diff options
32 files changed, 723 insertions, 268 deletions
@@ -1,6 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later .vscode +.idea .DS_Store scratch/* *.swp diff --git a/LICENSE-code.txt b/LICENSE.code index 07efb62..07efb62 100644 --- a/LICENSE-code.txt +++ b/LICENSE.code diff --git a/LICENSE-docs.txt b/LICENSE.docs index 2c8e93c..2c8e93c 100644 --- a/LICENSE-docs.txt +++ b/LICENSE.docs @@ -58,12 +58,12 @@ library. ## Licenses -As indicated in `LICENSE-code.txt`, tools-golang **source code files** are +As indicated in `LICENSE-code`, tools-golang **source code files** are provided and may be used, at your option, under *either*: * Apache License, version 2.0 (**Apache-2.0**), **OR** * GNU General Public License, version 2.0 or later (**GPL-2.0-or-later**). -As indicated in `LICENSE-docs.txt`, tools-golang **documentation files** are +As indicated in `LICENSE-docs`, tools-golang **documentation files** are provided and may be used under the Creative Commons Attribution 4.0 International license (**CC-BY-4.0**). diff --git a/builder/build_test.go b/builder/build_test.go index cf59d45..8c18c44 100644 --- a/builder/build_test.go +++ b/builder/build_test.go @@ -482,14 +482,21 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + for _, checksum := range fileEmpty.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } } if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) @@ -512,14 +519,21 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File1") { t.Errorf("expected %v, got %v", "File1", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + for _, checksum := range file1.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } } if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) @@ -542,14 +556,21 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file3.FileSPDXIdentifier != spdx.ElementID("File2") { t.Errorf("expected %v, got %v", "File2", file3.FileSPDXIdentifier) } - if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { - t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) - } - if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { - t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) - } - if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { - t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) + for _, checksum := range file3.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "a46114b70e163614f01c64adf44cdd438f158fce" { + t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "3e02d3ab9c58eec6911dbba37570934f" { + t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", checksum.Value) + } + } } if file3.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) @@ -572,14 +593,21 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file4.FileSPDXIdentifier != spdx.ElementID("File3") { t.Errorf("expected %v, got %v", "File3", file4.FileSPDXIdentifier) } - if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { - t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) - } - if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { - t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) - } - if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { - t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) + for _, checksum := range file4.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "96e6a25d35df5b1c477710ef4d0c7210" { + t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", checksum.Value) + } + } } if file4.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) @@ -602,14 +630,21 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if lastfile.FileSPDXIdentifier != spdx.ElementID("File4") { t.Errorf("expected %v, got %v", "File4", lastfile.FileSPDXIdentifier) } - if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { - t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) - } - if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { - t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) - } - if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { - t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) + for _, checksum := range lastfile.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "f60baa793870d9085461ad6bbab50b7f" { + t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", checksum.Value) + } + } } if lastfile.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) diff --git a/builder/builder2v2/build_file.go b/builder/builder2v2/build_file.go index 8042992..684a763 100644 --- a/builder/builder2v2/build_file.go +++ b/builder/builder2v2/build_file.go @@ -32,12 +32,23 @@ func BuildFileSection2_2(filePath string, prefix string, fileNumber int) (*spdx. f := &spdx.File2_2{ FileName: filePath, FileSPDXIdentifier: spdx.ElementID(i), - FileChecksumSHA1: ssha1, - FileChecksumSHA256: ssha256, - FileChecksumMD5: smd5, - LicenseConcluded: "NOASSERTION", - LicenseInfoInFile: []string{}, - FileCopyrightText: "NOASSERTION", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: ssha1, + }, + spdx.SHA256: spdx.Checksum{ + Algorithm: spdx.SHA256, + Value: ssha256, + }, + spdx.MD5: spdx.Checksum{ + Algorithm: spdx.MD5, + Value: smd5, + }, + }, + LicenseConcluded: "NOASSERTION", + LicenseInfoInFile: []string{}, + FileCopyrightText: "NOASSERTION", } return f, nil diff --git a/builder/builder2v2/build_file_test.go b/builder/builder2v2/build_file_test.go index bd74421..60f285c 100644 --- a/builder/builder2v2/build_file_test.go +++ b/builder/builder2v2/build_file_test.go @@ -28,14 +28,21 @@ func TestBuilder2_2CanBuildFileSection(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File17") { t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + for _, checksum := range file1.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } } if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) diff --git a/builder/builder2v2/build_package_test.go b/builder/builder2v2/build_package_test.go index c7e4dc3..143e8db 100644 --- a/builder/builder2v2/build_package_test.go +++ b/builder/builder2v2/build_package_test.go @@ -71,14 +71,21 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + for _, checksum := range fileEmpty.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } } if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) diff --git a/licensediff/licensediff_test.go b/licensediff/licensediff_test.go index ccd92e1..bd53f31 100644 --- a/licensediff/licensediff_test.go +++ b/licensediff/licensediff_test.go @@ -501,8 +501,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "LicenseRef-We-will-ignore-LicenseInfoInFile", }, @@ -513,8 +518,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", - LicenseConcluded: "GPL-2.0-or-later", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "GPL-2.0-or-later", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -525,8 +535,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", - LicenseConcluded: "MPL-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "MPL-2.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -538,8 +553,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "MIT", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -548,8 +568,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "Apache-2.0 AND MIT", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Apache-2.0 AND MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -561,8 +586,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_1 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "BSD-3-Clause", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -571,8 +601,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "BSD-3-Clause", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -584,8 +619,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "CC0-1.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "CC0-1.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -594,8 +634,13 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "Unlicense", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Unlicense", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -740,8 +785,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "LicenseRef-We-will-ignore-LicenseInfoInFile", }, @@ -752,8 +802,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", - LicenseConcluded: "GPL-2.0-or-later", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "GPL-2.0-or-later", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -764,8 +819,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", - LicenseConcluded: "MPL-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "MPL-2.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -777,8 +837,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "MIT", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -787,8 +852,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "Apache-2.0 AND MIT", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Apache-2.0 AND MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -800,7 +870,6 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f5_1 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", @@ -810,8 +879,14 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "BSD-3-Clause", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -823,8 +898,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "CC0-1.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "CC0-1.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -833,8 +913,13 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "Unlicense", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + LicenseConcluded: "Unlicense", LicenseInfoInFile: []string{ "NOASSERTION", }, diff --git a/rdfloader/parser2v2/parse_file.go b/rdfloader/parser2v2/parse_file.go index 647cef9..b3b0e49 100644 --- a/rdfloader/parser2v2/parse_file.go +++ b/rdfloader/parser2v2/parse_file.go @@ -4,9 +4,10 @@ package parser2v2 import ( "fmt" + "strings" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" - "strings" ) // returns a file instance and the error if any encountered. @@ -26,7 +27,7 @@ func (parser *rdfParser2_2) getFileFromNode(fileNode *gordfParser.Node) (file *s } // setting color to grey to indicate that we've started parsing this node. - parser.cache[fileNode.ID].Color = GREY; + parser.cache[fileNode.ID].Color = GREY // setting color to black just before function returns to the caller to // indicate that parsing current node is complete. @@ -129,13 +130,13 @@ func (parser *rdfParser2_2) setFileChecksumFromNode(file *spdx.File2_2, checksum if err != nil { return fmt.Errorf("error parsing checksumNode of a file: %v", err) } + if file.FileChecksums == nil { + file.FileChecksums = map[spdx.ChecksumAlgorithm]spdx.Checksum{} + } switch checksumAlgorithm { - case "MD5": - file.FileChecksumMD5 = checksumValue - case "SHA1": - file.FileChecksumSHA1 = checksumValue - case "SHA256": - file.FileChecksumSHA256 = checksumValue + case spdx.MD5, spdx.SHA1, spdx.SHA256: + algorithm := spdx.ChecksumAlgorithm(checksumAlgorithm) + file.FileChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksumValue} case "": return fmt.Errorf("empty checksum algorithm and value") default: diff --git a/rdfloader/parser2v2/parse_file_test.go b/rdfloader/parser2v2/parse_file_test.go index 4d7c8b3..069eb26 100644 --- a/rdfloader/parser2v2/parse_file_test.go +++ b/rdfloader/parser2v2/parse_file_test.go @@ -4,12 +4,13 @@ package parser2v2 import ( "bufio" + "strings" + "testing" + gordfParser "github.com/spdx/gordf/rdfloader/parser" rdfloader2 "github.com/spdx/gordf/rdfloader/xmlreader" gordfWriter "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" - "strings" - "testing" ) // content is the tags within the rdf:RDF tag @@ -206,14 +207,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { t.Errorf("error parsing a valid checksum node") } checksumValue := "d2356e0fe1c0b85285d83c6b2ad51b5f" - if file.FileChecksumMD5 != checksumValue { - t.Errorf("wrong checksum value for md5. Expected: %s, found: %s", checksumValue, file.FileChecksumMD5) - } - if file.FileChecksumSHA1 != "" { - t.Errorf("incorrectly set sha1, should've been empty") - } - if file.FileChecksumSHA256 != "" { - t.Errorf("incorrectly set sha256, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "" { + t.Errorf("incorrectly set sha1, should've been empty") + } + case spdx.SHA256: + if checksum.Value != "" { + t.Errorf("incorrectly set sha256, should've been empty") + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for md5. Expected: %s, found: %s", checksumValue, checksum.Value) + } + } } // TestCase 2: valid sha1 checksum @@ -229,14 +237,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - if file.FileChecksumSHA1 != checksumValue { - t.Errorf("wrong checksum value for sha1. Expected: %s, found: %s", checksumValue, file.FileChecksumSHA1) - } - if file.FileChecksumMD5 != "" { - t.Errorf("incorrectly set md5, should've been empty") - } - if file.FileChecksumSHA256 != "" { - t.Errorf("incorrectly set sha256, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for sha1. Expected: %s, found: %s", checksumValue, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "" { + t.Errorf("incorrectly set sha256, should've been empty") + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set md5, should've been empty") + } + } } // TestCase 3: valid sha256 checksum @@ -252,14 +267,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - if file.FileChecksumSHA256 != checksumValue { - t.Errorf("wrong checksum value for sha256. Expected: %s, found: %s", checksumValue, file.FileChecksumSHA256) - } - if file.FileChecksumMD5 != "" { - t.Errorf("incorrectly set md5, should've been empty") - } - if file.FileChecksumSHA1 != "" { - t.Errorf("incorrectly set sha1, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set sha1, should've been empty") + } + case spdx.SHA256: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for sha256. Expected: %s, found: %s", checksumValue, checksum.Value) + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set md5, should've been empty") + } + } } // TestCase 4: checksum node without one of the mandatory attributes @@ -494,7 +516,6 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFile[0]) } - // TestCase 12: checking if recursive dependencies are resolved. parser, _ = parserFromBodyContent(` <spdx:File rdf:about="#SPDXRef-ParentFile"> @@ -578,8 +599,14 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { } expectedChecksum := "0a3a0e1ab72b7c132f5021c538a7a3ea6d539bcd" - if file.FileChecksumSHA1 != expectedChecksum { - t.Errorf("expected %s, found %s", expectedChecksum, file.FileChecksumSHA1) + + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != expectedChecksum { + t.Errorf("expected %s, found %s", expectedChecksum, checksum.Value) + } + } } expectedLicenseConcluded = "NOASSERTION" diff --git a/rdfloader/parser2v2/parse_package.go b/rdfloader/parser2v2/parse_package.go index dde6e70..47a2af8 100644 --- a/rdfloader/parser2v2/parse_package.go +++ b/rdfloader/parser2v2/parse_package.go @@ -4,9 +4,10 @@ package parser2v2 import ( "fmt" + "strings" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" - "strings" ) func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (pkg *spdx.Package2_2, err error) { @@ -30,7 +31,7 @@ func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (p parser.cache[packageNode.ID].Color = GREY // setting state color to black to indicate when we're done parsing this node. - defer func(){parser.cache[packageNode.ID].Color = BLACK}(); + defer func() { parser.cache[packageNode.ID].Color = BLACK }() // setting the SPDXIdentifier for the package. eId, err := ExtractElementID(getLastPartOfURI(packageNode.ID)) @@ -300,13 +301,13 @@ func (parser *rdfParser2_2) setPackageChecksum(pkg *spdx.Package2_2, node *gordf if err != nil { return fmt.Errorf("error getting checksum algorithm and value from %v", node) } + if pkg.PackageChecksums == nil { + pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum) + } switch checksumAlgorithm { - case "MD5": - pkg.PackageChecksumMD5 = checksumValue - case "SHA1": - pkg.PackageChecksumSHA1 = checksumValue - case "SHA256": - pkg.PackageChecksumSHA256 = checksumValue + case spdx.MD5, spdx.SHA1, spdx.SHA256: + algorithm := spdx.ChecksumAlgorithm(checksumAlgorithm) + pkg.PackageChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: checksumValue} default: return fmt.Errorf("unknown checksumAlgorithm %s while parsing a package", checksumAlgorithm) } diff --git a/rdfloader/parser2v2/parse_package_test.go b/rdfloader/parser2v2/parse_package_test.go index 2269826..9744760 100644 --- a/rdfloader/parser2v2/parse_package_test.go +++ b/rdfloader/parser2v2/parse_package_test.go @@ -3,10 +3,11 @@ package parser2v2 import ( - gordfParser "github.com/spdx/gordf/rdfloader/parser" - "github.com/spdx/tools-golang/spdx" "reflect" "testing" + + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/tools-golang/spdx" ) func Test_setPackageSupplier(t *testing.T) { @@ -584,7 +585,7 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { var parser *rdfParser2_2 var node *gordfParser.Node var pkg *spdx.Package2_2 - var gotChecksumValue, expectedChecksumValue string + var expectedChecksumValue string var err error // TestCase 1: invalid checksum algorithm @@ -629,9 +630,14 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumSHA1 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } // TestCase 3: valid checksum (sha256) @@ -648,9 +654,13 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumSHA256 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA256: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } // TestCase 4: valid checksum (md5) @@ -667,9 +677,13 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumMD5 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.MD5: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } } diff --git a/rdfloader/parser2v2/parser_test.go b/rdfloader/parser2v2/parser_test.go index be740c9..0d9c30d 100644 --- a/rdfloader/parser2v2/parser_test.go +++ b/rdfloader/parser2v2/parser_test.go @@ -132,7 +132,19 @@ func Test_rdfParser2_2_getSpdxDocNode(t *testing.T) { t.Errorf("expected and error due to more than one type triples for the SpdxDocument Node, got %v", err) } - // TestCase 2: two different spdx nodes found in a single document. + // TestCase 2: must be associated with exactly one rdf:type. + parser, _ = parserFromBodyContent(` + <spdx:SpdxDocument rdf:about="#SPDXRef-Document"/> + <spdx:Snippet rdf:about="#SPDXRef-Document"/> + <spdx:File rdf:about="#SPDXRef-DoapSource"/> + `) + _, err = parser.getSpdxDocNode() + t.Log(err) + if err == nil { + t.Errorf("rootNode must be associated with exactly one triple of predicate rdf:type, got %v", err) + } + + // TestCase 3: two different spdx nodes found in a single document. parser, _ = parserFromBodyContent(` <spdx:SpdxDocument rdf:about="#SPDXRef-Document-1"/> <spdx:SpdxDocument rdf:about="#SPDXRef-Document-2"/> @@ -142,14 +154,14 @@ func Test_rdfParser2_2_getSpdxDocNode(t *testing.T) { t.Errorf("expected and error due to more than one type SpdxDocument Node, got %v", err) } - // TestCase 3: no spdx document + // TestCase 4: no spdx document parser, _ = parserFromBodyContent(``) _, err = parser.getSpdxDocNode() if err == nil { t.Errorf("expected and error due to no SpdxDocument Node, got %v", err) } - // TestCase 4: valid spdxDocument node + // TestCase 5: valid spdxDocument node parser, _ = parserFromBodyContent(` <spdx:SpdxDocument rdf:about="#SPDXRef-Document-1"/> `) diff --git a/spdx/checksum.go b/spdx/checksum.go new file mode 100644 index 0000000..872aee2 --- /dev/null +++ b/spdx/checksum.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// ChecksumAlgorithm2_2 represents the algorithm used to generate the file checksum in the Checksum2_2 struct. +type ChecksumAlgorithm string + +// The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum +const ( + SHA224 ChecksumAlgorithm = "SHA224" + SHA1 = "SHA1" + SHA256 = "SHA256" + SHA384 = "SHA384" + SHA512 = "SHA512" + MD2 = "MD2" + MD4 = "MD4" + MD5 = "MD5" + MD6 = "MD6" +) + +//Checksum2_2 struct Provide a unique identifier to match analysis information on each specific file in a package. +// The Algorithm field describes the ChecksumAlgorithm2_2 used and the Value represents the file checksum +type Checksum struct { + Algorithm ChecksumAlgorithm + Value string +} diff --git a/spdx/file.go b/spdx/file.go index bfd47b7..a745dc3 100644 --- a/spdx/file.go +++ b/spdx/file.go @@ -105,9 +105,7 @@ type File2_2 struct { // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: mandatory, one SHA1, others may be optionally provided - FileChecksumSHA1 string - FileChecksumSHA256 string - FileChecksumMD5 string + FileChecksums map[ChecksumAlgorithm]Checksum // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one diff --git a/spdx/package.go b/spdx/package.go index 4af3903..9aeb8a2 100644 --- a/spdx/package.go +++ b/spdx/package.go @@ -192,9 +192,7 @@ type Package2_2 struct { // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: optional, one or many - PackageChecksumSHA1 string - PackageChecksumSHA256 string - PackageChecksumMD5 string + PackageChecksums map[ChecksumAlgorithm]Checksum // 3.11: Package Home Page // Cardinality: optional, one diff --git a/tvloader/parser2v2/parse_file.go b/tvloader/parser2v2/parse_file.go index c0e3c92..86886d3 100644 --- a/tvloader/parser2v2/parse_file.go +++ b/tvloader/parser2v2/parse_file.go @@ -58,13 +58,13 @@ func (parser *tvParser2_2) parsePairFromFile2_2(tag string, value string) error if err != nil { return err } + if parser.file.FileChecksums == nil { + parser.file.FileChecksums = map[spdx.ChecksumAlgorithm]spdx.Checksum{} + } switch subkey { - case "SHA1": - parser.file.FileChecksumSHA1 = subvalue - case "SHA256": - parser.file.FileChecksumSHA256 = subvalue - case "MD5": - parser.file.FileChecksumMD5 = subvalue + case spdx.SHA1, spdx.SHA256, spdx.MD5: + algorithm := spdx.ChecksumAlgorithm(subkey) + parser.file.FileChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: subvalue} default: return fmt.Errorf("got unknown checksum type %s", subkey) } diff --git a/tvloader/parser2v2/parse_file_test.go b/tvloader/parser2v2/parse_file_test.go index ffa7662..411593f 100644 --- a/tvloader/parser2v2/parse_file_test.go +++ b/tvloader/parser2v2/parse_file_test.go @@ -443,16 +443,22 @@ func TestParser2_2CanParseFileTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.file.FileChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, parser.file.FileChecksumSHA1) - } - if parser.file.FileChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for FileChecksumSHA256, got %s", codeSha256, parser.file.FileChecksumSHA256) - } - if parser.file.FileChecksumMD5 != codeMd5 { - t.Errorf("expected %s for FileChecksumMD5, got %s", codeMd5, parser.file.FileChecksumMD5) + for _, checksum := range parser.file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeMd5, checksum.Value) + } + } } - // Concluded License err = parser.parsePairFromFile2_2("LicenseConcluded", "Apache-2.0 OR GPL-2.0-or-later") if err != nil { diff --git a/tvloader/parser2v2/parse_package.go b/tvloader/parser2v2/parse_package.go index ddc9cb0..3f5939b 100644 --- a/tvloader/parser2v2/parse_package.go +++ b/tvloader/parser2v2/parse_package.go @@ -100,13 +100,13 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err if err != nil { return err } + if parser.pkg.PackageChecksums == nil { + parser.pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm]spdx.Checksum, 9) + } switch subkey { - case "SHA1": - parser.pkg.PackageChecksumSHA1 = subvalue - case "SHA256": - parser.pkg.PackageChecksumSHA256 = subvalue - case "MD5": - parser.pkg.PackageChecksumMD5 = subvalue + case spdx.SHA1, spdx.SHA256, spdx.MD5: + algorithm := spdx.ChecksumAlgorithm(subkey) + parser.pkg.PackageChecksums[algorithm] = spdx.Checksum{Algorithm: algorithm, Value: subvalue} default: return fmt.Errorf("got unknown checksum type %s", subkey) } diff --git a/tvloader/parser2v2/parse_package_test.go b/tvloader/parser2v2/parse_package_test.go index 6f40170..33b4784 100644 --- a/tvloader/parser2v2/parse_package_test.go +++ b/tvloader/parser2v2/parse_package_test.go @@ -353,14 +353,21 @@ func TestParser2_2CanParsePackageTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for PackageChecksumSHA1, got %s", codeSha1, parser.pkg.PackageChecksumSHA1) - } - if parser.pkg.PackageChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for PackageChecksumSHA256, got %s", codeSha256, parser.pkg.PackageChecksumSHA256) - } - if parser.pkg.PackageChecksumMD5 != codeMd5 { - t.Errorf("expected %s for PackageChecksumMD5, got %s", codeMd5, parser.pkg.PackageChecksumMD5) + for _, checksum := range parser.pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeMd5, checksum.Value) + } + } } // Package Home Page diff --git a/tvsaver/saver2v1/save_snippet.go b/tvsaver/saver2v1/save_snippet.go index e82bc5a..645f7f5 100644 --- a/tvsaver/saver2v1/save_snippet.go +++ b/tvsaver/saver2v1/save_snippet.go @@ -33,7 +33,7 @@ func renderSnippet2_1(sn *spdx.Snippet2_1, w io.Writer) error { fmt.Fprintf(w, "SnippetLicenseComments: %s\n", textify(sn.SnippetLicenseComments)) } if sn.SnippetCopyrightText != "" { - fmt.Fprintf(w, "SnippetCopyrightText: %s\n", sn.SnippetCopyrightText) + fmt.Fprintf(w, "SnippetCopyrightText: %s\n", textify(sn.SnippetCopyrightText)) } if sn.SnippetComment != "" { fmt.Fprintf(w, "SnippetComment: %s\n", textify(sn.SnippetComment)) diff --git a/tvsaver/saver2v1/save_snippet_test.go b/tvsaver/saver2v1/save_snippet_test.go index 88b39c9..536545d 100644 --- a/tvsaver/saver2v1/save_snippet_test.go +++ b/tvsaver/saver2v1/save_snippet_test.go @@ -90,3 +90,38 @@ SnippetCopyrightText: Copyright (c) John Doe 20x6 t.Errorf("Expected %v, got %v", want.String(), got.String()) } } + +func TestSaver2_1SnippetWrapsCopyrightMultiline(t *testing.T) { + sn := &spdx.Snippet2_1{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: `Copyright (c) John Doe 20x6 +Copyright (c) John Doe 20x6`, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`SnippetSPDXIdentifier: SPDXRef-Snippet17 +SnippetFromFileSPDXID: SPDXRef-File292 +SnippetByteRange: 17:209 +SnippetLicenseConcluded: GPL-2.0-or-later +SnippetCopyrightText: <text>Copyright (c) John Doe 20x6 +Copyright (c) John Doe 20x6</text> + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderSnippet2_1(sn, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_document_test.go b/tvsaver/saver2v2/save_document_test.go index d6d112b..8745db4 100644 --- a/tvsaver/saver2v2/save_document_test.go +++ b/tvsaver/saver2v2/save_document_test.go @@ -29,19 +29,29 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } unFiles := map[spdx.ElementID]*spdx.File2_2{ @@ -71,8 +81,13 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/tmp/file-with-snippets.txt", FileSPDXIdentifier: spdx.ElementID("FileHasSnippets"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983e", - LicenseConcluded: "GPL-2.0-or-later AND WTFPL", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983e", + }, + }, + LicenseConcluded: "GPL-2.0-or-later AND WTFPL", LicenseInfoInFile: []string{ "Apache-2.0", "GPL-2.0-or-later", @@ -88,10 +103,15 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f4 := &spdx.File2_2{ FileName: "/tmp/another-file.txt", FileSPDXIdentifier: spdx.ElementID("FileAnother"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983f", - LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{"BSD-3-Clause"}, - FileCopyrightText: "Copyright (c) Jane Doe LLC", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983f", + }, + }, + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{"BSD-3-Clause"}, + FileCopyrightText: "Copyright (c) Jane Doe LLC", } pkgWith := &spdx.Package2_2{ diff --git a/tvsaver/saver2v2/save_file.go b/tvsaver/saver2v2/save_file.go index 8edacfc..18e95b0 100644 --- a/tvsaver/saver2v2/save_file.go +++ b/tvsaver/saver2v2/save_file.go @@ -20,14 +20,14 @@ func renderFile2_2(f *spdx.File2_2, w io.Writer) error { for _, s := range f.FileType { fmt.Fprintf(w, "FileType: %s\n", s) } - if f.FileChecksumSHA1 != "" { - fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksumSHA1) + if f.FileChecksums[spdx.SHA1].Value != "" { + fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksums[spdx.SHA1].Value) } - if f.FileChecksumSHA256 != "" { - fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksumSHA256) + if f.FileChecksums[spdx.SHA256].Value != "" { + fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksums[spdx.SHA256].Value) } - if f.FileChecksumMD5 != "" { - fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksumMD5) + if f.FileChecksums[spdx.MD5].Value != "" { + fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksums[spdx.MD5].Value) } if f.LicenseConcluded != "" { fmt.Fprintf(w, "LicenseConcluded: %s\n", f.LicenseConcluded) diff --git a/tvsaver/saver2v2/save_file_test.go b/tvsaver/saver2v2/save_file_test.go index 1fd4fca..159074d 100644 --- a/tvsaver/saver2v2/save_file_test.go +++ b/tvsaver/saver2v2/save_file_test.go @@ -18,10 +18,21 @@ func TestSaver2_2FileSavesText(t *testing.T) { "TEXT", "DOCUMENTATION", }, - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - FileChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - FileChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", "Apache-1.1", @@ -133,8 +144,13 @@ func TestSaver2_2FileSavesSnippetsAlso(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, @@ -182,8 +198,13 @@ func TestSaver2_2FileOmitsOptionalFieldsIfEmpty(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, @@ -218,8 +239,13 @@ func TestSaver2_2FileWrapsCopyrightMultiLine(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, diff --git a/tvsaver/saver2v2/save_package.go b/tvsaver/saver2v2/save_package.go index 3a413cb..518da06 100644 --- a/tvsaver/saver2v2/save_package.go +++ b/tvsaver/saver2v2/save_package.go @@ -58,14 +58,14 @@ func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { fmt.Fprintf(w, "PackageVerificationCode: %s (excludes %s)\n", pkg.PackageVerificationCode, pkg.PackageVerificationCodeExcludedFile) } } - if pkg.PackageChecksumSHA1 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksumSHA1) + if pkg.PackageChecksums[spdx.SHA1].Value != "" { + fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksums[spdx.SHA1].Value) } - if pkg.PackageChecksumSHA256 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksumSHA256) + if pkg.PackageChecksums[spdx.SHA256].Value != "" { + fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksums[spdx.SHA256].Value) } - if pkg.PackageChecksumMD5 != "" { - fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksumMD5) + if pkg.PackageChecksums[spdx.MD5].Value != "" { + fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksums[spdx.MD5].Value) } if pkg.PackageHomePage != "" { fmt.Fprintf(w, "PackageHomePage: %s\n", pkg.PackageHomePage) diff --git a/tvsaver/saver2v2/save_package_test.go b/tvsaver/saver2v2/save_package_test.go index 466ff7f..8221e73 100644 --- a/tvsaver/saver2v2/save_package_test.go +++ b/tvsaver/saver2v2/save_package_test.go @@ -59,12 +59,23 @@ func TestSaver2_2PackageSavesTextCombo1(t *testing.T) { IsFilesAnalyzedTagPresent: true, PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", PackageVerificationCodeExcludedFile: "p1-0.1.0.spdx", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -150,12 +161,23 @@ func TestSaver2_2PackageSavesTextCombo2(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: false, PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -232,9 +254,20 @@ func TestSaver2_2PackageSavesTextCombo3(t *testing.T) { // NOTE that verification code MUST be omitted from output // since FilesAnalyzed is false PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, PackageHomePage: "http://example.com/p1", PackageSourceInfo: "this is a source comment", PackageLicenseConcluded: "GPL-2.0-or-later", @@ -351,19 +384,29 @@ func TestSaver2_2PackageSavesFilesIfPresent(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } pkg := &spdx.Package2_2{ diff --git a/tvsaver/saver2v2/save_snippet.go b/tvsaver/saver2v2/save_snippet.go index 5cf2f2a..a8ede6c 100644 --- a/tvsaver/saver2v2/save_snippet.go +++ b/tvsaver/saver2v2/save_snippet.go @@ -33,7 +33,7 @@ func renderSnippet2_2(sn *spdx.Snippet2_2, w io.Writer) error { fmt.Fprintf(w, "SnippetLicenseComments: %s\n", textify(sn.SnippetLicenseComments)) } if sn.SnippetCopyrightText != "" { - fmt.Fprintf(w, "SnippetCopyrightText: %s\n", sn.SnippetCopyrightText) + fmt.Fprintf(w, "SnippetCopyrightText: %s\n", textify(sn.SnippetCopyrightText)) } if sn.SnippetComment != "" { fmt.Fprintf(w, "SnippetComment: %s\n", textify(sn.SnippetComment)) diff --git a/tvsaver/saver2v2/save_snippet_test.go b/tvsaver/saver2v2/save_snippet_test.go index 72378b4..c4b16bd 100644 --- a/tvsaver/saver2v2/save_snippet_test.go +++ b/tvsaver/saver2v2/save_snippet_test.go @@ -92,3 +92,38 @@ SnippetCopyrightText: Copyright (c) John Doe 20x6 t.Errorf("Expected %v, got %v", want.String(), got.String()) } } + +func TestSaver2_2SnippetWrapsCopyrightMultiline(t *testing.T) { + sn := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: `Copyright (c) John Doe 20x6 +Copyright (c) John Doe 20x6`, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`SnippetSPDXIdentifier: SPDXRef-Snippet17 +SnippetFromFileSPDXID: SPDXRef-File292 +SnippetByteRange: 17:209 +SnippetLicenseConcluded: GPL-2.0-or-later +SnippetCopyrightText: <text>Copyright (c) John Doe 20x6 +Copyright (c) John Doe 20x6</text> + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderSnippet2_2(sn, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/utils/verification.go b/utils/verification.go index 2d55e16..7c53841 100644 --- a/utils/verification.go +++ b/utils/verification.go @@ -53,7 +53,7 @@ func GetVerificationCode2_2(files map[spdx.ElementID]*spdx.File2_2, excludeFile return "", fmt.Errorf("got nil file for identifier %v", i) } if f.FileName != excludeFile { - shas = append(shas, f.FileChecksumSHA1) + shas = append(shas, f.FileChecksums[spdx.SHA1].Value) } } diff --git a/utils/verification_test.go b/utils/verification_test.go index 7f95d3c..c6fa3f9 100644 --- a/utils/verification_test.go +++ b/utils/verification_test.go @@ -120,27 +120,52 @@ func TestPackage2_2CanGetVerificationCode(t *testing.T) { "File0": &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File1": &spdx.File2_2{ FileName: "file1.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File2": &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File3": &spdx.File2_2{ FileName: "file5.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File4": &spdx.File2_2{ FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, }, } @@ -161,27 +186,52 @@ func TestPackage2_2CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { spdx.ElementID("File0"): &spdx.File2_2{ FileName: "file1.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File1"): &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File2"): &spdx.File2_2{ FileName: "thisfile.spdx", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, }, spdx.ElementID("File3"): &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File4"): &spdx.File2_2{ FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, } @@ -202,13 +252,23 @@ func TestPackage2_2GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { spdx.ElementID("File0"): &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File1"): nil, spdx.ElementID("File2"): &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + spdx.SHA1: spdx.Checksum{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, } |