diff options
Diffstat (limited to 'rdfloader/parser2v3/parse_package_test.go')
| -rw-r--r-- | rdfloader/parser2v3/parse_package_test.go | 788 |
1 files changed, 788 insertions, 0 deletions
diff --git a/rdfloader/parser2v3/parse_package_test.go b/rdfloader/parser2v3/parse_package_test.go new file mode 100644 index 0000000..23be653 --- /dev/null +++ b/rdfloader/parser2v3/parse_package_test.go @@ -0,0 +1,788 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package parser2v3 + +import ( + "reflect" + "testing" + + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/tools-golang/spdx/common" + "github.com/spdx/tools-golang/spdx/v2_3" +) + +func Test_setPackageSupplier(t *testing.T) { + var err error + + // TestCase 1: no assertion must set PackageSupplierNOASSERTION field to true + pkg := &v2_3.Package{} + err = setPackageSupplier(pkg, "NOASSERTION") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if pkg.PackageSupplier.Supplier != "NOASSERTION" { + t.Errorf("PackageSupplier must've been set to NOASSERTION") + } + + // TestCase 2: lower-case noassertion must also set the + // PackageSupplierNOASSERTION to true. + pkg = &v2_3.Package{} + err = setPackageSupplier(pkg, "noassertion") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if pkg.PackageSupplier.Supplier != "NOASSERTION" { + t.Errorf("PackageSupplier must've been set to NOASSERTION") + } + + // TestCase 3: invalid input without colon separator. must raise an error + pkg = &v2_3.Package{} + input := "string without colon separator" + err = setPackageSupplier(pkg, input) + if err == nil { + t.Errorf("invalid input \"%s\" didn't raise an error", input) + } + + // TestCase 4: Valid Person + pkg = &v2_3.Package{} + personName := "Rishabh Bhatnagar" + input = "Person: " + personName + err = setPackageSupplier(pkg, input) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if pkg.PackageSupplier.Supplier != personName { + t.Errorf("PackageSupplierPerson should be %s. found %s", personName, pkg.PackageSupplier.Supplier) + } + + // TestCase 5: Valid Organization + pkg = &v2_3.Package{} + orgName := "SPDX" + input = "Organization: " + orgName + err = setPackageSupplier(pkg, input) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if pkg.PackageSupplier.Supplier != orgName { + t.Errorf("PackageSupplierPerson should be %s. found %s", orgName, pkg.PackageSupplier.Supplier) + } + + // TestCase 6: Invalid EntityType + pkg = &v2_3.Package{} + input = "InvalidEntity: entity" + err = setPackageSupplier(pkg, input) + if err == nil { + t.Errorf("invalid entity should've raised an error") + } +} + +func Test_setPackageOriginator(t *testing.T) { + var err error + + // TestCase 1: no assertion must set PackageSupplierNOASSERTION field to true + pkg := &v2_3.Package{} + err = setPackageOriginator(pkg, "NOASSERTION") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if pkg.PackageOriginator.Originator != "NOASSERTION" { + t.Errorf("PackageOriginator must've been set to NOASSERTION") + } + + // TestCase 2: lower-case noassertion must also set the + // PackageOriginatorNOASSERTION to true. + pkg = &v2_3.Package{} + err = setPackageOriginator(pkg, "noassertion") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if pkg.PackageOriginator.Originator != "NOASSERTION" { + t.Errorf("PackageOriginator must've been set to NOASSERTION") + } + + // TestCase 3: invalid input without colon separator. must raise an error + pkg = &v2_3.Package{} + input := "string without colon separator" + err = setPackageOriginator(pkg, input) + if err == nil { + t.Errorf("invalid input \"%s\" didn't raise an error", input) + } + + // TestCase 4: Valid Person + pkg = &v2_3.Package{} + personName := "Rishabh Bhatnagar" + input = "Person: " + personName + err = setPackageOriginator(pkg, input) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if pkg.PackageOriginator.Originator != personName { + t.Errorf("PackageOriginatorPerson should be %s. found %s", personName, pkg.PackageOriginator.Originator) + } + + // TestCase 5: Valid Organization + pkg = &v2_3.Package{} + orgName := "SPDX" + input = "Organization: " + orgName + err = setPackageOriginator(pkg, input) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if pkg.PackageOriginator.Originator != orgName { + t.Errorf("PackageOriginatorOrganization should be %s. found %s", orgName, pkg.PackageOriginator.Originator) + } + + // TestCase 6: Invalid EntityType + pkg = &v2_3.Package{} + input = "InvalidEntity: entity" + err = setPackageOriginator(pkg, input) + if err == nil { + t.Errorf("invalid entity should've raised an error") + } +} + +func Test_rdfParser2_3_setPackageVerificationCode(t *testing.T) { + var parser *rdfParser2_3 + var node *gordfParser.Node + var pkg *v2_3.Package + var err error + + // TestCase 1: invalid predicate must raise an error + parser, _ = parserFromBodyContent(` + <spdx.PackageVerificationCode> + <spdx:invalidPredicate /> + <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> + <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> + </spdx.PackageVerificationCode> + `) + node = parser.gordfParserObj.Triples[0].Subject + pkg = &v2_3.Package{} + err = parser.setPackageVerificationCode(pkg, node) + if err == nil { + t.Errorf("expected an error due to invalid predicate, got <nil>") + } + + // TestCase 2: valid input + parser, _ = parserFromBodyContent(` + <spdx.PackageVerificationCode> + <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> + <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> + </spdx.PackageVerificationCode> + `) + node = parser.gordfParserObj.Triples[0].Subject + pkg = &v2_3.Package{} + err = parser.setPackageVerificationCode(pkg, node) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + expectedValue := "cbceb8b5689b75a584efe35587b5d41bd48820ce" + if pkg.PackageVerificationCode.Value != expectedValue { + t.Errorf("expected %v, got %v", expectedValue, pkg.PackageVerificationCode) + } + expectedExcludedFile := "./package.spdx" + if pkg.PackageVerificationCode.ExcludedFiles[0] != expectedExcludedFile { + t.Errorf("expected %v, got %v", expectedExcludedFile, pkg.PackageVerificationCode.ExcludedFiles) + } +} + +func Test_rdfParser2_3_getPackageExternalRef(t *testing.T) { + var extRef *v2_3.PackageExternalReference + var err error + var parser *rdfParser2_3 + var node *gordfParser.Node + + // TestCase 1: invalid reference category + parser, _ = parserFromBodyContent(` + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_invalid"/> + </spdx:ExternalRef> + `) + node = parser.gordfParserObj.Triples[0].Subject + extRef, err = parser.getPackageExternalRef(node) + if err == nil { + t.Errorf("expected an error due to invalid referenceCategory, got <nil>") + } + + // TestCase 2: invalid predicate + parser, _ = parserFromBodyContent(` + <spdx:ExternalRef> + <spdx:unknownPredicate /> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> + </spdx:ExternalRef> + `) + node = parser.gordfParserObj.Triples[0].Subject + extRef, err = parser.getPackageExternalRef(node) + if err == nil { + t.Errorf("expected an error due to invalid referenceCategory, got <nil>") + } + + // TestCase 3: valid example (referenceCategory_security) + parser, _ = parserFromBodyContent(` + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> + <rdfs:comment>comment</rdfs:comment> + </spdx:ExternalRef> + `) + node = parser.gordfParserObj.Triples[0].Subject + extRef, err = parser.getPackageExternalRef(node) + if err != nil { + t.Fatalf("unexpected error parsing a valid example: %v", err) + } + expectedExtRef := &v2_3.PackageExternalReference{ + Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + RefType: "http://spdx.org/rdf/references/cpe23Type", + Category: "SECURITY", + ExternalRefComment: "comment", + } + if !reflect.DeepEqual(extRef, expectedExtRef) { + t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) + } + + // TestCase 4: valid example (referenceCategory_packageManager) + parser, _ = parserFromBodyContent(` + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_packageManager"/> + <rdfs:comment>comment</rdfs:comment> + </spdx:ExternalRef> + `) + node = parser.gordfParserObj.Triples[0].Subject + extRef, err = parser.getPackageExternalRef(node) + if err != nil { + t.Fatalf("unexpected error parsing a valid example: %v", err) + } + expectedExtRef = &v2_3.PackageExternalReference{ + Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + RefType: "http://spdx.org/rdf/references/cpe23Type", + Category: "PACKAGE-MANAGER", + ExternalRefComment: "comment", + } + if !reflect.DeepEqual(extRef, expectedExtRef) { + t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) + } + + // TestCase 5: valid example (referenceCategory_other) + parser, _ = parserFromBodyContent(` + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_other"/> + <rdfs:comment>comment</rdfs:comment> + </spdx:ExternalRef> + `) + node = parser.gordfParserObj.Triples[0].Subject + extRef, err = parser.getPackageExternalRef(node) + if err != nil { + t.Fatalf("unexpected error parsing a valid example: %v", err) + } + expectedExtRef = &v2_3.PackageExternalReference{ + Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + RefType: "http://spdx.org/rdf/references/cpe23Type", + Category: "OTHER", + ExternalRefComment: "comment", + } + if !reflect.DeepEqual(extRef, expectedExtRef) { + t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) + } +} + +func Test_rdfParser2_3_getPrimaryPackagePurpose(t *testing.T) { + // TestCase 1: basic purpose + value := getPrimaryPackagePurpose("packagePurpose_container") + if value != "CONTAINER" { + t.Errorf("expected primary package purpose to be CONTAINER. got: '%s'", value) + } + + // TestCase 2: purpose with underscore-to-dash + value = getPrimaryPackagePurpose("packagePurpose_operating_system") + if value != "OPERATING-SYSTEM" { + t.Errorf("expected primary package purpose to be OPERATING-SYSTEM. got: '%s'", value) + } + + // TestCase 3: invalid purpose + value = getPrimaryPackagePurpose("packagePurpose_invalid") + if value != "" { + t.Errorf("expected invalid primary package purpose to be empty. got: '%s'", value) + } +} + +func Test_rdfParser2_3_getPackageFromNode(t *testing.T) { + var parser *rdfParser2_3 + var node *gordfParser.Node + var err error + + // TestCase 1: invalid elementId + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#upload2"> + <spdx:name>time-1.9.tar.gz</spdx:name> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(missing SPDXRef- prefix), found %v", err) + } + + // TestCase 2: Invalid License Concluded must raise an error: + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/IPL-3.0"/> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid license), found %v", err) + } + + // TestCase 2: Invalid License Declared must raise an error: + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/IPL-3.0"/> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid license), found %v", err) + } + + // TestCase 3: Invalid ExternalRef + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:externalRef> + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_invalid"/> + </spdx:ExternalRef> + </spdx:externalRef> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid externalRef), found %v", err) + } + + // TestCase 4: invalid file must raise an error + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:hasFile> + <spdx:File rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9.tar.gz_1535120734-spdx.rdf#item8"/> + </spdx:hasFile> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid file), found %v", err) + } + + // TestCase 5: invalid predicate must raise an error + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:hasFiles> + <spdx:File rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9.tar.gz_1535120734-spdx.rdf#item8"/> + </spdx:hasFiles> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid predicate), found %v", err) + } + + // TestCase 6: invalid annotation must raise an error + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:annotation> + <spdx:Annotation> + <spdx:unknownAttribute /> + </spdx:Annotation> + </spdx:annotation> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid annotation), found %v", err) + } + + // TestCase 6: invalid homepage must raise an error + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <doap:homepage>u r i</doap:homepage> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err == nil { + t.Errorf("expected an error(invalid homepage uri), found %v", err) + } + + // TestCase 7: Package tag declared more than once should be parsed into a single object's definition + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:name>Test Package</spdx:name> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err != nil { + t.Errorf("error parsing a valid package: %v", err) + } + yetAnotherPkgTriple := gordfParser.Triple{ + Subject: node, + Predicate: &gordfParser.Node{ + NodeType: gordfParser.IRI, + ID: SPDX_PACKAGE_FILE_NAME, + }, + Object: &gordfParser.Node{ + NodeType: gordfParser.LITERAL, + ID: "packageFileName", + }, + } + parser.nodeStringToTriples[node.String()] = append(parser.nodeStringToTriples[node.String()], &yetAnotherPkgTriple) + pkg, err := parser.getPackageFromNode(node) + if err != nil { + t.Errorf("error parsing a valid package: %v", err) + } + // validating if all the attributes that spanned over two tags are included in the parsed package. + expectedID := "upload2" + if string(pkg.PackageSPDXIdentifier) != expectedID { + t.Errorf("expected package id: %s, got %s", expectedID, pkg.PackageSPDXIdentifier) + } + expectedPkgFileName := "packageFileName" + if expectedPkgFileName != pkg.PackageFileName { + t.Errorf("expected package file name: %s, got %s", expectedPkgFileName, pkg.PackageFileName) + } + expectedName := "Test Package" + if pkg.PackageName != expectedName { + t.Errorf("expected package name: %s, got %s", expectedPkgFileName, pkg.PackageName) + } + + // TestCase 8: Checking if packages can handle cyclic dependencies: + // Simulating a smallest possible cycle: package related to itself. + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:name>Test Package</spdx:name> + <spdx:relationship> + <spdx:Relationship> + <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes" /> + <spdx:relatedSpdxElement> + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:versionInfo>1.1.1</spdx:versionInfo> + </spdx:Package> + </spdx:relatedSpdxElement> + </spdx:Relationship> + </spdx:relationship> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + pkg, err = parser.getPackageFromNode(node) + if err != nil { + t.Errorf("error parsing a valid package: %v", err) + } + // checking if both the attributes of the packages are set. + expectedVersionInfo := "1.1.1" + expectedPackageName := "Test Package" + if pkg.PackageVersion != expectedVersionInfo { + t.Errorf("Expected %s, found %s", expectedVersionInfo, pkg.PackageVersion) + } + if pkg.PackageName != expectedPackageName { + t.Errorf("Expected %s, found %s", expectedPackageName, pkg.PackageName) + } + + // TestCase 9: everything valid + parser, _ = parserFromBodyContent(` + <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> + <spdx:name>Test Package</spdx:name> + <spdx:versionInfo>1.1.1</spdx:versionInfo> + <spdx:packageFileName>time-1.9.tar.gz</spdx:packageFileName> + <spdx:supplier>Person: Jane Doe (jane.doe@example.com)</spdx:supplier> + <spdx:originator>Organization: SPDX</spdx:originator> + <spdx:downloadLocation rdf:resource="http://spdx.org/rdf/terms#noassertion" /> + <spdx:filesAnalyzed>true</spdx:filesAnalyzed> + <spdx:packageVerificationCode> + <spdx.PackageVerificationCode> + <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> + <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> + </spdx.PackageVerificationCode> + </spdx:packageVerificationCode> + <spdx:checksum> + <spdx:Checksum> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1" /> + <spdx:checksumValue>75068c26abbed3ad3980685bae21d7202d288317</spdx:checksumValue> + </spdx:Checksum> + </spdx:checksum> + <doap:homepage>http://www.openjena.org/</doap:homepage> + <spdx:sourceInfo>uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.</spdx:sourceInfo> + <spdx:licenseConcluded> + <spdx:DisjunctiveLicenseSet> + <spdx:member rdf:resource="http://spdx.org/licenses/Nokia"/> + <spdx:member rdf:resource="http://spdx.org/licenses/LGPL-2.0"/> + </spdx:DisjunctiveLicenseSet> + </spdx:licenseConcluded> + <spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/rdf/terms#noassertion" /> + <spdx:licenseDeclared rdf:resource="http://spdx.org/rdf/terms#noassertion" /> + <spdx:licenseComments>Other versions available for a commercial license</spdx:licenseComments> + <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion" /> + <spdx:summary> Package for Testing </spdx:summary> + <spdx:description> Some tags are taken from other spdx autogenerated files </spdx:description> + <rdfs:comment>no comments</rdfs:comment> + <spdx:externalRef> + <spdx:ExternalRef> + <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> + <spdx:referenceType> + <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> + </spdx:referenceType> + <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> + </spdx:ExternalRef> + </spdx:externalRef> + <spdx:hasFile rdf:resource="http://spdx.org/documents/spdx-toolsv2.1.7-SNAPSHOT#SPDXRef-129" /> + <spdx:relationship> + <spdx:Relationship> + <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes" /> + <spdx:relatedSpdxElement rdf:resource="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2" /> + </spdx:Relationship> + </spdx:relationship> + <spdx:attributionText>attribution text</spdx:attributionText> + <spdx:annotation> + <spdx:Annotation> + <spdx:annotationDate>2011-01-29T18:30:22Z</spdx:annotationDate> + <rdfs:comment>Package level annotation</rdfs:comment> + <spdx:annotator>Person: Package Commenter</spdx:annotator> + <spdx:annotationType rdf:resource="http://spdx.org/rdf/terms#annotationType_other"/> + </spdx:Annotation> + </spdx:annotation> + </spdx:Package> + `) + node = parser.gordfParserObj.Triples[0].Subject + _, err = parser.getPackageFromNode(node) + if err != nil { + t.Errorf("error parsing a valid package: %v", err) + } +} + +func Test_rdfParser2_3_setFileToPackage(t *testing.T) { + var pkg *v2_3.Package + var file *v2_3.File + var parser *rdfParser2_3 + + // TestCase 1: setting to a nil files attribute shouldn't panic. + parser, _ = parserFromBodyContent(``) + pkg = &v2_3.Package{} + file = &v2_3.File{} + parser.setFileToPackage(pkg, file) + if len(pkg.Files) != 1 { + t.Errorf("expected given package to have one file after setting, got %d", len(pkg.Files)) + } + if parser.assocWithPackage[file.FileSPDXIdentifier] != true { + t.Errorf("given file should've been associated with a package, assocWithPackage is false") + } +} + +func Test_rdfParser2_3_setPackageChecksum(t *testing.T) { + var parser *rdfParser2_3 + var node *gordfParser.Node + var pkg *v2_3.Package + var expectedChecksumValue string + var err error + + // TestCase 1: invalid checksum algorithm + parser, _ = parserFromBodyContent(` + <spdx:Checksum> + <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha999"/> + </spdx:Checksum> + `) + pkg = &v2_3.Package{} + node = parser.gordfParserObj.Triples[0].Subject + err = parser.setPackageChecksum(pkg, node) + if err == nil { + t.Error("expected an error due to invalid checksum node, got <nil>") + } + + // TestCase 1: valid checksum algorithm which is invalid for package + parser, _ = parserFromBodyContent(` + <spdx:Checksum> + <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha2000"/> + </spdx:Checksum> + `) + pkg = &v2_3.Package{} + node = parser.gordfParserObj.Triples[0].Subject + err = parser.setPackageChecksum(pkg, node) + if err == nil { + t.Error("expected an error due to invalid checksum for package, got <nil>") + } + + // TestCase 2: valid checksum (sha1) + parser, _ = parserFromBodyContent(` + <spdx:Checksum> + <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/> + </spdx:Checksum> + `) + pkg = &v2_3.Package{} + node = parser.gordfParserObj.Triples[0].Subject + err = parser.setPackageChecksum(pkg, node) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case common.SHA1: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } + } + + // TestCase 3: valid checksum (sha256) + parser, _ = parserFromBodyContent(` + <spdx:Checksum> + <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/> + </spdx:Checksum> + `) + pkg = &v2_3.Package{} + node = parser.gordfParserObj.Triples[0].Subject + err = parser.setPackageChecksum(pkg, node) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case common.SHA256: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } + } + + // TestCase 4: valid checksum (md5) + parser, _ = parserFromBodyContent(` + <spdx:Checksum> + <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> + <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/> + </spdx:Checksum> + `) + pkg = &v2_3.Package{} + node = parser.gordfParserObj.Triples[0].Subject + err = parser.setPackageChecksum(pkg, node) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case common.MD5: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } + } +} + +func Test_setDocumentLocationFromURI(t *testing.T) { + var pkg *v2_3.Package + var expectedDocumentLocation, gotDocumentLocation string + var inputURI string + var err error + + // TestCase 1: NOASSERTION + inputURI = SPDX_NOASSERTION_SMALL + pkg = &v2_3.Package{} + err = setDocumentLocationFromURI(pkg, inputURI) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + expectedDocumentLocation = "NOASSERTION" + gotDocumentLocation = pkg.PackageDownloadLocation + if expectedDocumentLocation != gotDocumentLocation { + t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) + } + + // TestCase 2: NONE + inputURI = SPDX_NONE_CAPS + pkg = &v2_3.Package{} + err = setDocumentLocationFromURI(pkg, inputURI) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + expectedDocumentLocation = "NONE" + gotDocumentLocation = pkg.PackageDownloadLocation + if expectedDocumentLocation != gotDocumentLocation { + t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) + } + + // TestCase 3: valid uri + inputURI = "https://www.gnu.org/software/texinfo/" + pkg = &v2_3.Package{} + err = setDocumentLocationFromURI(pkg, inputURI) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + expectedDocumentLocation = "https://www.gnu.org/software/texinfo/" + gotDocumentLocation = pkg.PackageDownloadLocation + if expectedDocumentLocation != gotDocumentLocation { + t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) + } + + // TestCase 3: invalid uri + inputURI = " " + pkg = &v2_3.Package{} + err = setDocumentLocationFromURI(pkg, inputURI) + if err == nil { + t.Fatalf("expected an error due to invalid uri, got %v", err) + } +} + +func Test_setFilesAnalyzed(t *testing.T) { + var pkg *v2_3.Package + var err error + + // TestCase 1: not a valid bool value: + pkg = &v2_3.Package{} + err = setFilesAnalyzed(pkg, "no") + if err == nil { + t.Errorf("expected an error due to invalid bool input, got %v", err) + } + + // TestCase 2: valid input + pkg = &v2_3.Package{} + err = setFilesAnalyzed(pkg, "true") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if !pkg.IsFilesAnalyzedTagPresent { + t.Errorf("should've set IsFilesAnalyzedTagPresent, got: %t", pkg.IsFilesAnalyzedTagPresent) + } + if !pkg.FilesAnalyzed { + t.Errorf("expected: %t, got: %t", true, pkg.FilesAnalyzed) + } +} |