.Checksum{Algorithm: algorithm, Value: subvalue}) default: return fmt.Errorf("got unknown checksum type %s", subkey) } @@ -186,13 +188,13 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err // ===== Helper functions ===== -func extractCodeAndExcludes(value string) (string, string) { +func extractCodeAndExcludes(value string) spdx.PackageVerificationCode { // FIXME this should probably be done using regular expressions instead // split by paren + word "excludes:" sp := strings.SplitN(value, "(excludes:", 2) if len(sp) < 2 { // not found; return the whole string as just the code - return value, "" + return spdx.PackageVerificationCode{Value: value, ExcludedFiles: []string{}} } // if we're here, code is in first part and excludes filename is in @@ -200,7 +202,7 @@ func extractCodeAndExcludes(value string) (string, string) { code := strings.TrimSpace(sp[0]) parsedSp := strings.SplitN(sp[1], ")", 2) fileName := strings.TrimSpace(parsedSp[0]) - return code, fileName + return spdx.PackageVerificationCode{Value: code, ExcludedFiles: []string{fileName}} } func extractPackageExternalReference(value string) (string, string, string, error) { diff --git a/tvloader/parser2v2/parse_package_test.go b/tvloader/parser2v2/parse_package_test.go index 5809931..6b58d0f 100644 --- a/tvloader/parser2v2/parse_package_test.go +++ b/tvloader/parser2v2/parse_package_test.go @@ -13,15 +13,15 @@ func TestParser2_2PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T pkgOldName := "p1" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: pkgOldName, PackageSPDXIdentifier: "p1"}, } pkgOld := parser.pkg - parser.doc.Packages["p1"] = pkgOld + parser.doc.Packages = append(parser.doc.Packages, pkgOld) // the Document's Packages should have this one only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != pkgOld { + t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages[0]) } if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) @@ -57,8 +57,8 @@ func TestParser2_2PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T t.Errorf("expected IsFilesAnalyzedTagPresent to default to false, got true") } // and the Document's Packages should still be of size 1 and have pkgOld only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("Expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != pkgOld { + t.Errorf("Expected package %v, got %v", pkgOld, parser.doc.Packages[0]) } if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) @@ -67,9 +67,9 @@ func TestParser2_2PackageStartsNewPackageAfterParsingPackageNameTag(t *testing.T func TestParser2_2PackageStartsNewPackageAfterParsingPackageNameTagWhileInUnpackaged(t *testing.T) { // pkg is nil, so that Files appearing before the first PackageName tag - // are added to UnpackagedFiles instead of Packages + // are added to Files instead of Packages parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psFile2_2, pkg: nil, } @@ -112,11 +112,11 @@ func TestParser2_2PackageStartsNewPackageAfterParsingPackageNameTagWhileInUnpack func TestParser2_2PackageMovesToFileAfterParsingFileNameTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) pkgCurrent := parser.pkg err := parser.parsePair2_2("FileName", "testFile") @@ -135,11 +135,11 @@ func TestParser2_2PackageMovesToFileAfterParsingFileNameTag(t *testing.T) { func TestParser2_2PackageMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("LicenseID", "LicenseRef-TestLic") if err != nil { @@ -152,11 +152,11 @@ func TestParser2_2PackageMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing. func TestParser2_2PackageMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("Reviewer", "Person: John Doe") if err != nil { @@ -169,11 +169,11 @@ func TestParser2_2PackageMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_2PackageStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") if err != nil { @@ -196,11 +196,11 @@ func TestParser2_2PackageStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_2PackageStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("Annotator", "Person: John Doe ()") if err != nil { @@ -246,7 +246,7 @@ func TestParser2_2PackageStaysAfterParsingAnnotationTags(t *testing.T) { // ===== Package data section tests ===== func TestParser2_2CanParsePackageTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -282,8 +282,8 @@ func TestParser2_2CanParsePackageTags(t *testing.T) { if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["p1"] != parser.pkg { - t.Errorf("expected to point to parser.pkg, got %v", parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != parser.pkg { + t.Errorf("expected to point to parser.pkg, got %v", parser.doc.Packages[0]) } // Package Version @@ -589,119 +589,119 @@ func TestParser2_2CanParsePackageTags(t *testing.T) { func TestParser2_2CanParsePackageSupplierPersonTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: Person err := parser.parsePairFromPackage2_2("PackageSupplier", "Person: John Doe") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierPerson != "John Doe" { - t.Errorf("got %v for PackageSupplierPerson", parser.pkg.PackageSupplierPerson) + if parser.pkg.PackageSupplier.Supplier != "John Doe" { + t.Errorf("got %v for PackageSupplierPerson", parser.pkg.PackageSupplier.Supplier) } } func TestParser2_2CanParsePackageSupplierOrganizationTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: Organization err := parser.parsePairFromPackage2_2("PackageSupplier", "Organization: John Doe, Inc.") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierOrganization != "John Doe, Inc." { - t.Errorf("got %v for PackageSupplierOrganization", parser.pkg.PackageSupplierOrganization) + if parser.pkg.PackageSupplier.Supplier != "John Doe, Inc." { + t.Errorf("got %v for PackageSupplierOrganization", parser.pkg.PackageSupplier.Supplier) } } func TestParser2_2CanParsePackageSupplierNOASSERTIONTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Supplier: NOASSERTION err := parser.parsePairFromPackage2_2("PackageSupplier", "NOASSERTION") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageSupplierNOASSERTION != true { - t.Errorf("got false for PackageSupplierNOASSERTION") + if parser.pkg.PackageSupplier.Supplier != "NOASSERTION" { + t.Errorf("got value for Supplier, expected NOASSERTION") } } func TestParser2_2CanParsePackageOriginatorPersonTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: Person err := parser.parsePairFromPackage2_2("PackageOriginator", "Person: John Doe") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorPerson != "John Doe" { - t.Errorf("got %v for PackageOriginatorPerson", parser.pkg.PackageOriginatorPerson) + if parser.pkg.PackageOriginator.Originator != "John Doe" { + t.Errorf("got %v for PackageOriginator", parser.pkg.PackageOriginator.Originator) } } func TestParser2_2CanParsePackageOriginatorOrganizationTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: Organization err := parser.parsePairFromPackage2_2("PackageOriginator", "Organization: John Doe, Inc.") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorOrganization != "John Doe, Inc." { - t.Errorf("got %v for PackageOriginatorOrganization", parser.pkg.PackageOriginatorOrganization) + if parser.pkg.PackageOriginator.Originator != "John Doe, Inc." { + t.Errorf("got %v for PackageOriginator", parser.pkg.PackageOriginator.Originator) } } func TestParser2_2CanParsePackageOriginatorNOASSERTIONTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Originator: NOASSERTION err := parser.parsePairFromPackage2_2("PackageOriginator", "NOASSERTION") if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageOriginatorNOASSERTION != true { + if parser.pkg.PackageOriginator.Originator != "NOASSERTION" { t.Errorf("got false for PackageOriginatorNOASSERTION") } } func TestParser2_2CanParsePackageVerificationCodeTagWithExcludes(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Verification Code with excludes parenthetical code := "d6a770ba38583ed4bb4525bd96e50461655d2758" @@ -711,22 +711,22 @@ func TestParser2_2CanParsePackageVerificationCodeTagWithExcludes(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageVerificationCode != code { + if parser.pkg.PackageVerificationCode.Value != code { t.Errorf("got %v for PackageVerificationCode", parser.pkg.PackageVerificationCode) } - if parser.pkg.PackageVerificationCodeExcludedFile != fileName { - t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCodeExcludedFile) + if len(parser.pkg.PackageVerificationCode.ExcludedFiles) != 1 || parser.pkg.PackageVerificationCode.ExcludedFiles[0] != fileName { + t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCode.ExcludedFiles) } } func TestParser2_2CanParsePackageVerificationCodeTagWithoutExcludes(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) // Package Verification Code without excludes parenthetical code := "d6a770ba38583ed4bb4525bd96e50461655d2758" @@ -734,22 +734,22 @@ func TestParser2_2CanParsePackageVerificationCodeTagWithoutExcludes(t *testing.T if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageVerificationCode != code { + if parser.pkg.PackageVerificationCode.Value != code { t.Errorf("got %v for PackageVerificationCode", parser.pkg.PackageVerificationCode) } - if parser.pkg.PackageVerificationCodeExcludedFile != "" { - t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCodeExcludedFile) + if len(parser.pkg.PackageVerificationCode.ExcludedFiles) != 0 { + t.Errorf("got %v for PackageVerificationCodeExcludedFile", parser.pkg.PackageVerificationCode.ExcludedFiles) } } func TestParser2_2PackageExternalRefPointerChangesAfterTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) ref1 := "SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*" err := parser.parsePairFromPackage2_2("ExternalRef", ref1) @@ -790,11 +790,11 @@ func TestParser2_2PackageExternalRefPointerChangesAfterTags(t *testing.T) { func TestParser2_2PackageCreatesRelationshipInDocument(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-whatever") if err != nil { @@ -810,11 +810,11 @@ func TestParser2_2PackageCreatesRelationshipInDocument(t *testing.T) { func TestParser2_2PackageCreatesAnnotationInDocument(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePair2_2("Annotator", "Person: John Doe ()") if err != nil { @@ -830,11 +830,11 @@ func TestParser2_2PackageCreatesAnnotationInDocument(t *testing.T) { func TestParser2_2PackageUnknownTagFails(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: "p1", PackageSPDXIdentifier: "p1"}, } - parser.doc.Packages["p1"] = parser.pkg + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) err := parser.parsePairFromPackage2_2("blah", "something") if err == nil { @@ -844,7 +844,7 @@ func TestParser2_2PackageUnknownTagFails(t *testing.T) { func TestParser2_2FailsIfInvalidSPDXIDInPackageSection(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -863,7 +863,7 @@ func TestParser2_2FailsIfInvalidSPDXIDInPackageSection(t *testing.T) { func TestParser2_2FailsIfInvalidPackageSupplierFormat(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -882,7 +882,7 @@ func TestParser2_2FailsIfInvalidPackageSupplierFormat(t *testing.T) { func TestParser2_2FailsIfUnknownPackageSupplierType(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -901,7 +901,7 @@ func TestParser2_2FailsIfUnknownPackageSupplierType(t *testing.T) { func TestParser2_2FailsIfInvalidPackageOriginatorFormat(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -920,7 +920,7 @@ func TestParser2_2FailsIfInvalidPackageOriginatorFormat(t *testing.T) { func TestParser2_2FailsIfUnknownPackageOriginatorType(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -939,7 +939,7 @@ func TestParser2_2FailsIfUnknownPackageOriginatorType(t *testing.T) { func TestParser2_2SetsFilesAnalyzedTagsCorrectly(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -964,7 +964,7 @@ func TestParser2_2SetsFilesAnalyzedTagsCorrectly(t *testing.T) { func TestParser2_2FailsIfInvalidPackageChecksumFormat(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -983,7 +983,7 @@ func TestParser2_2FailsIfInvalidPackageChecksumFormat(t *testing.T) { func TestParser2_2FailsIfInvalidPackageChecksumType(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -1002,7 +1002,7 @@ func TestParser2_2FailsIfInvalidPackageChecksumType(t *testing.T) { func TestParser2_2FailsIfInvalidExternalRefFormat(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -1021,7 +1021,7 @@ func TestParser2_2FailsIfInvalidExternalRefFormat(t *testing.T) { func TestParser2_2FailsIfExternalRefCommentBeforeExternalRef(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{}, } @@ -1045,12 +1045,12 @@ func TestCanCheckAndExtractExcludesFilenameAndCode(t *testing.T) { fileName := "./package.spdx" fullCodeValue := "d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx)" - gotCode, gotFileName := extractCodeAndExcludes(fullCodeValue) - if gotCode != code { + gotCode := extractCodeAndExcludes(fullCodeValue) + if gotCode.Value != code { t.Errorf("got %v for gotCode", gotCode) } - if gotFileName != fileName { - t.Errorf("got %v for gotFileName", gotFileName) + if len(gotCode.ExcludedFiles) != 1 || gotCode.ExcludedFiles[0] != fileName { + t.Errorf("got %v for gotFileName", gotCode.ExcludedFiles) } } @@ -1107,15 +1107,15 @@ func TestParser2_2PackageWithoutSpdxIdentifierThrowsError(t *testing.T) { // More than one package, the previous package doesn't contain an SPDX ID pkgOldName := "p1" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psPackage2_2, pkg: &spdx.Package2_2{PackageName: pkgOldName}, } pkgOld := parser.pkg - parser.doc.Packages["p1"] = pkgOld + parser.doc.Packages = append(parser.doc.Packages, pkgOld) // the Document's Packages should have this one only - if parser.doc.Packages["p1"] != pkgOld { - t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + if parser.doc.Packages[0] != pkgOld { + t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages[0]) } if len(parser.doc.Packages) != 1 { t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) diff --git a/tvloader/parser2v2/parse_review_test.go b/tvloader/parser2v2/parse_review_test.go index f482184..de73ede 100644 --- a/tvloader/parser2v2/parse_review_test.go +++ b/tvloader/parser2v2/parse_review_test.go @@ -12,9 +12,9 @@ func TestParser2_2ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { // create the first review rev1 := "John Doe" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -25,8 +25,8 @@ func TestParser2_2ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) r1 := parser.rev @@ -82,9 +82,9 @@ func TestParser2_2ReviewStartsNewReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_2ReviewStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -95,8 +95,8 @@ func TestParser2_2ReviewStaysAfterParsingRelationshipTags(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -129,9 +129,9 @@ func TestParser2_2ReviewStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_2ReviewStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -142,8 +142,8 @@ func TestParser2_2ReviewStaysAfterParsingAnnotationTags(t *testing.T) { ReviewerType: "Person", }, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -191,16 +191,16 @@ func TestParser2_2ReviewStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } func TestParser2_2ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -208,8 +208,8 @@ func TestParser2_2ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -235,9 +235,9 @@ func TestParser2_2ReviewFailsAfterParsingOtherSectionTags(t *testing.T) { // ===== Review data section tests ===== func TestParser2_2CanParseReviewTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -245,8 +245,8 @@ func TestParser2_2CanParseReviewTags(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -274,9 +274,9 @@ func TestParser2_2CanParseReviewTags(t *testing.T) { func TestParser2_2CanParseReviewerPersonTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -284,8 +284,8 @@ func TestParser2_2CanParseReviewerPersonTag(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -304,9 +304,9 @@ func TestParser2_2CanParseReviewerPersonTag(t *testing.T) { func TestParser2_2CanParseReviewerOrganizationTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -314,8 +314,8 @@ func TestParser2_2CanParseReviewerOrganizationTag(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -334,9 +334,9 @@ func TestParser2_2CanParseReviewerOrganizationTag(t *testing.T) { func TestParser2_2CanParseReviewerToolTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -344,8 +344,8 @@ func TestParser2_2CanParseReviewerToolTag(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) @@ -364,7 +364,7 @@ func TestParser2_2CanParseReviewerToolTag(t *testing.T) { func TestParser2_2FailsIfReviewerInvalidFormat(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, rev: &spdx.Review2_2{}, } @@ -378,7 +378,7 @@ func TestParser2_2FailsIfReviewerInvalidFormat(t *testing.T) { func TestParser2_2FailsIfReviewerUnknownType(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, rev: &spdx.Review2_2{}, } @@ -392,9 +392,9 @@ func TestParser2_2FailsIfReviewerUnknownType(t *testing.T) { func TestParser2_2ReviewUnknownTagFails(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psReview2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1"}, otherLic: &spdx.OtherLicense2_2{ LicenseIdentifier: "LicenseRef-Lic11", @@ -402,8 +402,8 @@ func TestParser2_2ReviewUnknownTagFails(t *testing.T) { }, rev: &spdx.Review2_2{}, } - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.doc.OtherLicenses = append(parser.doc.OtherLicenses, parser.otherLic) parser.doc.Reviews = append(parser.doc.Reviews, parser.rev) diff --git a/tvloader/parser2v2/parse_snippet.go b/tvloader/parser2v2/parse_snippet.go index 7f58604..d3bac47 100644 --- a/tvloader/parser2v2/parse_snippet.go +++ b/tvloader/parser2v2/parse_snippet.go @@ -51,7 +51,7 @@ func (parser *tvParser2_2) parsePairFromSnippet2_2(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetFromFileSPDXIdentifier = deID + parser.snippet.SnippetFromFileSPDXIdentifier = deID.ElementRefID case "SnippetByteRange": byteStart, byteEnd, err := extractSubs(value) if err != nil { @@ -65,8 +65,12 @@ func (parser *tvParser2_2) parsePairFromSnippet2_2(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetByteRangeStart = bIntStart - parser.snippet.SnippetByteRangeEnd = bIntEnd + + if parser.snippet.Ranges == nil { + parser.snippet.Ranges = []spdx.SnippetRange{} + } + byteRange := spdx.SnippetRange{StartPointer: spdx.SnippetRangePointer{Offset: bIntStart}, EndPointer: spdx.SnippetRangePointer{Offset: bIntEnd}} + parser.snippet.Ranges = append(parser.snippet.Ranges, byteRange) case "SnippetLineRange": lineStart, lineEnd, err := extractSubs(value) if err != nil { @@ -80,8 +84,12 @@ func (parser *tvParser2_2) parsePairFromSnippet2_2(tag string, value string) err if err != nil { return err } - parser.snippet.SnippetLineRangeStart = lInttStart - parser.snippet.SnippetLineRangeEnd = lInttEnd + + if parser.snippet.Ranges == nil { + parser.snippet.Ranges = []spdx.SnippetRange{} + } + lineRange := spdx.SnippetRange{StartPointer: spdx.SnippetRangePointer{LineNumber: lInttStart}, EndPointer: spdx.SnippetRangePointer{LineNumber: lInttEnd}} + parser.snippet.Ranges = append(parser.snippet.Ranges, lineRange) case "SnippetLicenseConcluded": parser.snippet.SnippetLicenseConcluded = value case "LicenseInfoInSnippet": diff --git a/tvloader/parser2v2/parse_snippet_test.go b/tvloader/parser2v2/parse_snippet_test.go index d019a0c..545595a 100644 --- a/tvloader/parser2v2/parse_snippet_test.go +++ b/tvloader/parser2v2/parse_snippet_test.go @@ -12,15 +12,15 @@ func TestParser2_2SnippetStartsNewSnippetAfterParsingSnippetSPDXIDTag(t *testing // create the first snippet sid1 := spdx.ElementID("s1") parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "test", PackageSPDXIdentifier: "test", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: sid1}, } s1 := parser.snippet - parser.doc.Packages["test"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets[sid1] = parser.snippet // the File's Snippets should have this one only @@ -71,16 +71,16 @@ func TestParser2_2SnippetStartsNewSnippetAfterParsingSnippetSPDXIDTag(t *testing func TestParser2_2SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet // now add a new package @@ -113,21 +113,21 @@ func TestParser2_2SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T if len(parser.doc.Packages) != 1 { t.Errorf("Expected len(Packages) to be 1, got %d", len(parser.doc.Packages)) } - if parser.doc.Packages["package1"] != p1 { - t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages["package1"]) + if parser.doc.Packages[0] != p1 { + t.Errorf("Expected package %v in Packages[package1], got %v", p1, parser.doc.Packages[0]) } - if parser.doc.Packages["package1"].PackageName != "package1" { - t.Errorf("expected package name %s in Packages[package1], got %s", "package1", parser.doc.Packages["package1"].PackageName) + if parser.doc.Packages[0].PackageName != "package1" { + t.Errorf("expected package name %s in Packages[package1], got %s", "package1", parser.doc.Packages[0].PackageName) } // and the first Package's Files should be of size 1 and have f1 only - if len(parser.doc.Packages["package1"].Files) != 1 { - t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages["package1"].Files)) + if len(parser.doc.Packages[0].Files) != 1 { + t.Errorf("Expected 1 file in Packages[package1].Files, got %d", len(parser.doc.Packages[0].Files)) } - if parser.doc.Packages["package1"].Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages["package1"].Files["f1"]) + if parser.doc.Packages[0].Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.doc.Packages[0].Files[0]) } - if parser.doc.Packages["package1"].Files["f1"].FileName != "f1.txt" { - t.Errorf("expected file name %s in Files[f1], got %s", "f1.txt", parser.doc.Packages["package1"].Files["f1"].FileName) + if parser.doc.Packages[0].Files[0].FileName != "f1.txt" { + t.Errorf("expected file name %s in Files[f1], got %s", "f1.txt", parser.doc.Packages[0].Files[0].FileName) } // and the new Package should have no files if len(parser.pkg.Files) != 0 { @@ -146,16 +146,16 @@ func TestParser2_2SnippetStartsNewPackageAfterParsingPackageNameTag(t *testing.T func TestParser2_2SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { f1Name := "f1.txt" parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } p1 := parser.pkg f1 := parser.file - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet f2Name := "f2.txt" @@ -184,11 +184,11 @@ func TestParser2_2SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { if len(parser.pkg.Files) != 1 { t.Errorf("Expected len(Files) to be 1, got %d", len(parser.pkg.Files)) } - if parser.pkg.Files["f1"] != f1 { - t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.pkg.Files["f1"]) + if parser.pkg.Files[0] != f1 { + t.Errorf("Expected file %v in Files[f1], got %v", f1, parser.pkg.Files[0]) } - if parser.pkg.Files["f1"].FileName != f1Name { - t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.pkg.Files["f1"].FileName) + if parser.pkg.Files[0].FileName != f1Name { + t.Errorf("expected file name %s in Files[f1], got %s", f1Name, parser.pkg.Files[0].FileName) } // and the current snippet should be nil if parser.snippet != nil { @@ -198,14 +198,14 @@ func TestParser2_2SnippetMovesToFileAfterParsingFileNameTag(t *testing.T) { func TestParser2_2SnippetMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_2("LicenseID", "LicenseRef-TestLic") @@ -219,14 +219,14 @@ func TestParser2_2SnippetMovesToOtherLicenseAfterParsingLicenseIDTag(t *testing. func TestParser2_2SnippetMovesToReviewAfterParsingReviewerTag(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_2("Reviewer", "Person: John Doe") @@ -240,14 +240,14 @@ func TestParser2_2SnippetMovesToReviewAfterParsingReviewerTag(t *testing.T) { func TestParser2_2SnippetStaysAfterParsingRelationshipTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_2("Relationship", "SPDXRef-blah CONTAINS SPDXRef-blah-else") @@ -279,14 +279,14 @@ func TestParser2_2SnippetStaysAfterParsingRelationshipTags(t *testing.T) { func TestParser2_2SnippetStaysAfterParsingAnnotationTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) parser.file.Snippets["s1"] = parser.snippet err := parser.parsePair2_2("Annotator", "Person: John Doe ()") @@ -333,7 +333,7 @@ func TestParser2_2SnippetStaysAfterParsingAnnotationTags(t *testing.T) { if len(parser.doc.Annotations) != 1 { t.Fatalf("expected doc.Annotations to have len 1, got %d", len(parser.doc.Annotations)) } - if parser.doc.Annotations[0].Annotator != "John Doe ()" { + if parser.doc.Annotations[0].Annotator.Annotator != "John Doe ()" { t.Errorf("expected Annotator to be %s, got %s", "John Doe ()", parser.doc.Annotations[0].Annotator) } } @@ -341,14 +341,14 @@ func TestParser2_2SnippetStaysAfterParsingAnnotationTags(t *testing.T) { // ===== Snippet data section tests ===== func TestParser2_2CanParseSnippetTags(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // Snippet SPDX Identifier err := parser.parsePairFromSnippet2_2("SnippetSPDXID", "SPDXRef-s1") @@ -365,7 +365,7 @@ func TestParser2_2CanParseSnippetTags(t *testing.T) { t.Errorf("expected nil error, got %v", err) } wantDeID := spdx.DocElementID{DocumentRefID: "", ElementRefID: spdx.ElementID("f1")} - if parser.snippet.SnippetFromFileSPDXIdentifier != wantDeID { + if parser.snippet.SnippetFromFileSPDXIdentifier != wantDeID.ElementRefID { t.Errorf("got %v for SnippetFromFileSPDXIdentifier", parser.snippet.SnippetFromFileSPDXIdentifier) } @@ -374,11 +374,11 @@ func TestParser2_2CanParseSnippetTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.snippet.SnippetByteRangeStart != 20 { - t.Errorf("got %v for SnippetByteRangeStart", parser.snippet.SnippetByteRangeStart) + if parser.snippet.Ranges[0].StartPointer.Offset != 20 { + t.Errorf("got %v for SnippetByteRangeStart", parser.snippet.Ranges[0].StartPointer.Offset) } - if parser.snippet.SnippetByteRangeEnd != 320 { - t.Errorf("got %v for SnippetByteRangeEnd", parser.snippet.SnippetByteRangeEnd) + if parser.snippet.Ranges[0].EndPointer.Offset != 320 { + t.Errorf("got %v for SnippetByteRangeEnd", parser.snippet.Ranges[0].EndPointer.Offset) } // Snippet Line Range @@ -386,11 +386,11 @@ func TestParser2_2CanParseSnippetTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.snippet.SnippetLineRangeStart != 5 { - t.Errorf("got %v for SnippetLineRangeStart", parser.snippet.SnippetLineRangeStart) + if parser.snippet.Ranges[1].StartPointer.LineNumber != 5 { + t.Errorf("got %v for SnippetLineRangeStart", parser.snippet.Ranges[1].StartPointer.LineNumber) } - if parser.snippet.SnippetLineRangeEnd != 12 { - t.Errorf("got %v for SnippetLineRangeEnd", parser.snippet.SnippetLineRangeEnd) + if parser.snippet.Ranges[1].EndPointer.LineNumber != 12 { + t.Errorf("got %v for SnippetLineRangeEnd", parser.snippet.Ranges[1].EndPointer.LineNumber) } // Snippet Concluded License @@ -497,14 +497,14 @@ func TestParser2_2CanParseSnippetTags(t *testing.T) { func TestParser2_2SnippetUnknownTagFails(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{SnippetSPDXIdentifier: "s1"}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) err := parser.parsePairFromSnippet2_2("blah", "something") if err == nil { @@ -514,14 +514,14 @@ func TestParser2_2SnippetUnknownTagFails(t *testing.T) { func TestParser2_2FailsForInvalidSnippetSPDXID(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // invalid Snippet SPDX Identifier err := parser.parsePairFromSnippet2_2("SnippetSPDXID", "whoops") @@ -532,14 +532,14 @@ func TestParser2_2FailsForInvalidSnippetSPDXID(t *testing.T) { func TestParser2_2FailsForInvalidSnippetFromFileSPDXID(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_2("SnippetSPDXID", "SPDXRef-s1") @@ -555,14 +555,14 @@ func TestParser2_2FailsForInvalidSnippetFromFileSPDXID(t *testing.T) { func TestParser2_2FailsForInvalidSnippetByteValues(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_2("SnippetSPDXID", "SPDXRef-s1") @@ -586,14 +586,14 @@ func TestParser2_2FailsForInvalidSnippetByteValues(t *testing.T) { func TestParser2_2FailsForInvalidSnippetLineValues(t *testing.T) { parser := tvParser2_2{ - doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + doc: &spdx.Document2_2{Packages: []*spdx.Package2_2{}}, st: psSnippet2_2, - pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: map[spdx.ElementID]*spdx.File2_2{}}, + pkg: &spdx.Package2_2{PackageName: "package1", PackageSPDXIdentifier: "package1", Files: []*spdx.File2_2{}}, file: &spdx.File2_2{FileName: "f1.txt", FileSPDXIdentifier: "f1", Snippets: map[spdx.ElementID]*spdx.Snippet2_2{}}, snippet: &spdx.Snippet2_2{}, } - parser.doc.Packages["package1"] = parser.pkg - parser.pkg.Files["f1"] = parser.file + parser.doc.Packages = append(parser.doc.Packages, parser.pkg) + parser.pkg.Files = append(parser.pkg.Files, parser.file) // start with Snippet SPDX Identifier err := parser.parsePairFromSnippet2_2("SnippetSPDXID", "SPDXRef-s1") diff --git a/tvloader/parser2v2/parser.go b/tvloader/parser2v2/parser.go index 9886874..1d9f8e9 100644 --- a/tvloader/parser2v2/parser.go +++ b/tvloader/parser2v2/parser.go @@ -58,12 +58,42 @@ func (parser *tvParser2_2) parsePairFromStart2_2(tag string, value string) error // create an SPDX Document data struct if we don't have one already if parser.doc == nil { - parser.doc = &spdx.Document2_2{} + parser.doc = &spdx.Document2_2{ExternalDocumentReferences: []spdx.ExternalDocumentRef2_2{}} } - // move to Creation Info parser state - parser.st = psCreationInfo2_2 + switch tag { + case "DocumentComment": + parser.doc.DocumentComment = value + case "SPDXVersion": + parser.doc.SPDXVersion = value + case "DataLicense": + parser.doc.DataLicense = value + case "SPDXID": + eID, err := extractElementID(value) + if err != nil { + return err + } + parser.doc.SPDXIdentifier = eID + case "DocumentName": + parser.doc.DocumentName = value + case "DocumentNamespace": + parser.doc.DocumentNamespace = value + case "ExternalDocumentRef": + documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) + if err != nil { + return err + } + edr := spdx.ExternalDocumentRef2_2{ + DocumentRefID: documentRefID, + URI: uri, + Checksum: spdx.Checksum{Algorithm: spdx.ChecksumAlgorithm(alg), Value: checksum}, + } + parser.doc.ExternalDocumentReferences = append(parser.doc.ExternalDocumentReferences, edr) + default: + // move to Creation Info parser state + parser.st = psCreationInfo2_2 + return parser.parsePairFromCreationInfo2_2(tag, value) + } - // and ask Creation Info subfunc to parse - return parser.parsePairFromCreationInfo2_2(tag, value) + return nil } diff --git a/tvloader/parser2v2/parser_test.go b/tvloader/parser2v2/parser_test.go index 4cd5228..148264d 100644 --- a/tvloader/parser2v2/parser_test.go +++ b/tvloader/parser2v2/parser_test.go @@ -24,14 +24,14 @@ func TestParser2_2CanParseTagValues(t *testing.T) { if err != nil { t.Errorf("got error when calling ParseTagValues: %v", err) } - if doc.CreationInfo.SPDXVersion != "SPDX-2.2" { - t.Errorf("expected SPDXVersion to be SPDX-2.2, got %v", doc.CreationInfo.SPDXVersion) + if doc.SPDXVersion != "SPDX-2.2" { + t.Errorf("expected SPDXVersion to be SPDX-2.2, got %v", doc.SPDXVersion) } - if doc.CreationInfo.DataLicense != "CC0-1.0" { - t.Errorf("expected DataLicense to be CC0-1.0, got %v", doc.CreationInfo.DataLicense) + if doc.DataLicense != "CC0-1.0" { + t.Errorf("expected DataLicense to be CC0-1.0, got %v", doc.DataLicense) } - if doc.CreationInfo.SPDXIdentifier != "DOCUMENT" { - t.Errorf("expected SPDXIdentifier to be DOCUMENT, got %v", doc.CreationInfo.SPDXIdentifier) + if doc.SPDXIdentifier != "DOCUMENT" { + t.Errorf("expected SPDXIdentifier to be DOCUMENT, got %v", doc.SPDXIdentifier) } } @@ -58,18 +58,6 @@ func TestParser2_2HasDocumentAfterCallToParseFirstTag(t *testing.T) { } } -// ===== Parser start state change tests ===== -func TestParser2_2StartMovesToCreationInfoStateAfterParsingFirstTag(t *testing.T) { - parser := tvParser2_2{} - err := parser.parsePair2_2("SPDXVersion", "b") - if err != nil { - t.Errorf("got error when calling parsePair2_2: %v", err) - } - if parser.st != psCreationInfo2_2 { - t.Errorf("parser is in state %v, expected %v", parser.st, psCreationInfo2_2) - } -} - func TestParser2_2StartFailsToParseIfInInvalidState(t *testing.T) { parser := tvParser2_2{st: psReview2_2} err := parser.parsePairFromStart2_2("SPDXVersion", "SPDX-2.2") diff --git a/tvsaver/saver2v1/save_annotation.go b/tvsaver/saver2v1/save_annotation.go index 8c0ae89..f7d7953 100644 --- a/tvsaver/saver2v1/save_annotation.go +++ b/tvsaver/saver2v1/save_annotation.go @@ -10,8 +10,8 @@ import ( ) func renderAnnotation2_1(ann *spdx.Annotation2_1, w io.Writer) error { - if ann.Annotator != "" && ann.AnnotatorType != "" { - fmt.Fprintf(w, "Annotator: %s: %s\n", ann.AnnotatorType, ann.Annotator) + if ann.Annotator.Annotator != "" && ann.Annotator.AnnotatorType != "" { + fmt.Fprintf(w, "Annotator: %s: %s\n", ann.Annotator.AnnotatorType, ann.Annotator.Annotator) } if ann.AnnotationDate != "" { fmt.Fprintf(w, "AnnotationDate: %s\n", ann.AnnotationDate) diff --git a/tvsaver/saver2v1/save_annotation_test.go b/tvsaver/saver2v1/save_annotation_test.go index 9cb0277..3eef5a7 100644 --- a/tvsaver/saver2v1/save_annotation_test.go +++ b/tvsaver/saver2v1/save_annotation_test.go @@ -12,8 +12,7 @@ import ( // ===== Annotation section Saver tests ===== func TestSaver2_1AnnotationSavesTextForPerson(t *testing.T) { ann := &spdx.Annotation2_1{ - Annotator: "John Doe", - AnnotatorType: "Person", + Annotator: spdx.Annotator{AnnotatorType: "Person", Annotator: "John Doe"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -45,8 +44,7 @@ AnnotationComment: This is an annotation about the SPDX document func TestSaver2_1AnnotationSavesTextForOrganization(t *testing.T) { ann := &spdx.Annotation2_1{ - Annotator: "John Doe, Inc.", - AnnotatorType: "Organization", + Annotator: spdx.Annotator{AnnotatorType: "Organization", Annotator: "John Doe, Inc."}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -78,8 +76,7 @@ AnnotationComment: This is an annotation about the SPDX document func TestSaver2_1AnnotationSavesTextForTool(t *testing.T) { ann := &spdx.Annotation2_1{ - Annotator: "magictool-1.1", - AnnotatorType: "Tool", + Annotator: spdx.Annotator{AnnotatorType: "Tool", Annotator: "magictool-1.1"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), diff --git a/tvsaver/saver2v1/save_creation_info.go b/tvsaver/saver2v1/save_creation_info.go index 6ea6086..de8b107 100644 --- a/tvsaver/saver2v1/save_creation_info.go +++ b/tvsaver/saver2v1/save_creation_info.go @@ -4,50 +4,16 @@ package saver2v1 import ( "fmt" - "io" - "sort" - "github.com/spdx/tools-golang/spdx" + "io" ) func renderCreationInfo2_1(ci *spdx.CreationInfo2_1, w io.Writer) error { - if ci.SPDXVersion != "" { - fmt.Fprintf(w, "SPDXVersion: %s\n", ci.SPDXVersion) - } - if ci.DataLicense != "" { - fmt.Fprintf(w, "DataLicense: %s\n", ci.DataLicense) - } - if ci.SPDXIdentifier != "" { - fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(ci.SPDXIdentifier)) - } - if ci.DocumentName != "" { - fmt.Fprintf(w, "DocumentName: %s\n", ci.DocumentName) - } - if ci.DocumentNamespace != "" { - fmt.Fprintf(w, "DocumentNamespace: %s\n", ci.DocumentNamespace) - } - // print EDRs in order sorted by identifier - edrIDs := []string{} - for docRefID := range ci.ExternalDocumentReferences { - edrIDs = append(edrIDs, docRefID) - } - sort.Strings(edrIDs) - for _, edrID := range edrIDs { - edr := ci.ExternalDocumentReferences[edrID] - fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", - edr.DocumentRefID, edr.URI, edr.Alg, edr.Checksum) - } if ci.LicenseListVersion != "" { fmt.Fprintf(w, "LicenseListVersion: %s\n", ci.LicenseListVersion) } - for _, s := range ci.CreatorPersons { - fmt.Fprintf(w, "Creator: Person: %s\n", s) - } - for _, s := range ci.CreatorOrganizations { - fmt.Fprintf(w, "Creator: Organization: %s\n", s) - } - for _, s := range ci.CreatorTools { - fmt.Fprintf(w, "Creator: Tool: %s\n", s) + for _, creator := range ci.Creators { + fmt.Fprintf(w, "Creator: %s: %s\n", creator.CreatorType, creator.Creator) } if ci.Created != "" { fmt.Fprintf(w, "Created: %s\n", ci.Created) @@ -55,9 +21,6 @@ func renderCreationInfo2_1(ci *spdx.CreationInfo2_1, w io.Writer) error { if ci.CreatorComment != "" { fmt.Fprintf(w, "CreatorComment: %s\n", textify(ci.CreatorComment)) } - if ci.DocumentComment != "" { - fmt.Fprintf(w, "DocumentComment: %s\n", textify(ci.DocumentComment)) - } // add blank newline b/c end of a main section fmt.Fprintf(w, "\n") diff --git a/tvsaver/saver2v1/save_creation_info_test.go b/tvsaver/saver2v1/save_creation_info_test.go index cec03c7..1784cf5 100644 --- a/tvsaver/saver2v1/save_creation_info_test.go +++ b/tvsaver/saver2v1/save_creation_info_test.go @@ -12,53 +12,22 @@ import ( // ===== Creation Info section Saver tests ===== func TestSaver2_1CISavesText(t *testing.T) { ci := &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_1{ - "spdx-go-0.0.1a": spdx.ExternalDocumentRef2_1{ - DocumentRefID: "spdx-go-0.0.1a", - URI: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever", - Alg: "SHA1", - Checksum: "0123456701234567012345670123456701234567", - }, - "time-1.2.3": spdx.ExternalDocumentRef2_1{ - DocumentRefID: "time-1.2.3", - URI: "https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever", - Alg: "SHA1", - Checksum: "0123456701234567012345670123456701234568", - }, - }, LicenseListVersion: "2.0", - CreatorPersons: []string{ - "John Doe", - "Jane Doe (janedoe@example.com)", - }, - CreatorOrganizations: []string{ - "John Doe, Inc.", - "Jane Doe LLC", - }, - CreatorTools: []string{ - "magictool1-1.0", - "magictool2-1.0", - "magictool3-1.0", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, + {Creator: "Jane Doe (janedoe@example.com)", CreatorType: "Person"}, + {Creator: "John Doe, Inc.", CreatorType: "Organization"}, + {Creator: "Jane Doe LLC", CreatorType: "Organization"}, + {Creator: "magictool1-1.0", CreatorType: "Tool"}, + {Creator: "magictool2-1.0", CreatorType: "Tool"}, + {Creator: "magictool3-1.0", CreatorType: "Tool"}, }, - Created: "2018-10-10T06:20:00Z", - CreatorComment: "this is a creator comment", - DocumentComment: "this is a document comment", + Created: "2018-10-10T06:20:00Z", + CreatorComment: "this is a creator comment", } // what we want to get, as a buffer of bytes - want := bytes.NewBufferString(`SPDXVersion: SPDX-2.1 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -ExternalDocumentRef: DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567 -ExternalDocumentRef: DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568 -LicenseListVersion: 2.0 + want := bytes.NewBufferString(`LicenseListVersion: 2.0 Creator: Person: John Doe Creator: Person: Jane Doe (janedoe@example.com) Creator: Organization: John Doe, Inc. @@ -68,7 +37,6 @@ Creator: Tool: magictool2-1.0 Creator: Tool: magictool3-1.0 Created: 2018-10-10T06:20:00Z CreatorComment: this is a creator comment -DocumentComment: this is a document comment `) @@ -89,24 +57,14 @@ DocumentComment: this is a document comment func TestSaver2_1CIOmitsOptionalFieldsIfEmpty(t *testing.T) { // --- need at least one creator; do first for Persons --- ci1 := &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - CreatorPersons: []string{ - "John Doe", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, }, Created: "2018-10-10T06:20:00Z", } // what we want to get, as a buffer of bytes - want1 := bytes.NewBufferString(`SPDXVersion: SPDX-2.1 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -Creator: Person: John Doe + want1 := bytes.NewBufferString(`Creator: Person: John Doe Created: 2018-10-10T06:20:00Z `) @@ -126,24 +84,14 @@ Created: 2018-10-10T06:20:00Z // --- need at least one creator; now switch to organization --- ci2 := &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - CreatorOrganizations: []string{ - "John Doe, Inc.", + Creators: []spdx.Creator{ + {Creator: "John Doe, Inc.", CreatorType: "Organization"}, }, Created: "2018-10-10T06:20:00Z", } // what we want to get, as a buffer of bytes - want2 := bytes.NewBufferString(`SPDXVersion: SPDX-2.1 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -Creator: Organization: John Doe, Inc. + want2 := bytes.NewBufferString(`Creator: Organization: John Doe, Inc. Created: 2018-10-10T06:20:00Z `) diff --git a/tvsaver/saver2v1/save_document.go b/tvsaver/saver2v1/save_document.go index 67dfddc..ea17db2 100644 --- a/tvsaver/saver2v1/save_document.go +++ b/tvsaver/saver2v1/save_document.go @@ -21,30 +21,50 @@ func RenderDocument2_1(doc *spdx.Document2_1, w io.Writer) error { return fmt.Errorf("Document had nil CreationInfo section") } + if doc.SPDXVersion != "" { + fmt.Fprintf(w, "SPDXVersion: %s\n", doc.SPDXVersion) + } + if doc.DataLicense != "" { + fmt.Fprintf(w, "DataLicense: %s\n", doc.DataLicense) + } + if doc.SPDXIdentifier != "" { + fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(doc.SPDXIdentifier)) + } + if doc.DocumentName != "" { + fmt.Fprintf(w, "DocumentName: %s\n", doc.DocumentName) + } + if doc.DocumentNamespace != "" { + fmt.Fprintf(w, "DocumentNamespace: %s\n", doc.DocumentNamespace) + } + // print EDRs in order sorted by identifier + sort.Slice(doc.ExternalDocumentReferences, func(i, j int) bool { + return doc.ExternalDocumentReferences[i].DocumentRefID < doc.ExternalDocumentReferences[j].DocumentRefID + }) + for _, edr := range doc.ExternalDocumentReferences { + fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", + edr.DocumentRefID, edr.URI, edr.Checksum.Algorithm, edr.Checksum.Value) + } + if doc.DocumentComment != "" { + fmt.Fprintf(w, "DocumentComment: %s\n", textify(doc.DocumentComment)) + } + renderCreationInfo2_1(doc.CreationInfo, w) - if len(doc.UnpackagedFiles) > 0 { + if len(doc.Files) > 0 { fmt.Fprintf(w, "##### Unpackaged files\n\n") - // get slice of identifiers so we can sort them - unpackagedFileKeys := []string{} - for k := range doc.UnpackagedFiles { - unpackagedFileKeys = append(unpackagedFileKeys, string(k)) - } - sort.Strings(unpackagedFileKeys) - for _, fiID := range unpackagedFileKeys { - fi := doc.UnpackagedFiles[spdx.ElementID(fiID)] + sort.Slice(doc.Files, func(i, j int) bool { + return doc.Files[i].FileSPDXIdentifier < doc.Files[j].FileSPDXIdentifier + }) + for _, fi := range doc.Files { renderFile2_1(fi, w) } } - // get slice of Package identifiers so we can sort them - packageKeys := []string{} - for k := range doc.Packages { - packageKeys = append(packageKeys, string(k)) - } - sort.Strings(packageKeys) - for _, pkgID := range packageKeys { - pkg := doc.Packages[spdx.ElementID(pkgID)] + // sort Packages by identifier + sort.Slice(doc.Packages, func(i, j int) bool { + return doc.Packages[i].PackageSPDXIdentifier < doc.Packages[j].PackageSPDXIdentifier + }) + for _, pkg := range doc.Packages { fmt.Fprintf(w, "##### Package: %s\n\n", pkg.PackageName) renderPackage2_1(pkg, w) } diff --git a/tvsaver/saver2v1/save_document_test.go b/tvsaver/saver2v1/save_document_test.go index 708eabf..b186564 100644 --- a/tvsaver/saver2v1/save_document_test.go +++ b/tvsaver/saver2v1/save_document_test.go @@ -14,13 +14,8 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { // Creation Info section ci := &spdx.CreationInfo2_1{ - SPDXVersion: "SPDX-2.1", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - CreatorPersons: []string{ - "John Doe", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, }, Created: "2018-10-10T06:20:00Z", } @@ -29,41 +24,39 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { f1 := &spdx.File2_1{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983c", Algorithm: spdx.SHA1}}, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, + LicenseInfoInFiles: []string{"Apache-2.0"}, FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_1{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983d", Algorithm: spdx.SHA1}}, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, + LicenseInfoInFiles: []string{"MIT"}, FileCopyrightText: "Copyright (c) John Doe", } - unFiles := map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File1231"): f1, - spdx.ElementID("File1232"): f2, + unFiles := []*spdx.File2_1{ + f1, + f2, } // Package 1: packaged files with snippets sn1 := &spdx.Snippet2_1{ SnippetSPDXIdentifier: "Snippet19", - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 17}, EndPointer: spdx.SnippetRangePointer{Offset: 209}}}, SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: "Copyright (c) John Doe 20x6", } sn2 := &spdx.Snippet2_1{ SnippetSPDXIdentifier: "Snippet20", - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), - SnippetByteRangeStart: 268, - SnippetByteRangeEnd: 309, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 268}, EndPointer: spdx.SnippetRangePointer{Offset: 309}}}, SnippetLicenseConcluded: "WTFPL", SnippetCopyrightText: "NOASSERTION", } @@ -71,9 +64,9 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { f3 := &spdx.File2_1{ FileName: "/tmp/file-with-snippets.txt", FileSPDXIdentifier: spdx.ElementID("FileHasSnippets"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983e", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983e", Algorithm: spdx.SHA1}}, LicenseConcluded: "GPL-2.0-or-later AND WTFPL", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", "GPL-2.0-or-later", "WTFPL", @@ -88,9 +81,9 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { f4 := &spdx.File2_1{ FileName: "/tmp/another-file.txt", FileSPDXIdentifier: spdx.ElementID("FileAnother"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983f", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983f", Algorithm: spdx.SHA1}}, LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{"BSD-3-Clause"}, + LicenseInfoInFiles: []string{"BSD-3-Clause"}, FileCopyrightText: "Copyright (c) Jane Doe LLC", } @@ -100,7 +93,7 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, PackageLicenseConcluded: "GPL-2.0-or-later AND BSD-3-Clause AND WTFPL", PackageLicenseInfoFromFiles: []string{ "Apache-2.0", @@ -110,9 +103,9 @@ func TestSaver2_1DocumentSavesText(t *testing.T) { }, PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", PackageCopyrightText: "Copyright (c) John Doe, Inc.", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("FileHasSnippets"): f3, - spdx.ElementID("FileAnother"): f4, + Files: []*spdx.File2_1{ + f3, + f4, }, } @@ -152,8 +145,8 @@ blah blah blah blah`, // Annotations ann1 := &spdx.Annotation2_1{ - Annotator: "John Doe", - AnnotatorType: "Person", + Annotator: spdx.Annotator{Annotator: "John Doe", + AnnotatorType: "Person"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -161,8 +154,8 @@ blah blah blah blah`, } ann2 := &spdx.Annotation2_1{ - Annotator: "John Doe, Inc.", - AnnotatorType: "Organization", + Annotator: spdx.Annotator{Annotator: "John Doe, Inc.", + AnnotatorType: "Organization"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "p1"), @@ -184,11 +177,16 @@ blah blah blah blah`, // now, build the document doc := &spdx.Document2_1{ - CreationInfo: ci, - Packages: map[spdx.ElementID]*spdx.Package2_1{ - spdx.ElementID("p1"): pkgWith, + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "spdx-go-0.0.1.abcdef", + DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", + CreationInfo: ci, + Packages: []*spdx.Package2_1{ + pkgWith, }, - UnpackagedFiles: unFiles, + Files: unFiles, OtherLicenses: []*spdx.OtherLicense2_1{ ol1, ol2, diff --git a/tvsaver/saver2v1/save_file.go b/tvsaver/saver2v1/save_file.go index d22a012..c131122 100644 --- a/tvsaver/saver2v1/save_file.go +++ b/tvsaver/saver2v1/save_file.go @@ -17,22 +17,17 @@ func renderFile2_1(f *spdx.File2_1, w io.Writer) error { if f.FileSPDXIdentifier != "" { fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(f.FileSPDXIdentifier)) } - for _, s := range f.FileType { + for _, s := range f.FileTypes { fmt.Fprintf(w, "FileType: %s\n", s) } - if f.FileChecksumSHA1 != "" { - fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksumSHA1) - } - if f.FileChecksumSHA256 != "" { - fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksumSHA256) - } - if f.FileChecksumMD5 != "" { - fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksumMD5) + + for _, checksum := range f.Checksums { + fmt.Fprintf(w, "FileChecksum: %s: %s\n", checksum.Algorithm, checksum.Value) } if f.LicenseConcluded != "" { fmt.Fprintf(w, "LicenseConcluded: %s\n", f.LicenseConcluded) } - for _, s := range f.LicenseInfoInFile { + for _, s := range f.LicenseInfoInFiles { fmt.Fprintf(w, "LicenseInfoInFile: %s\n", s) } if f.LicenseComments != "" { @@ -56,7 +51,7 @@ func renderFile2_1(f *spdx.File2_1, w io.Writer) error { if f.FileNotice != "" { fmt.Fprintf(w, "FileNotice: %s\n", textify(f.FileNotice)) } - for _, s := range f.FileContributor { + for _, s := range f.FileContributors { fmt.Fprintf(w, "FileContributor: %s\n", s) } for _, s := range f.FileDependencies { diff --git a/tvsaver/saver2v1/save_file_test.go b/tvsaver/saver2v1/save_file_test.go index cdd6d25..9708430 100644 --- a/tvsaver/saver2v1/save_file_test.go +++ b/tvsaver/saver2v1/save_file_test.go @@ -14,15 +14,17 @@ func TestSaver2_1FileSavesText(t *testing.T) { f := &spdx.File2_1{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileType: []string{ + FileTypes: []string{ "TEXT", "DOCUMENTATION", }, - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - FileChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - FileChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + {Algorithm: spdx.SHA256, Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd"}, + {Algorithm: spdx.MD5, Value: "624c1abb3664f4b35547e7c73864ad24"}, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{ "Apache-2.0", "Apache-1.1", }, @@ -48,7 +50,7 @@ func TestSaver2_1FileSavesText(t *testing.T) { }, FileComment: "this is a file comment", FileNotice: "This file may be used under either Apache-2.0 or Apache-1.1.", - FileContributor: []string{ + FileContributors: []string{ "John Doe jdoe@example.com", "EvilCorp", }, @@ -105,18 +107,16 @@ FileDependency: g.txt func TestSaver2_1FileSavesSnippetsAlso(t *testing.T) { sn1 := &spdx.Snippet2_1{ SnippetSPDXIdentifier: spdx.ElementID("Snippet19"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 17}, EndPointer: spdx.SnippetRangePointer{Offset: 209}}}, SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: "Copyright (c) John Doe 20x6", } sn2 := &spdx.Snippet2_1{ SnippetSPDXIdentifier: spdx.ElementID("Snippet20"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), - SnippetByteRangeStart: 268, - SnippetByteRangeEnd: 309, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 268}, EndPointer: spdx.SnippetRangePointer{Offset: 309}}}, SnippetLicenseConcluded: "WTFPL", SnippetCopyrightText: "NOASSERTION", } @@ -129,9 +129,11 @@ func TestSaver2_1FileSavesSnippetsAlso(t *testing.T) { f := &spdx.File2_1{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", @@ -178,9 +180,11 @@ func TestSaver2_1FileOmitsOptionalFieldsIfEmpty(t *testing.T) { f := &spdx.File2_1{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", @@ -214,9 +218,11 @@ func TestSaver2_1FileWrapsCopyrightMultiLine(t *testing.T) { f := &spdx.File2_1{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: `Copyright (c) Jane Doe @@ -252,11 +258,13 @@ func TestSaver2_1FileWrapsCommentsAndNoticesMultiLine(t *testing.T) { f := &spdx.File2_1{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + }, LicenseComments: `this is a multi-line license comment`, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", diff --git a/tvsaver/saver2v1/save_package.go b/tvsaver/saver2v1/save_package.go index 9b19cfa..24a468c 100644 --- a/tvsaver/saver2v1/save_package.go +++ b/tvsaver/saver2v1/save_package.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "sort" + "strings" "github.com/spdx/tools-golang/spdx" ) @@ -23,23 +24,19 @@ func renderPackage2_1(pkg *spdx.Package2_1, w io.Writer) error { if pkg.PackageFileName != "" { fmt.Fprintf(w, "PackageFileName: %s\n", pkg.PackageFileName) } - if pkg.PackageSupplierPerson != "" { - fmt.Fprintf(w, "PackageSupplier: Person: %s\n", pkg.PackageSupplierPerson) - } - if pkg.PackageSupplierOrganization != "" { - fmt.Fprintf(w, "PackageSupplier: Organization: %s\n", pkg.PackageSupplierOrganization) - } - if pkg.PackageSupplierNOASSERTION == true { - fmt.Fprintf(w, "PackageSupplier: NOASSERTION\n") - } - if pkg.PackageOriginatorPerson != "" { - fmt.Fprintf(w, "PackageOriginator: Person: %s\n", pkg.PackageOriginatorPerson) - } - if pkg.PackageOriginatorOrganization != "" { - fmt.Fprintf(w, "PackageOriginator: Organization: %s\n", pkg.PackageOriginatorOrganization) + if pkg.PackageSupplier != nil && pkg.PackageSupplier.Supplier != "" { + if pkg.PackageSupplier.SupplierType == "" { + fmt.Fprintf(w, "PackageSupplier: %s\n", pkg.PackageSupplier.Supplier) + } else { + fmt.Fprintf(w, "PackageSupplier: %s: %s\n", pkg.PackageSupplier.SupplierType, pkg.PackageSupplier.Supplier) + } } - if pkg.PackageOriginatorNOASSERTION == true { - fmt.Fprintf(w, "PackageOriginator: NOASSERTION\n") + if pkg.PackageOriginator != nil && pkg.PackageOriginator.Originator != "" { + if pkg.PackageOriginator.OriginatorType == "" { + fmt.Fprintf(w, "PackageOriginator: %s\n", pkg.PackageOriginator.Originator) + } else { + fmt.Fprintf(w, "PackageOriginator: %s: %s\n", pkg.PackageOriginator.OriginatorType, pkg.PackageOriginator.Originator) + } } if pkg.PackageDownloadLocation != "" { fmt.Fprintf(w, "PackageDownloadLocation: %s\n", pkg.PackageDownloadLocation) @@ -51,22 +48,18 @@ func renderPackage2_1(pkg *spdx.Package2_1, w io.Writer) error { } else { fmt.Fprintf(w, "FilesAnalyzed: false\n") } - if pkg.PackageVerificationCode != "" && pkg.FilesAnalyzed == true { - if pkg.PackageVerificationCodeExcludedFile == "" { - fmt.Fprintf(w, "PackageVerificationCode: %s\n", pkg.PackageVerificationCode) + if pkg.PackageVerificationCode.Value != "" && pkg.FilesAnalyzed == true { + if len(pkg.PackageVerificationCode.ExcludedFiles) == 0 { + fmt.Fprintf(w, "PackageVerificationCode: %s\n", pkg.PackageVerificationCode.Value) } else { - fmt.Fprintf(w, "PackageVerificationCode: %s (excludes: %s)\n", pkg.PackageVerificationCode, pkg.PackageVerificationCodeExcludedFile) + fmt.Fprintf(w, "PackageVerificationCode: %s (excludes: %s)\n", pkg.PackageVerificationCode.Value, strings.Join(pkg.PackageVerificationCode.ExcludedFiles, ", ")) } } - if pkg.PackageChecksumSHA1 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksumSHA1) - } - if pkg.PackageChecksumSHA256 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksumSHA256) - } - if pkg.PackageChecksumMD5 != "" { - fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksumMD5) + + for _, checksum := range pkg.PackageChecksums { + fmt.Fprintf(w, "PackageChecksum: %s: %s\n", checksum.Algorithm, checksum.Value) } + if pkg.PackageHomePage != "" { fmt.Fprintf(w, "PackageHomePage: %s\n", pkg.PackageHomePage) } @@ -109,14 +102,10 @@ func renderPackage2_1(pkg *spdx.Package2_1, w io.Writer) error { fmt.Fprintf(w, "\n") // also render any files for this package - // get slice of File identifiers so we can sort them - fileKeys := []string{} - for k := range pkg.Files { - fileKeys = append(fileKeys, string(k)) - } - sort.Strings(fileKeys) - for _, fiID := range fileKeys { - fi := pkg.Files[spdx.ElementID(fiID)] + sort.Slice(pkg.Files, func(i, j int) bool { + return pkg.Files[i].FileSPDXIdentifier < pkg.Files[j].FileSPDXIdentifier + }) + for _, fi := range pkg.Files { renderFile2_1(fi, w) } diff --git a/tvsaver/saver2v1/save_package_test.go b/tvsaver/saver2v1/save_package_test.go index fc6b2a6..0f1541c 100644 --- a/tvsaver/saver2v1/save_package_test.go +++ b/tvsaver/saver2v1/save_package_test.go @@ -41,23 +41,36 @@ multi-line external ref comment`, } pkg := &spdx.Package2_1{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierOrganization: "John Doe, Inc.", - PackageOriginatorPerson: "John Doe", - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageVerificationCodeExcludedFile: "p1-0.1.0.spdx", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{SupplierType: "Organization", Supplier: "John Doe, Inc."}, + PackageOriginator: &spdx.Originator{Originator: "John Doe", OriginatorType: "Person"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: spdx.PackageVerificationCode{ + Value: "0123456789abcdef0123456789abcdef01234567", + ExcludedFiles: []string{"p1-0.1.0.spdx"}, + }, + PackageChecksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -131,22 +144,33 @@ func TestSaver2_1PackageSavesTextCombo2(t *testing.T) { // PackageVerificationCodeExcludedFile is empty pkg := &spdx.Package2_1{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierNOASSERTION: true, - PackageOriginatorOrganization: "John Doe, Inc.", - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: false, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{Supplier: "NOASSERTION"}, + PackageOriginator: &spdx.Originator{OriginatorType: "Organization", Originator: "John Doe, Inc."}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -208,21 +232,32 @@ func TestSaver2_1PackageSavesTextCombo3(t *testing.T) { // PackageVerificationCodeExcludedFile is empty pkg := &spdx.Package2_1{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierPerson: "John Doe", - PackageOriginatorNOASSERTION: true, - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{Supplier: "John Doe", SupplierType: "Person"}, + PackageOriginator: &spdx.Originator{Originator: "NOASSERTION"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, // NOTE that verification code MUST be omitted from output // since FilesAnalyzed is false - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, PackageHomePage: "http://example.com/p1", PackageSourceInfo: "this is a source comment", PackageLicenseConcluded: "GPL-2.0-or-later", @@ -329,18 +364,28 @@ func TestSaver2_1PackageSavesFilesIfPresent(t *testing.T) { f1 := &spdx.File2_1{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + Checksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, + LicenseInfoInFiles: []string{"Apache-2.0"}, FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_1{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", + Checksums: []spdx.Checksum{ + { + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, + LicenseInfoInFiles: []string{"MIT"}, FileCopyrightText: "Copyright (c) John Doe", } @@ -362,9 +407,9 @@ func TestSaver2_1PackageSavesFilesIfPresent(t *testing.T) { }, PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", PackageCopyrightText: "Copyright (c) John Doe, Inc.", - Files: map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File1231"): f1, - spdx.ElementID("File1232"): f2, + Files: []*spdx.File2_1{ + f1, + f2, }, } diff --git a/tvsaver/saver2v1/save_snippet.go b/tvsaver/saver2v1/save_snippet.go index e9e1a07..1399548 100644 --- a/tvsaver/saver2v1/save_snippet.go +++ b/tvsaver/saver2v1/save_snippet.go @@ -13,15 +13,18 @@ func renderSnippet2_1(sn *spdx.Snippet2_1, w io.Writer) error { if sn.SnippetSPDXIdentifier != "" { fmt.Fprintf(w, "SnippetSPDXID: %s\n", spdx.RenderElementID(sn.SnippetSPDXIdentifier)) } - snFromFileIDStr := spdx.RenderDocElementID(sn.SnippetFromFileSPDXIdentifier) + snFromFileIDStr := spdx.RenderElementID(sn.SnippetFromFileSPDXIdentifier) if snFromFileIDStr != "" { fmt.Fprintf(w, "SnippetFromFileSPDXID: %s\n", snFromFileIDStr) } - if sn.SnippetByteRangeStart != 0 && sn.SnippetByteRangeEnd != 0 { - fmt.Fprintf(w, "SnippetByteRange: %d:%d\n", sn.SnippetByteRangeStart, sn.SnippetByteRangeEnd) - } - if sn.SnippetLineRangeStart != 0 && sn.SnippetLineRangeEnd != 0 { - fmt.Fprintf(w, "SnippetLineRange: %d:%d\n", sn.SnippetLineRangeStart, sn.SnippetLineRangeEnd) + + for _, snippetRange := range sn.Ranges { + if snippetRange.StartPointer.Offset != 0 && snippetRange.EndPointer.Offset != 0 { + fmt.Fprintf(w, "SnippetByteRange: %d:%d\n", snippetRange.StartPointer.Offset, snippetRange.EndPointer.Offset) + } + if snippetRange.StartPointer.LineNumber != 0 && snippetRange.EndPointer.LineNumber != 0 { + fmt.Fprintf(w, "SnippetLineRange: %d:%d\n", snippetRange.StartPointer.LineNumber, snippetRange.EndPointer.LineNumber) + } } if sn.SnippetLicenseConcluded != "" { fmt.Fprintf(w, "SnippetLicenseConcluded: %s\n", sn.SnippetLicenseConcluded) diff --git a/tvsaver/saver2v1/save_snippet_test.go b/tvsaver/saver2v1/save_snippet_test.go index 07c9e2a..fd6357e 100644 --- a/tvsaver/saver2v1/save_snippet_test.go +++ b/tvsaver/saver2v1/save_snippet_test.go @@ -13,12 +13,18 @@ import ( func TestSaver2_1SnippetSavesText(t *testing.T) { sn := &spdx.Snippet2_1{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLineRangeStart: 3, - SnippetLineRangeEnd: 8, - SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{LineNumber: 3}, + EndPointer: spdx.SnippetRangePointer{LineNumber: 8}, + }, + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", LicenseInfoInSnippet: []string{ "GPL-2.0-or-later", "MIT", @@ -32,8 +38,8 @@ func TestSaver2_1SnippetSavesText(t *testing.T) { // what we want to get, as a buffer of bytes want := bytes.NewBufferString(`SnippetSPDXID: SPDXRef-Snippet17 SnippetFromFileSPDXID: SPDXRef-File292 -SnippetByteRange: 17:209 SnippetLineRange: 3:8 +SnippetByteRange: 17:209 SnippetLicenseConcluded: GPL-2.0-or-later LicenseInfoInSnippet: GPL-2.0-or-later LicenseInfoInSnippet: MIT @@ -61,11 +67,15 @@ SnippetName: from John's program func TestSaver2_1SnippetOmitsOptionalFieldsIfEmpty(t *testing.T) { sn := &spdx.Snippet2_1{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLicenseConcluded: "GPL-2.0-or-later", - SnippetCopyrightText: "Copyright (c) John Doe 20x6", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", } // what we want to get, as a buffer of bytes @@ -94,10 +104,14 @@ SnippetCopyrightText: Copyright (c) John Doe 20x6 func TestSaver2_1SnippetWrapsCopyrightMultiline(t *testing.T) { sn := &spdx.Snippet2_1{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: `Copyright (c) John Doe 20x6 Copyright (c) John Doe 20x6`, } diff --git a/tvsaver/saver2v2/save_annotation.go b/tvsaver/saver2v2/save_annotation.go index c0f1449..ddfe483 100644 --- a/tvsaver/saver2v2/save_annotation.go +++ b/tvsaver/saver2v2/save_annotation.go @@ -10,8 +10,8 @@ import ( ) func renderAnnotation2_2(ann *spdx.Annotation2_2, w io.Writer) error { - if ann.Annotator != "" && ann.AnnotatorType != "" { - fmt.Fprintf(w, "Annotator: %s: %s\n", ann.AnnotatorType, ann.Annotator) + if ann.Annotator.Annotator != "" && ann.Annotator.AnnotatorType != "" { + fmt.Fprintf(w, "Annotator: %s: %s\n", ann.Annotator.AnnotatorType, ann.Annotator.Annotator) } if ann.AnnotationDate != "" { fmt.Fprintf(w, "AnnotationDate: %s\n", ann.AnnotationDate) diff --git a/tvsaver/saver2v2/save_annotation_test.go b/tvsaver/saver2v2/save_annotation_test.go index d938646..46d8546 100644 --- a/tvsaver/saver2v2/save_annotation_test.go +++ b/tvsaver/saver2v2/save_annotation_test.go @@ -12,8 +12,7 @@ import ( // ===== Annotation section Saver tests ===== func TestSaver2_2AnnotationSavesTextForPerson(t *testing.T) { ann := &spdx.Annotation2_2{ - Annotator: "John Doe", - AnnotatorType: "Person", + Annotator: spdx.Annotator{AnnotatorType: "Person", Annotator: "John Doe"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -45,8 +44,7 @@ AnnotationComment: This is an annotation about the SPDX document func TestSaver2_2AnnotationSavesTextForOrganization(t *testing.T) { ann := &spdx.Annotation2_2{ - Annotator: "John Doe, Inc.", - AnnotatorType: "Organization", + Annotator: spdx.Annotator{AnnotatorType: "Organization", Annotator: "John Doe, Inc."}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -78,8 +76,7 @@ AnnotationComment: This is an annotation about the SPDX document func TestSaver2_2AnnotationSavesTextForTool(t *testing.T) { ann := &spdx.Annotation2_2{ - Annotator: "magictool-1.1", - AnnotatorType: "Tool", + Annotator: spdx.Annotator{AnnotatorType: "Tool", Annotator: "magictool-1.1"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), diff --git a/tvsaver/saver2v2/save_creation_info.go b/tvsaver/saver2v2/save_creation_info.go index 1492fb4..df2b0b0 100644 --- a/tvsaver/saver2v2/save_creation_info.go +++ b/tvsaver/saver2v2/save_creation_info.go @@ -4,50 +4,16 @@ package saver2v2 import ( "fmt" - "io" - "sort" - "github.com/spdx/tools-golang/spdx" + "io" ) func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, w io.Writer) error { - if ci.SPDXVersion != "" { - fmt.Fprintf(w, "SPDXVersion: %s\n", ci.SPDXVersion) - } - if ci.DataLicense != "" { - fmt.Fprintf(w, "DataLicense: %s\n", ci.DataLicense) - } - if ci.SPDXIdentifier != "" { - fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(ci.SPDXIdentifier)) - } - if ci.DocumentName != "" { - fmt.Fprintf(w, "DocumentName: %s\n", ci.DocumentName) - } - if ci.DocumentNamespace != "" { - fmt.Fprintf(w, "DocumentNamespace: %s\n", ci.DocumentNamespace) - } - // print EDRs in order sorted by identifier - edrIDs := []string{} - for docRefID := range ci.ExternalDocumentReferences { - edrIDs = append(edrIDs, docRefID) - } - sort.Strings(edrIDs) - for _, edrID := range edrIDs { - edr := ci.ExternalDocumentReferences[edrID] - fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", - edr.DocumentRefID, edr.URI, edr.Alg, edr.Checksum) - } if ci.LicenseListVersion != "" { fmt.Fprintf(w, "LicenseListVersion: %s\n", ci.LicenseListVersion) } - for _, s := range ci.CreatorPersons { - fmt.Fprintf(w, "Creator: Person: %s\n", s) - } - for _, s := range ci.CreatorOrganizations { - fmt.Fprintf(w, "Creator: Organization: %s\n", s) - } - for _, s := range ci.CreatorTools { - fmt.Fprintf(w, "Creator: Tool: %s\n", s) + for _, creator := range ci.Creators { + fmt.Fprintf(w, "Creator: %s: %s\n", creator.CreatorType, creator.Creator) } if ci.Created != "" { fmt.Fprintf(w, "Created: %s\n", ci.Created) @@ -55,9 +21,6 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, w io.Writer) error { if ci.CreatorComment != "" { fmt.Fprintf(w, "CreatorComment: %s\n", textify(ci.CreatorComment)) } - if ci.DocumentComment != "" { - fmt.Fprintf(w, "DocumentComment: %s\n", textify(ci.DocumentComment)) - } // add blank newline b/c end of a main section fmt.Fprintf(w, "\n") diff --git a/tvsaver/saver2v2/save_creation_info_test.go b/tvsaver/saver2v2/save_creation_info_test.go index 404abfe..ba3c18d 100644 --- a/tvsaver/saver2v2/save_creation_info_test.go +++ b/tvsaver/saver2v2/save_creation_info_test.go @@ -12,53 +12,22 @@ import ( // ===== Creation Info section Saver tests ===== func TestSaver2_2CISavesText(t *testing.T) { ci := &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ - "spdx-go-0.0.1a": spdx.ExternalDocumentRef2_2{ - DocumentRefID: "spdx-go-0.0.1a", - URI: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever", - Alg: "SHA1", - Checksum: "0123456701234567012345670123456701234567", - }, - "time-1.2.3": spdx.ExternalDocumentRef2_2{ - DocumentRefID: "time-1.2.3", - URI: "https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever", - Alg: "SHA1", - Checksum: "0123456701234567012345670123456701234568", - }, - }, LicenseListVersion: "3.9", - CreatorPersons: []string{ - "John Doe", - "Jane Doe (janedoe@example.com)", - }, - CreatorOrganizations: []string{ - "John Doe, Inc.", - "Jane Doe LLC", - }, - CreatorTools: []string{ - "magictool1-1.0", - "magictool2-1.0", - "magictool3-1.0", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, + {Creator: "Jane Doe (janedoe@example.com)", CreatorType: "Person"}, + {Creator: "John Doe, Inc.", CreatorType: "Organization"}, + {Creator: "Jane Doe LLC", CreatorType: "Organization"}, + {Creator: "magictool1-1.0", CreatorType: "Tool"}, + {Creator: "magictool2-1.0", CreatorType: "Tool"}, + {Creator: "magictool3-1.0", CreatorType: "Tool"}, }, - Created: "2018-10-10T06:20:00Z", - CreatorComment: "this is a creator comment", - DocumentComment: "this is a document comment", + Created: "2018-10-10T06:20:00Z", + CreatorComment: "this is a creator comment", } // what we want to get, as a buffer of bytes - want := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -ExternalDocumentRef: DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567 -ExternalDocumentRef: DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568 -LicenseListVersion: 3.9 + want := bytes.NewBufferString(`LicenseListVersion: 3.9 Creator: Person: John Doe Creator: Person: Jane Doe (janedoe@example.com) Creator: Organization: John Doe, Inc. @@ -68,7 +37,6 @@ Creator: Tool: magictool2-1.0 Creator: Tool: magictool3-1.0 Created: 2018-10-10T06:20:00Z CreatorComment: this is a creator comment -DocumentComment: this is a document comment `) @@ -89,24 +57,14 @@ DocumentComment: this is a document comment func TestSaver2_2CIOmitsOptionalFieldsIfEmpty(t *testing.T) { // --- need at least one creator; do first for Persons --- ci1 := &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - CreatorPersons: []string{ - "John Doe", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, }, Created: "2018-10-10T06:20:00Z", } // what we want to get, as a buffer of bytes - want1 := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -Creator: Person: John Doe + want1 := bytes.NewBufferString(`Creator: Person: John Doe Created: 2018-10-10T06:20:00Z `) @@ -126,24 +84,14 @@ Created: 2018-10-10T06:20:00Z // --- need at least one creator; now switch to organization --- ci2 := &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "spdx-go-0.0.1.abcdef", - DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - CreatorOrganizations: []string{ - "John Doe, Inc.", + Creators: []spdx.Creator{ + {Creator: "John Doe, Inc.", CreatorType: "Organization"}, }, Created: "2018-10-10T06:20:00Z", } // what we want to get, as a buffer of bytes - want2 := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: spdx-go-0.0.1.abcdef -DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever -Creator: Organization: John Doe, Inc. + want2 := bytes.NewBufferString(`Creator: Organization: John Doe, Inc. Created: 2018-10-10T06:20:00Z `) diff --git a/tvsaver/saver2v2/save_document.go b/tvsaver/saver2v2/save_document.go index 8db2363..04b482d 100644 --- a/tvsaver/saver2v2/save_document.go +++ b/tvsaver/saver2v2/save_document.go @@ -21,30 +21,50 @@ func RenderDocument2_2(doc *spdx.Document2_2, w io.Writer) error { return fmt.Errorf("Document had nil CreationInfo section") } + if doc.SPDXVersion != "" { + fmt.Fprintf(w, "SPDXVersion: %s\n", doc.SPDXVersion) + } + if doc.DataLicense != "" { + fmt.Fprintf(w, "DataLicense: %s\n", doc.DataLicense) + } + if doc.SPDXIdentifier != "" { + fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(doc.SPDXIdentifier)) + } + if doc.DocumentName != "" { + fmt.Fprintf(w, "DocumentName: %s\n", doc.DocumentName) + } + if doc.DocumentNamespace != "" { + fmt.Fprintf(w, "DocumentNamespace: %s\n", doc.DocumentNamespace) + } + // print EDRs in order sorted by identifier + sort.Slice(doc.ExternalDocumentReferences, func(i, j int) bool { + return doc.ExternalDocumentReferences[i].DocumentRefID < doc.ExternalDocumentReferences[j].DocumentRefID + }) + for _, edr := range doc.ExternalDocumentReferences { + fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", + edr.DocumentRefID, edr.URI, edr.Checksum.Algorithm, edr.Checksum.Value) + } + if doc.DocumentComment != "" { + fmt.Fprintf(w, "DocumentComment: %s\n", textify(doc.DocumentComment)) + } + renderCreationInfo2_2(doc.CreationInfo, w) - if len(doc.UnpackagedFiles) > 0 { + if len(doc.Files) > 0 { fmt.Fprintf(w, "##### Unpackaged files\n\n") - // get slice of identifiers so we can sort them - unpackagedFileKeys := []string{} - for k := range doc.UnpackagedFiles { - unpackagedFileKeys = append(unpackagedFileKeys, string(k)) - } - sort.Strings(unpackagedFileKeys) - for _, fiID := range unpackagedFileKeys { - fi := doc.UnpackagedFiles[spdx.ElementID(fiID)] + sort.Slice(doc.Files, func(i, j int) bool { + return doc.Files[i].FileSPDXIdentifier < doc.Files[j].FileSPDXIdentifier + }) + for _, fi := range doc.Files { renderFile2_2(fi, w) } } - // get slice of Package identifiers so we can sort them - packageKeys := []string{} - for k := range doc.Packages { - packageKeys = append(packageKeys, string(k)) - } - sort.Strings(packageKeys) - for _, pkgID := range packageKeys { - pkg := doc.Packages[spdx.ElementID(pkgID)] + // sort Packages by identifier + sort.Slice(doc.Packages, func(i, j int) bool { + return doc.Packages[i].PackageSPDXIdentifier < doc.Packages[j].PackageSPDXIdentifier + }) + for _, pkg := range doc.Packages { fmt.Fprintf(w, "##### Package: %s\n\n", pkg.PackageName) renderPackage2_2(pkg, w) } diff --git a/tvsaver/saver2v2/save_document_test.go b/tvsaver/saver2v2/save_document_test.go index 1970580..552cdab 100644 --- a/tvsaver/saver2v2/save_document_test.go +++ b/tvsaver/saver2v2/save_document_test.go @@ -14,13 +14,8 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { // Creation Info section ci := &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "tools-golang-0.0.1.abcdef", - DocumentNamespace: "https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever", - CreatorPersons: []string{ - "John Doe", + Creators: []spdx.Creator{ + {Creator: "John Doe", CreatorType: "Person"}, }, Created: "2018-10-10T06:20:00Z", } @@ -29,51 +24,39 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - }, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983c", Algorithm: spdx.SHA1}}, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983d", - }, - }, - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983d", Algorithm: spdx.SHA1}}, + LicenseConcluded: "MIT", + LicenseInfoInFiles: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } - unFiles := map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File1231"): f1, - spdx.ElementID("File1232"): f2, + unFiles := []*spdx.File2_2{ + f1, + f2, } // Package 1: packaged files with snippets sn1 := &spdx.Snippet2_2{ SnippetSPDXIdentifier: "Snippet19", - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 17}, EndPointer: spdx.SnippetRangePointer{Offset: 209}}}, SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: "Copyright (c) John Doe 20x6", } sn2 := &spdx.Snippet2_2{ SnippetSPDXIdentifier: "Snippet20", - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), - SnippetByteRangeStart: 268, - SnippetByteRangeEnd: 309, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 268}, EndPointer: spdx.SnippetRangePointer{Offset: 309}}}, SnippetLicenseConcluded: "WTFPL", SnippetCopyrightText: "NOASSERTION", } @@ -81,14 +64,9 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/tmp/file-with-snippets.txt", FileSPDXIdentifier: spdx.ElementID("FileHasSnippets"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983e", - }, - }, - LicenseConcluded: "GPL-2.0-or-later AND WTFPL", - LicenseInfoInFile: []string{ + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983e", Algorithm: spdx.SHA1}}, + LicenseConcluded: "GPL-2.0-or-later AND WTFPL", + LicenseInfoInFiles: []string{ "Apache-2.0", "GPL-2.0-or-later", "WTFPL", @@ -103,15 +81,10 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f4 := &spdx.File2_2{ FileName: "/tmp/another-file.txt", FileSPDXIdentifier: spdx.ElementID("FileAnother"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983f", - }, - }, - LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{"BSD-3-Clause"}, - FileCopyrightText: "Copyright (c) Jane Doe LLC", + Checksums: []spdx.Checksum{{Value: "85ed0817af83a24ad8da68c2b5094de69833983f", Algorithm: spdx.SHA1}}, + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFiles: []string{"BSD-3-Clause"}, + FileCopyrightText: "Copyright (c) Jane Doe LLC", } pkgWith := &spdx.Package2_2{ @@ -120,7 +93,7 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", FilesAnalyzed: true, IsFilesAnalyzedTagPresent: true, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, PackageLicenseConcluded: "GPL-2.0-or-later AND BSD-3-Clause AND WTFPL", PackageLicenseInfoFromFiles: []string{ "Apache-2.0", @@ -130,9 +103,9 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { }, PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", PackageCopyrightText: "Copyright (c) John Doe, Inc.", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("FileHasSnippets"): f3, - spdx.ElementID("FileAnother"): f4, + Files: []*spdx.File2_2{ + f3, + f4, }, } @@ -172,8 +145,8 @@ blah blah blah blah`, // Annotations ann1 := &spdx.Annotation2_2{ - Annotator: "John Doe", - AnnotatorType: "Person", + Annotator: spdx.Annotator{Annotator: "John Doe", + AnnotatorType: "Person"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), @@ -181,8 +154,8 @@ blah blah blah blah`, } ann2 := &spdx.Annotation2_2{ - Annotator: "John Doe, Inc.", - AnnotatorType: "Organization", + Annotator: spdx.Annotator{Annotator: "John Doe, Inc.", + AnnotatorType: "Organization"}, AnnotationDate: "2018-10-10T17:52:00Z", AnnotationType: "REVIEW", AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "p1"), @@ -204,11 +177,16 @@ blah blah blah blah`, // now, build the document doc := &spdx.Document2_2{ - CreationInfo: ci, - Packages: map[spdx.ElementID]*spdx.Package2_2{ - spdx.ElementID("p1"): pkgWith, + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "tools-golang-0.0.1.abcdef", + DocumentNamespace: "https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever", + CreationInfo: ci, + Packages: []*spdx.Package2_2{ + pkgWith, }, - UnpackagedFiles: unFiles, + Files: unFiles, OtherLicenses: []*spdx.OtherLicense2_2{ ol1, ol2, diff --git a/tvsaver/saver2v2/save_file.go b/tvsaver/saver2v2/save_file.go index ce75f31..f1684ef 100644 --- a/tvsaver/saver2v2/save_file.go +++ b/tvsaver/saver2v2/save_file.go @@ -17,22 +17,18 @@ func renderFile2_2(f *spdx.File2_2, w io.Writer) error { if f.FileSPDXIdentifier != "" { fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(f.FileSPDXIdentifier)) } - for _, s := range f.FileType { + for _, s := range f.FileTypes { fmt.Fprintf(w, "FileType: %s\n", s) } - if f.FileChecksums[spdx.SHA1].Value != "" { - fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksums[spdx.SHA1].Value) - } - if f.FileChecksums[spdx.SHA256].Value != "" { - fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksums[spdx.SHA256].Value) - } - if f.FileChecksums[spdx.MD5].Value != "" { - fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksums[spdx.MD5].Value) + + for _, checksum := range f.Checksums { + fmt.Fprintf(w, "FileChecksum: %s: %s\n", checksum.Algorithm, checksum.Value) } + if f.LicenseConcluded != "" { fmt.Fprintf(w, "LicenseConcluded: %s\n", f.LicenseConcluded) } - for _, s := range f.LicenseInfoInFile { + for _, s := range f.LicenseInfoInFiles { fmt.Fprintf(w, "LicenseInfoInFile: %s\n", s) } if f.LicenseComments != "" { @@ -56,7 +52,7 @@ func renderFile2_2(f *spdx.File2_2, w io.Writer) error { if f.FileNotice != "" { fmt.Fprintf(w, "FileNotice: %s\n", textify(f.FileNotice)) } - for _, s := range f.FileContributor { + for _, s := range f.FileContributors { fmt.Fprintf(w, "FileContributor: %s\n", s) } for _, s := range f.FileAttributionTexts { diff --git a/tvsaver/saver2v2/save_file_test.go b/tvsaver/saver2v2/save_file_test.go index f90a1bb..c49c978 100644 --- a/tvsaver/saver2v2/save_file_test.go +++ b/tvsaver/saver2v2/save_file_test.go @@ -14,26 +14,17 @@ func TestSaver2_2FileSavesText(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileType: []string{ + FileTypes: []string{ "TEXT", "DOCUMENTATION", }, - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, - spdx.SHA256: spdx.Checksum{ - Algorithm: spdx.SHA256, - Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - }, - spdx.MD5: spdx.Checksum{ - Algorithm: spdx.MD5, - Value: "624c1abb3664f4b35547e7c73864ad24", - }, + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, + {Algorithm: spdx.SHA256, Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd"}, + {Algorithm: spdx.MD5, Value: "624c1abb3664f4b35547e7c73864ad24"}, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", "Apache-1.1", }, @@ -59,7 +50,7 @@ func TestSaver2_2FileSavesText(t *testing.T) { }, FileComment: "this is a file comment", FileNotice: "This file may be used under either Apache-2.0 or Apache-1.1.", - FileContributor: []string{ + FileContributors: []string{ "John Doe jdoe@example.com", "EvilCorp", }, @@ -124,18 +115,16 @@ FileDependency: g.txt func TestSaver2_2FileSavesSnippetsAlso(t *testing.T) { sn1 := &spdx.Snippet2_2{ SnippetSPDXIdentifier: spdx.ElementID("Snippet19"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 17}, EndPointer: spdx.SnippetRangePointer{Offset: 209}}}, SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: "Copyright (c) John Doe 20x6", } sn2 := &spdx.Snippet2_2{ SnippetSPDXIdentifier: spdx.ElementID("Snippet20"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), - SnippetByteRangeStart: 268, - SnippetByteRangeEnd: 309, + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123").ElementRefID, + Ranges: []spdx.SnippetRange{{StartPointer: spdx.SnippetRangePointer{Offset: 268}, EndPointer: spdx.SnippetRangePointer{Offset: 309}}}, SnippetLicenseConcluded: "WTFPL", SnippetCopyrightText: "NOASSERTION", } @@ -148,14 +137,11 @@ func TestSaver2_2FileSavesSnippetsAlso(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", @@ -202,14 +188,11 @@ func TestSaver2_2FileOmitsOptionalFieldsIfEmpty(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", @@ -243,14 +226,11 @@ func TestSaver2_2FileWrapsCopyrightMultiLine(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, }, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: `Copyright (c) Jane Doe @@ -286,16 +266,13 @@ func TestSaver2_2FileWrapsCommentsAndNoticesMultiLine(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ - Algorithm: spdx.SHA1, - Value: "85ed0817af83a24ad8da68c2b5094de69833983c", - }, + Checksums: []spdx.Checksum{ + {Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c"}, }, LicenseComments: `this is a multi-line license comment`, LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{ + LicenseInfoInFiles: []string{ "Apache-2.0", }, FileCopyrightText: "Copyright (c) Jane Doe", diff --git a/tvsaver/saver2v2/save_package.go b/tvsaver/saver2v2/save_package.go index 4929775..6d21a6d 100644 --- a/tvsaver/saver2v2/save_package.go +++ b/tvsaver/saver2v2/save_package.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "sort" + "strings" "github.com/spdx/tools-golang/spdx" ) @@ -23,23 +24,19 @@ func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { if pkg.PackageFileName != "" { fmt.Fprintf(w, "PackageFileName: %s\n", pkg.PackageFileName) } - if pkg.PackageSupplierPerson != "" { - fmt.Fprintf(w, "PackageSupplier: Person: %s\n", pkg.PackageSupplierPerson) - } - if pkg.PackageSupplierOrganization != "" { - fmt.Fprintf(w, "PackageSupplier: Organization: %s\n", pkg.PackageSupplierOrganization) - } - if pkg.PackageSupplierNOASSERTION == true { - fmt.Fprintf(w, "PackageSupplier: NOASSERTION\n") - } - if pkg.PackageOriginatorPerson != "" { - fmt.Fprintf(w, "PackageOriginator: Person: %s\n", pkg.PackageOriginatorPerson) - } - if pkg.PackageOriginatorOrganization != "" { - fmt.Fprintf(w, "PackageOriginator: Organization: %s\n", pkg.PackageOriginatorOrganization) + if pkg.PackageSupplier != nil && pkg.PackageSupplier.Supplier != "" { + if pkg.PackageSupplier.SupplierType == "" { + fmt.Fprintf(w, "PackageSupplier: %s\n", pkg.PackageSupplier.Supplier) + } else { + fmt.Fprintf(w, "PackageSupplier: %s: %s\n", pkg.PackageSupplier.SupplierType, pkg.PackageSupplier.Supplier) + } } - if pkg.PackageOriginatorNOASSERTION == true { - fmt.Fprintf(w, "PackageOriginator: NOASSERTION\n") + if pkg.PackageOriginator != nil && pkg.PackageOriginator.Originator != "" { + if pkg.PackageOriginator.OriginatorType == "" { + fmt.Fprintf(w, "PackageOriginator: %s\n", pkg.PackageOriginator.Originator) + } else { + fmt.Fprintf(w, "PackageOriginator: %s: %s\n", pkg.PackageOriginator.OriginatorType, pkg.PackageOriginator.Originator) + } } if pkg.PackageDownloadLocation != "" { fmt.Fprintf(w, "PackageDownloadLocation: %s\n", pkg.PackageDownloadLocation) @@ -51,22 +48,18 @@ func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { } else { fmt.Fprintf(w, "FilesAnalyzed: false\n") } - if pkg.PackageVerificationCode != "" && pkg.FilesAnalyzed == true { - if pkg.PackageVerificationCodeExcludedFile == "" { - fmt.Fprintf(w, "PackageVerificationCode: %s\n", pkg.PackageVerificationCode) + if pkg.PackageVerificationCode.Value != "" && pkg.FilesAnalyzed == true { + if len(pkg.PackageVerificationCode.ExcludedFiles) == 0 { + fmt.Fprintf(w, "PackageVerificationCode: %s\n", pkg.PackageVerificationCode.Value) } else { - fmt.Fprintf(w, "PackageVerificationCode: %s (excludes: %s)\n", pkg.PackageVerificationCode, pkg.PackageVerificationCodeExcludedFile) + fmt.Fprintf(w, "PackageVerificationCode: %s (excludes: %s)\n", pkg.PackageVerificationCode.Value, strings.Join(pkg.PackageVerificationCode.ExcludedFiles, ", ")) } } - if pkg.PackageChecksums[spdx.SHA1].Value != "" { - fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksums[spdx.SHA1].Value) - } - if pkg.PackageChecksums[spdx.SHA256].Value != "" { - fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksums[spdx.SHA256].Value) - } - if pkg.PackageChecksums[spdx.MD5].Value != "" { - fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksums[spdx.MD5].Value) + + for _, checksum := range pkg.PackageChecksums { + fmt.Fprintf(w, "PackageChecksum: %s: %s\n", checksum.Algorithm, checksum.Value) } + if pkg.PackageHomePage != "" { fmt.Fprintf(w, "PackageHomePage: %s\n", pkg.PackageHomePage) } @@ -112,14 +105,10 @@ func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { fmt.Fprintf(w, "\n") // also render any files for this package - // get slice of File identifiers so we can sort them - fileKeys := []string{} - for k := range pkg.Files { - fileKeys = append(fileKeys, string(k)) - } - sort.Strings(fileKeys) - for _, fiID := range fileKeys { - fi := pkg.Files[spdx.ElementID(fiID)] + sort.Slice(pkg.Files, func(i, j int) bool { + return pkg.Files[i].FileSPDXIdentifier < pkg.Files[j].FileSPDXIdentifier + }) + for _, fi := range pkg.Files { renderFile2_2(fi, w) } diff --git a/tvsaver/saver2v2/save_package_test.go b/tvsaver/saver2v2/save_package_test.go index 72d1de2..f9960f0 100644 --- a/tvsaver/saver2v2/save_package_test.go +++ b/tvsaver/saver2v2/save_package_test.go @@ -49,27 +49,29 @@ multi-line external ref comment`, } pkg := &spdx.Package2_2{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierOrganization: "John Doe, Inc.", - PackageOriginatorPerson: "John Doe", - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: true, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageVerificationCodeExcludedFile: "p1-0.1.0.spdx", - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{SupplierType: "Organization", Supplier: "John Doe, Inc."}, + PackageOriginator: &spdx.Originator{Originator: "John Doe", OriginatorType: "Person"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: spdx.PackageVerificationCode{ + Value: "0123456789abcdef0123456789abcdef01234567", + ExcludedFiles: []string{"p1-0.1.0.spdx"}, + }, + PackageChecksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, - spdx.SHA256: spdx.Checksum{ + { Algorithm: spdx.SHA256, Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", }, - spdx.MD5: spdx.Checksum{ + { Algorithm: spdx.MD5, Value: "624c1abb3664f4b35547e7c73864ad24", }, @@ -154,26 +156,26 @@ func TestSaver2_2PackageSavesTextCombo2(t *testing.T) { // PackageVerificationCodeExcludedFile is empty pkg := &spdx.Package2_2{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierNOASSERTION: true, - PackageOriginatorOrganization: "John Doe, Inc.", - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: true, - IsFilesAnalyzedTagPresent: false, - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{Supplier: "NOASSERTION"}, + PackageOriginator: &spdx.Originator{OriginatorType: "Organization", Originator: "John Doe, Inc."}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, - spdx.SHA256: spdx.Checksum{ + { Algorithm: spdx.SHA256, Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", }, - spdx.MD5: spdx.Checksum{ + { Algorithm: spdx.MD5, Value: "624c1abb3664f4b35547e7c73864ad24", }, @@ -245,28 +247,28 @@ func TestSaver2_2PackageSavesTextCombo3(t *testing.T) { // three PackageAttributionTexts, one with multi-line text pkg := &spdx.Package2_2{ - PackageName: "p1", - PackageSPDXIdentifier: spdx.ElementID("p1"), - PackageVersion: "0.1.0", - PackageFileName: "p1-0.1.0-master.tar.gz", - PackageSupplierPerson: "John Doe", - PackageOriginatorNOASSERTION: true, - PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", - FilesAnalyzed: false, - IsFilesAnalyzedTagPresent: true, + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &spdx.Supplier{Supplier: "John Doe", SupplierType: "Person"}, + PackageOriginator: &spdx.Originator{Originator: "NOASSERTION"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, // NOTE that verification code MUST be omitted from output // since FilesAnalyzed is false - PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + PackageVerificationCode: spdx.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, - spdx.SHA256: spdx.Checksum{ + { Algorithm: spdx.SHA256, Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", }, - spdx.MD5: spdx.Checksum{ + { Algorithm: spdx.MD5, Value: "624c1abb3664f4b35547e7c73864ad24", }, @@ -387,29 +389,29 @@ func TestSaver2_2PackageSavesFilesIfPresent(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, }, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "85ed0817af83a24ad8da68c2b5094de69833983d", }, }, - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + LicenseConcluded: "MIT", + LicenseInfoInFiles: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } pkg := &spdx.Package2_2{ @@ -430,9 +432,9 @@ func TestSaver2_2PackageSavesFilesIfPresent(t *testing.T) { }, PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", PackageCopyrightText: "Copyright (c) John Doe, Inc.", - Files: map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File1231"): f1, - spdx.ElementID("File1232"): f2, + Files: []*spdx.File2_2{ + f1, + f2, }, } diff --git a/tvsaver/saver2v2/save_snippet.go b/tvsaver/saver2v2/save_snippet.go index 8423e53..4f74098 100644 --- a/tvsaver/saver2v2/save_snippet.go +++ b/tvsaver/saver2v2/save_snippet.go @@ -13,15 +13,18 @@ func renderSnippet2_2(sn *spdx.Snippet2_2, w io.Writer) error { if sn.SnippetSPDXIdentifier != "" { fmt.Fprintf(w, "SnippetSPDXID: %s\n", spdx.RenderElementID(sn.SnippetSPDXIdentifier)) } - snFromFileIDStr := spdx.RenderDocElementID(sn.SnippetFromFileSPDXIdentifier) + snFromFileIDStr := spdx.RenderElementID(sn.SnippetFromFileSPDXIdentifier) if snFromFileIDStr != "" { fmt.Fprintf(w, "SnippetFromFileSPDXID: %s\n", snFromFileIDStr) } - if sn.SnippetByteRangeStart != 0 && sn.SnippetByteRangeEnd != 0 { - fmt.Fprintf(w, "SnippetByteRange: %d:%d\n", sn.SnippetByteRangeStart, sn.SnippetByteRangeEnd) - } - if sn.SnippetLineRangeStart != 0 && sn.SnippetLineRangeEnd != 0 { - fmt.Fprintf(w, "SnippetLineRange: %d:%d\n", sn.SnippetLineRangeStart, sn.SnippetLineRangeEnd) + + for _, snippetRange := range sn.Ranges { + if snippetRange.StartPointer.Offset != 0 && snippetRange.EndPointer.Offset != 0 { + fmt.Fprintf(w, "SnippetByteRange: %d:%d\n", snippetRange.StartPointer.Offset, snippetRange.EndPointer.Offset) + } + if snippetRange.StartPointer.LineNumber != 0 && snippetRange.EndPointer.LineNumber != 0 { + fmt.Fprintf(w, "SnippetLineRange: %d:%d\n", snippetRange.StartPointer.LineNumber, snippetRange.EndPointer.LineNumber) + } } if sn.SnippetLicenseConcluded != "" { fmt.Fprintf(w, "SnippetLicenseConcluded: %s\n", sn.SnippetLicenseConcluded) diff --git a/tvsaver/saver2v2/save_snippet_test.go b/tvsaver/saver2v2/save_snippet_test.go index b749c7d..da91b99 100644 --- a/tvsaver/saver2v2/save_snippet_test.go +++ b/tvsaver/saver2v2/save_snippet_test.go @@ -13,12 +13,18 @@ import ( func TestSaver2_2SnippetSavesText(t *testing.T) { sn := &spdx.Snippet2_2{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLineRangeStart: 3, - SnippetLineRangeEnd: 8, - SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{LineNumber: 3}, + EndPointer: spdx.SnippetRangePointer{LineNumber: 8}, + }, + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", LicenseInfoInSnippet: []string{ "GPL-2.0-or-later", "MIT", @@ -33,8 +39,8 @@ func TestSaver2_2SnippetSavesText(t *testing.T) { // what we want to get, as a buffer of bytes want := bytes.NewBufferString(`SnippetSPDXID: SPDXRef-Snippet17 SnippetFromFileSPDXID: SPDXRef-File292 -SnippetByteRange: 17:209 SnippetLineRange: 3:8 +SnippetByteRange: 17:209 SnippetLicenseConcluded: GPL-2.0-or-later LicenseInfoInSnippet: GPL-2.0-or-later LicenseInfoInSnippet: MIT @@ -63,11 +69,15 @@ SnippetAttributionText: some attributions func TestSaver2_2SnippetOmitsOptionalFieldsIfEmpty(t *testing.T) { sn := &spdx.Snippet2_2{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLicenseConcluded: "GPL-2.0-or-later", - SnippetCopyrightText: "Copyright (c) John Doe 20x6", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", } // what we want to get, as a buffer of bytes @@ -96,10 +106,14 @@ SnippetCopyrightText: Copyright (c) John Doe 20x6 func TestSaver2_2SnippetWrapsCopyrightMultiline(t *testing.T) { sn := &spdx.Snippet2_2{ SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), - SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), - SnippetByteRangeStart: 17, - SnippetByteRangeEnd: 209, - SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292").ElementRefID, + Ranges: []spdx.SnippetRange{ + { + StartPointer: spdx.SnippetRangePointer{Offset: 17}, + EndPointer: spdx.SnippetRangePointer{Offset: 209}, + }, + }, + SnippetLicenseConcluded: "GPL-2.0-or-later", SnippetCopyrightText: `Copyright (c) John Doe 20x6 Copyright (c) John Doe 20x6`, } diff --git a/utils/verification.go b/utils/verification.go index 7c53841..94e8b7e 100644 --- a/utils/verification.go +++ b/utils/verification.go @@ -15,15 +15,20 @@ import ( // GetVerificationCode2_1 takes a slice of files and an optional filename // for an "excludes" file, and returns a Package Verification Code calculated // according to SPDX spec version 2.1, section 3.9.4. -func GetVerificationCode2_1(files map[spdx.ElementID]*spdx.File2_1, excludeFile string) (string, error) { +func GetVerificationCode2_1(files []*spdx.File2_1, excludeFile string) (spdx.PackageVerificationCode, error) { // create slice of strings - unsorted SHA1s for all files shas := []string{} for i, f := range files { if f == nil { - return "", fmt.Errorf("got nil file for identifier %v", i) + return spdx.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) } if f.FileName != excludeFile { - shas = append(shas, f.FileChecksumSHA1) + // find the SHA1 hash, if present + for _, checksum := range f.Checksums { + if checksum.Algorithm == spdx.SHA1 { + shas = append(shas, checksum.Value) + } + } } } @@ -37,7 +42,11 @@ func GetVerificationCode2_1(files map[spdx.ElementID]*spdx.File2_1, excludeFile hsha1 := sha1.New() hsha1.Write([]byte(shasConcat)) bs := hsha1.Sum(nil) - code := fmt.Sprintf("%x", bs) + + code := spdx.PackageVerificationCode{ + Value: fmt.Sprintf("%x", bs), + ExcludedFiles: []string{excludeFile}, + } return code, nil } @@ -45,15 +54,20 @@ func GetVerificationCode2_1(files map[spdx.ElementID]*spdx.File2_1, excludeFile // GetVerificationCode2_2 takes a slice of files and an optional filename // for an "excludes" file, and returns a Package Verification Code calculated // according to SPDX spec version 2.2, section 3.9.4. -func GetVerificationCode2_2(files map[spdx.ElementID]*spdx.File2_2, excludeFile string) (string, error) { +func GetVerificationCode2_2(files []*spdx.File2_2, excludeFile string) (spdx.PackageVerificationCode, error) { // create slice of strings - unsorted SHA1s for all files shas := []string{} for i, f := range files { if f == nil { - return "", fmt.Errorf("got nil file for identifier %v", i) + return spdx.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) } if f.FileName != excludeFile { - shas = append(shas, f.FileChecksums[spdx.SHA1].Value) + // find the SHA1 hash, if present + for _, checksum := range f.Checksums { + if checksum.Algorithm == spdx.SHA1 { + shas = append(shas, checksum.Value) + } + } } } @@ -67,7 +81,11 @@ func GetVerificationCode2_2(files map[spdx.ElementID]*spdx.File2_2, excludeFile hsha1 := sha1.New() hsha1.Write([]byte(shasConcat)) bs := hsha1.Sum(nil) - code := fmt.Sprintf("%x", bs) + + code := spdx.PackageVerificationCode{ + Value: fmt.Sprintf("%x", bs), + ExcludedFiles: []string{excludeFile}, + } return code, nil } diff --git a/utils/verification_test.go b/utils/verification_test.go index c6fa3f9..d31614a 100644 --- a/utils/verification_test.go +++ b/utils/verification_test.go @@ -11,99 +11,98 @@ import ( // ===== 2.1 Verification code functionality tests ===== func TestPackage2_1CanGetVerificationCode(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_1{ - "File0": &spdx.File2_1{ + files := []*spdx.File2_1{ + { FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - "File1": &spdx.File2_1{ + { FileName: "file1.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - "File2": &spdx.File2_1{ + { FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - "File3": &spdx.File2_1{ + { FileName: "file5.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - "File4": &spdx.File2_1{ + { FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + Checksums: []spdx.Checksum{{Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", Algorithm: spdx.SHA1}}, }, } - wantCode := "ac924b375119c81c1f08c3e2722044bfbbdcd3dc" + wantCode := spdx.PackageVerificationCode{Value: "ac924b375119c81c1f08c3e2722044bfbbdcd3dc"} gotCode, err := GetVerificationCode2_1(files, "") if err != nil { t.Fatalf("expected nil error, got %v", err) } - if wantCode != gotCode { + if wantCode.Value != gotCode.Value { t.Errorf("expected %v, got %v", wantCode, gotCode) } } func TestPackage2_1CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File0"): &spdx.File2_1{ + files := []*spdx.File2_1{ + { FileName: "file1.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - spdx.ElementID("File1"): &spdx.File2_1{ + { FileName: "file2.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - spdx.ElementID("File2"): &spdx.File2_1{ + { FileName: "thisfile.spdx", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + Checksums: []spdx.Checksum{{Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", Algorithm: spdx.SHA1}}, }, - spdx.ElementID("File3"): &spdx.File2_1{ + { FileName: "file3.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - spdx.ElementID("File4"): &spdx.File2_1{ + { FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, } - wantCode := "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266" + wantCode := spdx.PackageVerificationCode{Value: "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266"} gotCode, err := GetVerificationCode2_1(files, "thisfile.spdx") if err != nil { t.Fatalf("expected nil error, got %v", err) } - if wantCode != gotCode { + if wantCode.Value != gotCode.Value { t.Errorf("expected %v, got %v", wantCode, gotCode) } - } func TestPackage2_1GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_1{ - spdx.ElementID("File0"): &spdx.File2_1{ + files := []*spdx.File2_1{ + { FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, - spdx.ElementID("File1"): nil, - spdx.ElementID("File2"): &spdx.File2_1{ + nil, + { FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + Checksums: []spdx.Checksum{{Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", Algorithm: spdx.SHA1}}, }, } @@ -116,52 +115,52 @@ func TestPackage2_1GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { // ===== 2.2 Verification code functionality tests ===== func TestPackage2_2CanGetVerificationCode(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_2{ - "File0": &spdx.File2_2{ + files := []*spdx.File2_2{ + { FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", }, }, }, - "File1": &spdx.File2_2{ + { FileName: "file1.txt", FileSPDXIdentifier: "File1", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", }, }, }, - "File2": &spdx.File2_2{ + { FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", }, }, }, - "File3": &spdx.File2_2{ + { FileName: "file5.txt", FileSPDXIdentifier: "File3", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", }, }, }, - "File4": &spdx.File2_2{ + { FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", }, @@ -169,65 +168,65 @@ func TestPackage2_2CanGetVerificationCode(t *testing.T) { }, } - wantCode := "ac924b375119c81c1f08c3e2722044bfbbdcd3dc" + wantCode := spdx.PackageVerificationCode{Value: "ac924b375119c81c1f08c3e2722044bfbbdcd3dc"} gotCode, err := GetVerificationCode2_2(files, "") if err != nil { t.Fatalf("expected nil error, got %v", err) } - if wantCode != gotCode { + if wantCode.Value != gotCode.Value { t.Errorf("expected %v, got %v", wantCode, gotCode) } } func TestPackage2_2CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File0"): &spdx.File2_2{ + files := []*spdx.File2_2{ + { FileName: "file1.txt", FileSPDXIdentifier: "File0", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", }, }, }, - spdx.ElementID("File1"): &spdx.File2_2{ + { FileName: "file2.txt", FileSPDXIdentifier: "File1", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", }, }, }, - spdx.ElementID("File2"): &spdx.File2_2{ + { FileName: "thisfile.spdx", FileSPDXIdentifier: "File2", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", }, }, }, - spdx.ElementID("File3"): &spdx.File2_2{ + { FileName: "file3.txt", FileSPDXIdentifier: "File3", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", }, }, }, - spdx.ElementID("File4"): &spdx.File2_2{ + { FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", }, @@ -235,36 +234,35 @@ func TestPackage2_2CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { }, } - wantCode := "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266" + wantCode := spdx.PackageVerificationCode{Value: "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266"} gotCode, err := GetVerificationCode2_2(files, "thisfile.spdx") if err != nil { t.Fatalf("expected nil error, got %v", err) } - if wantCode != gotCode { + if wantCode.Value != gotCode.Value { t.Errorf("expected %v, got %v", wantCode, gotCode) } - } func TestPackage2_2GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { - files := map[spdx.ElementID]*spdx.File2_2{ - spdx.ElementID("File0"): &spdx.File2_2{ + files := []*spdx.File2_2{ + { FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", }, }, }, - spdx.ElementID("File1"): nil, - spdx.ElementID("File2"): &spdx.File2_2{ + nil, + { FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - spdx.SHA1: spdx.Checksum{ + Checksums: []spdx.Checksum{ + { Algorithm: spdx.SHA1, Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", }, |