Create Go Module

 - Unpack directory v0 to move all the content to the root directory.
 - ./v0/* converted to ./*
 - all the test cases were fixed to remove one directory less indexing for test files
 - add go.mod
 - go version 1.13 is used to have a relatively stable versioning system

Signed-off-by: RishabhBhatnagar <bhatnagarrishabh4@gmail.com>

9 files changed, 453 insertions, 0 deletions

diff --git a/spdx/annotation.go b/spdx/annotation.go
new file mode 100644
index 0000000..0846d62
--- /dev/null
+++ b/spdx/annotation.go
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec.
+type Annotation2_1 struct {
+
+	// 8.1: Annotator
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	Annotator string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	AnnotatorType string
+
+	// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationDate string
+
+	// 8.3: Annotation Type: "REVIEW" or "OTHER"
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationType string
+
+	// 8.4: SPDX Identifier Reference
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationSPDXIdentifier string
+
+	// 8.5: Annotation Comment
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationComment string
+}
diff --git a/spdx/creation_info.go b/spdx/creation_info.go
new file mode 100644
index 0000000..1d4355c
--- /dev/null
+++ b/spdx/creation_info.go
@@ -0,0 +1,55 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// CreationInfo2_1 is a Document Creation Information section of an
+// SPDX Document for version 2.1 of the spec.
+type CreationInfo2_1 struct {
+
+	// 2.1: SPDX Version; should be in the format "SPDX-2.1"
+	// Cardinality: mandatory, one
+	SPDXVersion string
+
+	// 2.2: Data License; should be "CC0-1.0"
+	// Cardinality: mandatory, one
+	DataLicense string
+
+	// 2.3: SPDX Identifier; should be "SPDXRef-DOCUMENT"
+	// Cardinality: mandatory, one
+	SPDXIdentifier string
+
+	// 2.4: Document Name
+	// Cardinality: mandatory, one
+	DocumentName string
+
+	// 2.5: Document Namespace
+	// Cardinality: mandatory, one
+	DocumentNamespace string
+
+	// 2.6: External Document References
+	// Cardinality: optional, one or many
+	ExternalDocumentReferences []string
+
+	// 2.7: License List Version
+	// Cardinality: optional, one
+	LicenseListVersion string
+
+	// 2.8: Creators: may have multiple keys for Person, Organization
+	//      and/or Tool
+	// Cardinality: mandatory, one or many
+	CreatorPersons       []string
+	CreatorOrganizations []string
+	CreatorTools         []string
+
+	// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: mandatory, one
+	Created string
+
+	// 2.10: Creator Comment
+	// Cardinality: optional, one
+	CreatorComment string
+
+	// 2.11: Document Comment
+	// Cardinality: optional, one
+	DocumentComment string
+}
diff --git a/spdx/document.go b/spdx/document.go
new file mode 100644
index 0000000..9f0c919
--- /dev/null
+++ b/spdx/document.go
@@ -0,0 +1,17 @@
+// Package spdx contains the struct definition for an SPDX Document
+// and its constituent parts.
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+package spdx
+
+// Document2_1 is an SPDX Document for version 2.1 of the spec.
+// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf
+type Document2_1 struct {
+	CreationInfo  *CreationInfo2_1
+	Packages      []*Package2_1
+	OtherLicenses []*OtherLicense2_1
+	Relationships []*Relationship2_1
+	Annotations   []*Annotation2_1
+
+	// DEPRECATED in version 2.0 of spec
+	Reviews []*Review2_1
+}
diff --git a/spdx/file.go b/spdx/file.go
new file mode 100644
index 0000000..3732107
--- /dev/null
+++ b/spdx/file.go
@@ -0,0 +1,86 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// File2_1 is a File section of an SPDX Document for version 2.1 of the spec.
+type File2_1 struct {
+
+	// 4.1: File Name
+	// Cardinality: mandatory, one
+	FileName string
+
+	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	FileSPDXIdentifier string
+
+	// 4.3: File Type
+	// Cardinality: optional, multiple
+	FileType []string
+
+	// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: mandatory, one SHA1, others may be optionally provided
+	FileChecksumSHA1   string
+	FileChecksumSHA256 string
+	FileChecksumMD5    string
+
+	// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	LicenseConcluded string
+
+	// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many
+	LicenseInfoInFile []string
+
+	// 4.7: Comments on License
+	// Cardinality: optional, one
+	LicenseComments string
+
+	// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	FileCopyrightText string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9-4.11: Artifact of Project variables (defined below)
+	// Cardinality: optional, one or many
+	ArtifactOfProjects []*ArtifactOfProject2_1
+
+	// 4.12: File Comment
+	// Cardinality: optional, one
+	FileComment string
+
+	// 4.13: File Notice
+	// Cardinality: optional, one
+	FileNotice string
+
+	// 4.14: File Contributor
+	// Cardinality: optional, one or many
+	FileContributor []string
+
+	// DEPRECATED in version 2.0 of spec
+	// 4.15: File Dependencies
+	// Cardinality: optional, one or many
+	FileDependencies []string
+
+	// Snippets contained in this File
+	Snippets []*Snippet2_1
+}
+
+// ArtifactOfProject2_1 is a DEPRECATED collection of data regarding
+// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec.
+type ArtifactOfProject2_1 struct {
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9: Artifact of Project Name
+	// Cardinality: conditional, required if present, one per AOP
+	Name string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
+	// Cardinality: optional, one per AOP
+	HomePage string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.11: Artifact of Project Uniform Resource Identifier
+	// Cardinality: optional, one per AOP
+	URI string
+}
diff --git a/spdx/other_license.go b/spdx/other_license.go
new file mode 100644
index 0000000..8d15d7f
--- /dev/null
+++ b/spdx/other_license.go
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// OtherLicense2_1 is an Other License Information section of an
+// SPDX Document for version 2.1 of the spec.
+type OtherLicense2_1 struct {
+
+	// 6.1: License Identifier: "LicenseRef-[idstring]"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseIdentifier string
+
+	// 6.2: Extracted Text
+	// Cardinality: conditional (mandatory, one) if there is a
+	//              License Identifier assigned
+	ExtractedText string
+
+	// 6.3: License Name: single line of text or "NOASSERTION"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseName string
+
+	// 6.4: License Cross Reference
+	// Cardinality: conditional (optional, one or many) if license
+	//              is not on SPDX License List
+	LicenseCrossReferences []string
+
+	// 6.5: License Comment
+	// Cardinality: optional, one
+	LicenseComment string
+}
diff --git a/spdx/package.go b/spdx/package.go
new file mode 100644
index 0000000..d49922f
--- /dev/null
+++ b/spdx/package.go
@@ -0,0 +1,139 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
+type Package2_1 struct {
+
+	// NOT PART OF SPEC
+	// flag: does this "package" contain files that were in fact "unpackaged",
+	// e.g. included directly in the Document without being in a Package?
+	IsUnpackaged bool
+
+	// 3.1: Package Name
+	// Cardinality: mandatory, one
+	PackageName string
+
+	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	PackageSPDXIdentifier string
+
+	// 3.3: Package Version
+	// Cardinality: optional, one
+	PackageVersion string
+
+	// 3.4: Package File Name
+	// Cardinality: optional, one
+	PackageFileName string
+
+	// 3.5: Package Supplier: may have single result for either Person or Organization,
+	//                        or NOASSERTION
+	// Cardinality: optional, one
+	PackageSupplierPerson       string
+	PackageSupplierOrganization string
+	PackageSupplierNOASSERTION  bool
+
+	// 3.6: Package Originator: may have single result for either Person or Organization,
+	//                          or NOASSERTION
+	// Cardinality: optional, one
+	PackageOriginatorPerson       string
+	PackageOriginatorOrganization string
+	PackageOriginatorNOASSERTION  bool
+
+	// 3.7: Package Download Location
+	// Cardinality: mandatory, one
+	PackageDownloadLocation string
+
+	// 3.8: FilesAnalyzed
+	// Cardinality: optional, one; default value is "true" if omitted
+	FilesAnalyzed bool
+	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
+	IsFilesAnalyzedTagPresent bool
+
+	// 3.9: Package Verification Code
+	// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	PackageVerificationCode string
+	// Spec also allows specifying a single file to exclude from the
+	// verification code algorithm; intended to enable exclusion of
+	// the SPDX document file itself.
+	PackageVerificationCodeExcludedFile string
+
+	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: optional, one or many
+	PackageChecksumSHA1   string
+	PackageChecksumSHA256 string
+	PackageChecksumMD5    string
+
+	// 3.11: Package Home Page
+	// Cardinality: optional, one
+	PackageHomePage string
+
+	// 3.12: Source Information
+	// Cardinality: optional, one
+	PackageSourceInfo string
+
+	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseConcluded string
+
+	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	PackageLicenseInfoFromFiles []string
+
+	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseDeclared string
+
+	// 3.16: Comments on License
+	// Cardinality: optional, one
+	PackageLicenseComments string
+
+	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageCopyrightText string
+
+	// 3.18: Package Summary Description
+	// Cardinality: optional, one
+	PackageSummary string
+
+	// 3.19: Package Detailed Description
+	// Cardinality: optional, one
+	PackageDescription string
+
+	// 3.20: Package Comment
+	// Cardinality: optional, one
+	PackageComment string
+
+	// 3.21: Package External Reference
+	// Cardinality: optional, one or many
+	PackageExternalReferences []*PackageExternalReference2_1
+
+	// 3.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	// contained within PackageExternalReference2_1 struct, if present
+
+	// Files contained in this Package
+	Files []*File2_1
+}
+
+// PackageExternalReference2_1 is an External Reference to additional info
+// about a Package, as defined in section 3.21 in version 2.1 of the spec.
+type PackageExternalReference2_1 struct {
+
+	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
+	Category string
+
+	// type is an [idstring] as defined in Appendix VI;
+	// called RefType here due to "type" being a Golang keyword
+	RefType string
+
+	// locator is a unique string to access the package-specific
+	// info, metadata or content within the target location
+	Locator string
+
+	// 3.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	ExternalRefComment string
+}
diff --git a/spdx/relationship.go b/spdx/relationship.go
new file mode 100644
index 0000000..bc87967
--- /dev/null
+++ b/spdx/relationship.go
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// Relationship2_1 is a Relationship section of an SPDX Document for
+// version 2.1 of the spec.
+type Relationship2_1 struct {
+
+	// 7.1: Relationship
+	// Cardinality: optional, one or more; one per Relationship2_1
+	//              one mandatory for SPDX Document with multiple packages
+	// RefA and RefB are first and second item
+	// Relationship is type from 7.1.1
+	RefA         string
+	RefB         string
+	Relationship string
+
+	// 7.2: Relationship Comment
+	// Cardinality: optional, one
+	RelationshipComment string
+}
diff --git a/spdx/review.go b/spdx/review.go
new file mode 100644
index 0000000..36a6ea7
--- /dev/null
+++ b/spdx/review.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// Review2_1 is a Review section of an SPDX Document for version 2.1 of the spec.
+// DEPRECATED in version 2.0 of spec; retained here for compatibility.
+type Review2_1 struct {
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.1: Reviewer
+	// Cardinality: optional, one
+	Reviewer string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	ReviewerType string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is a Reviewer
+	ReviewDate string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.3: Review Comment
+	// Cardinality: optional, one
+	ReviewComment string
+}
diff --git a/spdx/snippet.go b/spdx/snippet.go
new file mode 100644
index 0000000..14b3b25
--- /dev/null
+++ b/spdx/snippet.go
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec.
+type Snippet2_1 struct {
+
+	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	SnippetSPDXIdentifier string
+
+	// 5.2: Snippet from File SPDX Identifier
+	// Cardinality: mandatory, one
+	SnippetFromFileSPDXIdentifier string
+
+	// 5.3: Snippet Byte Range: [start byte]:[end byte]
+	// Cardinality: mandatory, one
+	SnippetByteRangeStart int
+	SnippetByteRangeEnd   int
+
+	// 5.4: Snippet Line Range: [start line]:[end line]
+	// Cardinality: optional, one
+	SnippetLineRangeStart int
+	SnippetLineRangeEnd   int
+
+	// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetLicenseConcluded string
+
+	// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many
+	LicenseInfoInSnippet []string
+
+	// 5.7: Snippet Comments on License
+	// Cardinality: optional, one
+	SnippetLicenseComments string
+
+	// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetCopyrightText string
+
+	// 5.9: Snippet Comment
+	// Cardinality: optional, one
+	SnippetComment string
+
+	// 5.10: Snippet Name
+	// Cardinality: optional, one
+	SnippetName string
+}