diff options
Diffstat (limited to 'tvsaver/saver2v3/save_package_test.go')
-rw-r--r-- | tvsaver/saver2v3/save_package_test.go | 531 |
1 files changed, 531 insertions, 0 deletions
diff --git a/tvsaver/saver2v3/save_package_test.go b/tvsaver/saver2v3/save_package_test.go new file mode 100644 index 0000000..435b5b5 --- /dev/null +++ b/tvsaver/saver2v3/save_package_test.go @@ -0,0 +1,531 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v3 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx/common" + "github.com/spdx/tools-golang/spdx/v2_3" +) + +// ===== Package section Saver tests ===== +func TestSaver2_3PackageSavesTextCombo1(t *testing.T) { + // include package external refs + // test Supplier:Organization, Originator:Person + // FilesAnalyzed true, IsFilesAnalyzedTagPresent true + // PackageVerificationCodeExcludedFile has string + + // NOTE, this is an entirely made up CPE and the format is likely invalid + per1 := &v2_3.PackageExternalReference{ + Category: "SECURITY", + RefType: "cpe22Type", + Locator: "cpe:/a:john_doe_inc:p1:0.1.0", + ExternalRefComment: "this is an external ref comment #1", + } + + // NOTE, this is an entirely made up NPM + per2 := &v2_3.PackageExternalReference{ + Category: "PACKAGE-MANAGER", + RefType: "npm", + Locator: "p1@0.1.0", + ExternalRefComment: `this is a +multi-line external ref comment`, + } + + // NOTE, this is an entirely made up SWH persistent ID + per3 := &v2_3.PackageExternalReference{ + Category: "PERSISTENT-ID", + RefType: "swh", + Locator: "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", + // no ExternalRefComment for this one + } + + per4 := &v2_3.PackageExternalReference{ + Category: "OTHER", + RefType: "anything", + Locator: "anything-without-spaces-can-go-here", + // no ExternalRefComment for this one + } + + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &common.Supplier{SupplierType: "Organization", Supplier: "John Doe, Inc."}, + PackageOriginator: &common.Originator{Originator: "John Doe", OriginatorType: "Person"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: &common.PackageVerificationCode{ + Value: "0123456789abcdef0123456789abcdef01234567", + ExcludedFiles: []string{"p1-0.1.0.spdx"}, + }, + PackageChecksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: common.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: common.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{"Include this notice in all advertising materials"}, + PackageExternalReferences: []*v2_3.PackageExternalReference{ + per1, + per2, + per3, + per4, + }, + PrimaryPackagePurpose: "LIBRARY", + BuiltDate: "2021-09-15T02:38:00Z", + ValidUntilDate: "2022-10-15T02:38:00Z", + ReleaseDate: "2021-10-15T02:38:00Z", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: Organization: John Doe, Inc. +PackageOriginator: Person: John Doe +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +PrimaryPackagePurpose: LIBRARY +ReleaseDate: 2021-10-15T02:38:00Z +BuiltDate: 2021-09-15T02:38:00Z +ValidUntilDate: 2022-10-15T02:38:00Z +FilesAnalyzed: true +PackageVerificationCode: 0123456789abcdef0123456789abcdef01234567 (excludes: p1-0.1.0.spdx) +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseInfoFromFiles: Apache-1.1 +PackageLicenseInfoFromFiles: Apache-2.0 +PackageLicenseInfoFromFiles: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +ExternalRef: SECURITY cpe22Type cpe:/a:john_doe_inc:p1:0.1.0 +ExternalRefComment: this is an external ref comment #1 +ExternalRef: PACKAGE-MANAGER npm p1@0.1.0 +ExternalRefComment: <text>this is a +multi-line external ref comment</text> +ExternalRef: PERSISTENT-ID swh swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 +ExternalRef: OTHER anything anything-without-spaces-can-go-here +PackageAttributionText: Include this notice in all advertising materials + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_3PackageSavesTextCombo2(t *testing.T) { + // no package external refs + // test Supplier:NOASSERTION, Originator:Organization + // FilesAnalyzed true, IsFilesAnalyzedTagPresent false + // PackageVerificationCodeExcludedFile is empty + + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &common.Supplier{Supplier: "NOASSERTION"}, + PackageOriginator: &common.Originator{OriginatorType: "Organization", Originator: "John Doe, Inc."}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageVerificationCode: &common.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: common.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: common.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{"Include this notice in all advertising materials"}, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: NOASSERTION +PackageOriginator: Organization: John Doe, Inc. +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +PackageVerificationCode: 0123456789abcdef0123456789abcdef01234567 +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseInfoFromFiles: Apache-1.1 +PackageLicenseInfoFromFiles: Apache-2.0 +PackageLicenseInfoFromFiles: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +PackageAttributionText: Include this notice in all advertising materials + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_3PackageSavesTextCombo3(t *testing.T) { + // no package external refs + // test Supplier:Person, Originator:NOASSERTION + // FilesAnalyzed false, IsFilesAnalyzedTagPresent true + // PackageVerificationCodeExcludedFile is empty + // three PackageAttributionTexts, one with multi-line text + + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplier: &common.Supplier{Supplier: "John Doe", SupplierType: "Person"}, + PackageOriginator: &common.Originator{Originator: "NOASSERTION"}, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output + // since FilesAnalyzed is false + PackageVerificationCode: &common.PackageVerificationCode{Value: "0123456789abcdef0123456789abcdef01234567"}, + PackageChecksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + { + Algorithm: common.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + { + Algorithm: common.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{ + "Include this notice in all advertising materials", + "and also this notice", + `and this multi-line notice +which goes across two lines`, + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: Person: John Doe +PackageOriginator: NOASSERTION +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +PackageAttributionText: Include this notice in all advertising materials +PackageAttributionText: and also this notice +PackageAttributionText: <text>and this multi-line notice +which goes across two lines</text> + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_3PackageSaveOmitsOptionalFieldsIfEmpty(t *testing.T) { + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output, + // even if present in model, since FilesAnalyzed is false + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // even if present in model, since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: Copyright (c) John Doe, Inc. + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_3PackageSavesFilesIfPresent(t *testing.T) { + f1 := &v2_3.File{ + FileName: "/tmp/whatever1.txt", + FileSPDXIdentifier: common.ElementID("File1231"), + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFiles: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", + } + + f2 := &v2_3.File{ + FileName: "/tmp/whatever2.txt", + FileSPDXIdentifier: common.ElementID("File1232"), + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, + LicenseConcluded: "MIT", + LicenseInfoInFiles: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", + } + + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output, + // even if present in model, since FilesAnalyzed is false + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // even if present in model, since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + Files: []*v2_3.File{ + f1, + f2, + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: Copyright (c) John Doe, Inc. + +FileName: /tmp/whatever1.txt +SPDXID: SPDXRef-File1231 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe + +FileName: /tmp/whatever2.txt +SPDXID: SPDXRef-File1232 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983d +LicenseConcluded: MIT +LicenseInfoInFile: MIT +FileCopyrightText: Copyright (c) John Doe + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_3PackageWrapsMultiLine(t *testing.T) { + pkg := &v2_3.Package{ + PackageName: "p1", + PackageSPDXIdentifier: common.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageLicenseConcluded: "GPL-2.0-or-later", + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: `Copyright (c) John Doe, Inc. +Copyright Jane Doe`, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: <text>Copyright (c) John Doe, Inc. +Copyright Jane Doe</text> + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_3(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} |