From 4db7f0763f34165ade84addaa5fcb7de956e1bdb Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Sun, 7 Jun 2020 15:33:26 -0400 Subject: Add tvsaver and tests for 2.2 Signed-off-by: Steve Winslow --- tvsaver/saver2v2/save_annotation.go | 31 ++ tvsaver/saver2v2/save_annotation_test.go | 112 ++++++++ tvsaver/saver2v2/save_creation_info.go | 57 ++++ tvsaver/saver2v2/save_creation_info_test.go | 153 ++++++++++ tvsaver/saver2v2/save_document.go | 83 ++++++ tvsaver/saver2v2/save_document_test.go | 344 ++++++++++++++++++++++ tvsaver/saver2v2/save_file.go | 84 ++++++ tvsaver/saver2v2/save_file_test.go | 253 ++++++++++++++++ tvsaver/saver2v2/save_other_license.go | 32 +++ tvsaver/saver2v2/save_other_license_test.go | 83 ++++++ tvsaver/saver2v2/save_package.go | 127 ++++++++ tvsaver/saver2v2/save_package_test.go | 430 ++++++++++++++++++++++++++++ tvsaver/saver2v2/save_relationship.go | 23 ++ tvsaver/saver2v2/save_relationship_test.go | 64 +++++ tvsaver/saver2v2/save_review.go | 26 ++ tvsaver/saver2v2/save_review_test.go | 67 +++++ tvsaver/saver2v2/save_snippet.go | 51 ++++ tvsaver/saver2v2/save_snippet_test.go | 94 ++++++ tvsaver/saver2v2/util.go | 16 ++ tvsaver/saver2v2/util_test.go | 32 +++ tvsaver/tvsaver.go | 8 + 21 files changed, 2170 insertions(+) create mode 100644 tvsaver/saver2v2/save_annotation.go create mode 100644 tvsaver/saver2v2/save_annotation_test.go create mode 100644 tvsaver/saver2v2/save_creation_info.go create mode 100644 tvsaver/saver2v2/save_creation_info_test.go create mode 100644 tvsaver/saver2v2/save_document.go create mode 100644 tvsaver/saver2v2/save_document_test.go create mode 100644 tvsaver/saver2v2/save_file.go create mode 100644 tvsaver/saver2v2/save_file_test.go create mode 100644 tvsaver/saver2v2/save_other_license.go create mode 100644 tvsaver/saver2v2/save_other_license_test.go create mode 100644 tvsaver/saver2v2/save_package.go create mode 100644 tvsaver/saver2v2/save_package_test.go create mode 100644 tvsaver/saver2v2/save_relationship.go create mode 100644 tvsaver/saver2v2/save_relationship_test.go create mode 100644 tvsaver/saver2v2/save_review.go create mode 100644 tvsaver/saver2v2/save_review_test.go create mode 100644 tvsaver/saver2v2/save_snippet.go create mode 100644 tvsaver/saver2v2/save_snippet_test.go create mode 100644 tvsaver/saver2v2/util.go create mode 100644 tvsaver/saver2v2/util_test.go (limited to 'tvsaver') diff --git a/tvsaver/saver2v2/save_annotation.go b/tvsaver/saver2v2/save_annotation.go new file mode 100644 index 0000000..c0f1449 --- /dev/null +++ b/tvsaver/saver2v2/save_annotation.go @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderAnnotation2_2(ann *spdx.Annotation2_2, w io.Writer) error { + if ann.Annotator != "" && ann.AnnotatorType != "" { + fmt.Fprintf(w, "Annotator: %s: %s\n", ann.AnnotatorType, ann.Annotator) + } + if ann.AnnotationDate != "" { + fmt.Fprintf(w, "AnnotationDate: %s\n", ann.AnnotationDate) + } + if ann.AnnotationType != "" { + fmt.Fprintf(w, "AnnotationType: %s\n", ann.AnnotationType) + } + annIDStr := spdx.RenderDocElementID(ann.AnnotationSPDXIdentifier) + if annIDStr != "SPDXRef-" { + fmt.Fprintf(w, "SPDXREF: %s\n", annIDStr) + } + if ann.AnnotationComment != "" { + fmt.Fprintf(w, "AnnotationComment: %s\n", textify(ann.AnnotationComment)) + } + + return nil +} diff --git a/tvsaver/saver2v2/save_annotation_test.go b/tvsaver/saver2v2/save_annotation_test.go new file mode 100644 index 0000000..d938646 --- /dev/null +++ b/tvsaver/saver2v2/save_annotation_test.go @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Annotation section Saver tests ===== +func TestSaver2_2AnnotationSavesTextForPerson(t *testing.T) { + ann := &spdx.Annotation2_2{ + Annotator: "John Doe", + AnnotatorType: "Person", + AnnotationDate: "2018-10-10T17:52:00Z", + AnnotationType: "REVIEW", + AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), + AnnotationComment: "This is an annotation about the SPDX document", + } + + // what we want to get, as a buffer of bytes + // no trailing blank newline + want := bytes.NewBufferString(`Annotator: Person: John Doe +AnnotationDate: 2018-10-10T17:52:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: This is an annotation about the SPDX document +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderAnnotation2_2(ann, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2AnnotationSavesTextForOrganization(t *testing.T) { + ann := &spdx.Annotation2_2{ + Annotator: "John Doe, Inc.", + AnnotatorType: "Organization", + AnnotationDate: "2018-10-10T17:52:00Z", + AnnotationType: "REVIEW", + AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), + AnnotationComment: "This is an annotation about the SPDX document", + } + + // what we want to get, as a buffer of bytes + // no trailing blank newline + want := bytes.NewBufferString(`Annotator: Organization: John Doe, Inc. +AnnotationDate: 2018-10-10T17:52:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: This is an annotation about the SPDX document +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderAnnotation2_2(ann, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2AnnotationSavesTextForTool(t *testing.T) { + ann := &spdx.Annotation2_2{ + Annotator: "magictool-1.1", + AnnotatorType: "Tool", + AnnotationDate: "2018-10-10T17:52:00Z", + AnnotationType: "REVIEW", + AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), + AnnotationComment: "This is an annotation about the SPDX document", + } + + // what we want to get, as a buffer of bytes + // no trailing blank newline + want := bytes.NewBufferString(`Annotator: Tool: magictool-1.1 +AnnotationDate: 2018-10-10T17:52:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: This is an annotation about the SPDX document +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderAnnotation2_2(ann, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +// note that the annotation has no optional or multiple fields diff --git a/tvsaver/saver2v2/save_creation_info.go b/tvsaver/saver2v2/save_creation_info.go new file mode 100644 index 0000000..af9b977 --- /dev/null +++ b/tvsaver/saver2v2/save_creation_info.go @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, w io.Writer) error { + if ci.SPDXVersion != "" { + fmt.Fprintf(w, "SPDXVersion: %s\n", ci.SPDXVersion) + } + if ci.DataLicense != "" { + fmt.Fprintf(w, "DataLicense: %s\n", ci.DataLicense) + } + if ci.SPDXIdentifier != "" { + fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(ci.SPDXIdentifier)) + } + if ci.DocumentName != "" { + fmt.Fprintf(w, "DocumentName: %s\n", ci.DocumentName) + } + if ci.DocumentNamespace != "" { + fmt.Fprintf(w, "DocumentNamespace: %s\n", ci.DocumentNamespace) + } + for _, s := range ci.ExternalDocumentReferences { + fmt.Fprintf(w, "ExternalDocumentRef: %s\n", s) + } + if ci.LicenseListVersion != "" { + fmt.Fprintf(w, "LicenseListVersion: %s\n", ci.LicenseListVersion) + } + for _, s := range ci.CreatorPersons { + fmt.Fprintf(w, "Creator: Person: %s\n", s) + } + for _, s := range ci.CreatorOrganizations { + fmt.Fprintf(w, "Creator: Organization: %s\n", s) + } + for _, s := range ci.CreatorTools { + fmt.Fprintf(w, "Creator: Tool: %s\n", s) + } + if ci.Created != "" { + fmt.Fprintf(w, "Created: %s\n", ci.Created) + } + if ci.CreatorComment != "" { + fmt.Fprintf(w, "CreatorComment: %s\n", textify(ci.CreatorComment)) + } + if ci.DocumentComment != "" { + fmt.Fprintf(w, "DocumentComment: %s\n", textify(ci.DocumentComment)) + } + + // add blank newline b/c end of a main section + fmt.Fprintf(w, "\n") + + return nil +} diff --git a/tvsaver/saver2v2/save_creation_info_test.go b/tvsaver/saver2v2/save_creation_info_test.go new file mode 100644 index 0000000..3e23c0b --- /dev/null +++ b/tvsaver/saver2v2/save_creation_info_test.go @@ -0,0 +1,153 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Creation Info section Saver tests ===== +func TestSaver2_2CISavesText(t *testing.T) { + ci := &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "spdx-go-0.0.1.abcdef", + DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", + ExternalDocumentReferences: []string{ + "DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567", + "DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568", + }, + LicenseListVersion: "3.9", + CreatorPersons: []string{ + "John Doe", + "Jane Doe (janedoe@example.com)", + }, + CreatorOrganizations: []string{ + "John Doe, Inc.", + "Jane Doe LLC", + }, + CreatorTools: []string{ + "magictool1-1.0", + "magictool2-1.0", + "magictool3-1.0", + }, + Created: "2018-10-10T06:20:00Z", + CreatorComment: "this is a creator comment", + DocumentComment: "this is a document comment", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: spdx-go-0.0.1.abcdef +DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever +ExternalDocumentRef: DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567 +ExternalDocumentRef: DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568 +LicenseListVersion: 3.9 +Creator: Person: John Doe +Creator: Person: Jane Doe (janedoe@example.com) +Creator: Organization: John Doe, Inc. +Creator: Organization: Jane Doe LLC +Creator: Tool: magictool1-1.0 +Creator: Tool: magictool2-1.0 +Creator: Tool: magictool3-1.0 +Created: 2018-10-10T06:20:00Z +CreatorComment: this is a creator comment +DocumentComment: this is a document comment + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderCreationInfo2_2(ci, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2CIOmitsOptionalFieldsIfEmpty(t *testing.T) { + // --- need at least one creator; do first for Persons --- + ci1 := &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "spdx-go-0.0.1.abcdef", + DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", + CreatorPersons: []string{ + "John Doe", + }, + Created: "2018-10-10T06:20:00Z", + } + + // what we want to get, as a buffer of bytes + want1 := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: spdx-go-0.0.1.abcdef +DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever +Creator: Person: John Doe +Created: 2018-10-10T06:20:00Z + +`) + + // render as buffer of bytes + var got1 bytes.Buffer + err := renderCreationInfo2_2(ci1, &got1) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c1 := bytes.Compare(want1.Bytes(), got1.Bytes()) + if c1 != 0 { + t.Errorf("Expected %v, got %v", want1.String(), got1.String()) + } + + // --- need at least one creator; now switch to organization --- + ci2 := &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "spdx-go-0.0.1.abcdef", + DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", + CreatorOrganizations: []string{ + "John Doe, Inc.", + }, + Created: "2018-10-10T06:20:00Z", + } + + // what we want to get, as a buffer of bytes + want2 := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: spdx-go-0.0.1.abcdef +DocumentNamespace: https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever +Creator: Organization: John Doe, Inc. +Created: 2018-10-10T06:20:00Z + +`) + + // render as buffer of bytes + var got2 bytes.Buffer + err = renderCreationInfo2_2(ci2, &got2) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c2 := bytes.Compare(want2.Bytes(), got2.Bytes()) + if c2 != 0 { + t.Errorf("Expected %v, got %v", want2.String(), got2.String()) + } +} diff --git a/tvsaver/saver2v2/save_document.go b/tvsaver/saver2v2/save_document.go new file mode 100644 index 0000000..8db2363 --- /dev/null +++ b/tvsaver/saver2v2/save_document.go @@ -0,0 +1,83 @@ +// Package saver2v2 contains functions to render and write a tag-value +// formatted version of an in-memory SPDX document and its sections +// (version 2.2). +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package saver2v2 + +import ( + "fmt" + "io" + "sort" + + "github.com/spdx/tools-golang/spdx" +) + +// RenderDocument2_2 is the main entry point to take an SPDX in-memory +// Document (version 2.2), and render it to the received io.Writer. +// It is only exported in order to be available to the tvsaver package, +// and typically does not need to be called by client code. +func RenderDocument2_2(doc *spdx.Document2_2, w io.Writer) error { + if doc.CreationInfo == nil { + return fmt.Errorf("Document had nil CreationInfo section") + } + + renderCreationInfo2_2(doc.CreationInfo, w) + + if len(doc.UnpackagedFiles) > 0 { + fmt.Fprintf(w, "##### Unpackaged files\n\n") + // get slice of identifiers so we can sort them + unpackagedFileKeys := []string{} + for k := range doc.UnpackagedFiles { + unpackagedFileKeys = append(unpackagedFileKeys, string(k)) + } + sort.Strings(unpackagedFileKeys) + for _, fiID := range unpackagedFileKeys { + fi := doc.UnpackagedFiles[spdx.ElementID(fiID)] + renderFile2_2(fi, w) + } + } + + // get slice of Package identifiers so we can sort them + packageKeys := []string{} + for k := range doc.Packages { + packageKeys = append(packageKeys, string(k)) + } + sort.Strings(packageKeys) + for _, pkgID := range packageKeys { + pkg := doc.Packages[spdx.ElementID(pkgID)] + fmt.Fprintf(w, "##### Package: %s\n\n", pkg.PackageName) + renderPackage2_2(pkg, w) + } + + if len(doc.OtherLicenses) > 0 { + fmt.Fprintf(w, "##### Other Licenses\n\n") + for _, ol := range doc.OtherLicenses { + renderOtherLicense2_2(ol, w) + } + } + + if len(doc.Relationships) > 0 { + fmt.Fprintf(w, "##### Relationships\n\n") + for _, rln := range doc.Relationships { + renderRelationship2_2(rln, w) + } + fmt.Fprintf(w, "\n") + } + + if len(doc.Annotations) > 0 { + fmt.Fprintf(w, "##### Annotations\n\n") + for _, ann := range doc.Annotations { + renderAnnotation2_2(ann, w) + fmt.Fprintf(w, "\n") + } + } + + if len(doc.Reviews) > 0 { + fmt.Fprintf(w, "##### Reviews\n\n") + for _, rev := range doc.Reviews { + renderReview2_2(rev, w) + } + } + + return nil +} diff --git a/tvsaver/saver2v2/save_document_test.go b/tvsaver/saver2v2/save_document_test.go new file mode 100644 index 0000000..d6d112b --- /dev/null +++ b/tvsaver/saver2v2/save_document_test.go @@ -0,0 +1,344 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== entire Document Saver tests ===== +func TestSaver2_2DocumentSavesText(t *testing.T) { + + // Creation Info section + ci := &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "tools-golang-0.0.1.abcdef", + DocumentNamespace: "https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever", + CreatorPersons: []string{ + "John Doe", + }, + Created: "2018-10-10T06:20:00Z", + } + + // unpackaged files + f1 := &spdx.File2_2{ + FileName: "/tmp/whatever1.txt", + FileSPDXIdentifier: spdx.ElementID("File1231"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", + } + + f2 := &spdx.File2_2{ + FileName: "/tmp/whatever2.txt", + FileSPDXIdentifier: spdx.ElementID("File1232"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", + } + + unFiles := map[spdx.ElementID]*spdx.File2_2{ + spdx.ElementID("File1231"): f1, + spdx.ElementID("File1232"): f2, + } + + // Package 1: packaged files with snippets + sn1 := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: "Snippet19", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", + } + + sn2 := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: "Snippet20", + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "FileHasSnippets"), + SnippetByteRangeStart: 268, + SnippetByteRangeEnd: 309, + SnippetLicenseConcluded: "WTFPL", + SnippetCopyrightText: "NOASSERTION", + } + + f3 := &spdx.File2_2{ + FileName: "/tmp/file-with-snippets.txt", + FileSPDXIdentifier: spdx.ElementID("FileHasSnippets"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983e", + LicenseConcluded: "GPL-2.0-or-later AND WTFPL", + LicenseInfoInFile: []string{ + "Apache-2.0", + "GPL-2.0-or-later", + "WTFPL", + }, + FileCopyrightText: "Copyright (c) Jane Doe", + Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ + spdx.ElementID("Snippet19"): sn1, + spdx.ElementID("Snippet20"): sn2, + }, + } + + f4 := &spdx.File2_2{ + FileName: "/tmp/another-file.txt", + FileSPDXIdentifier: spdx.ElementID("FileAnother"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983f", + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{"BSD-3-Clause"}, + FileCopyrightText: "Copyright (c) Jane Doe LLC", + } + + pkgWith := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageLicenseConcluded: "GPL-2.0-or-later AND BSD-3-Clause AND WTFPL", + PackageLicenseInfoFromFiles: []string{ + "Apache-2.0", + "GPL-2.0-or-later", + "WTFPL", + "BSD-3-Clause", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + Files: map[spdx.ElementID]*spdx.File2_2{ + spdx.ElementID("FileHasSnippets"): f3, + spdx.ElementID("FileAnother"): f4, + }, + } + + // Other Licenses 1 and 2 + ol1 := &spdx.OtherLicense2_2{ + LicenseIdentifier: "LicenseRef-1", + ExtractedText: `License 1 text +blah blah blah +blah blah blah blah`, + LicenseName: "License 1", + } + + ol2 := &spdx.OtherLicense2_2{ + LicenseIdentifier: "LicenseRef-2", + ExtractedText: `License 2 text - this is a license that does some stuff`, + LicenseName: "License 2", + } + + // Relationships + rln1 := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "p1"), + Relationship: "DESCRIBES", + } + + rln2 := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "File1231"), + Relationship: "DESCRIBES", + } + + rln3 := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "File1232"), + Relationship: "DESCRIBES", + } + + // Annotations + ann1 := &spdx.Annotation2_2{ + Annotator: "John Doe", + AnnotatorType: "Person", + AnnotationDate: "2018-10-10T17:52:00Z", + AnnotationType: "REVIEW", + AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "DOCUMENT"), + AnnotationComment: "This is an annotation about the SPDX document", + } + + ann2 := &spdx.Annotation2_2{ + Annotator: "John Doe, Inc.", + AnnotatorType: "Organization", + AnnotationDate: "2018-10-10T17:52:00Z", + AnnotationType: "REVIEW", + AnnotationSPDXIdentifier: spdx.MakeDocElementID("", "p1"), + AnnotationComment: "This is an annotation about Package p1", + } + + // Reviews + rev1 := &spdx.Review2_2{ + Reviewer: "John Doe", + ReviewerType: "Person", + ReviewDate: "2018-10-14T10:28:00Z", + } + rev2 := &spdx.Review2_2{ + Reviewer: "Jane Doe LLC", + ReviewerType: "Organization", + ReviewDate: "2018-10-14T10:28:00Z", + ReviewComment: "I have reviewed this SPDX document and it is awesome", + } + + // now, build the document + doc := &spdx.Document2_2{ + CreationInfo: ci, + Packages: map[spdx.ElementID]*spdx.Package2_2{ + spdx.ElementID("p1"): pkgWith, + }, + UnpackagedFiles: unFiles, + OtherLicenses: []*spdx.OtherLicense2_2{ + ol1, + ol2, + }, + Relationships: []*spdx.Relationship2_2{ + rln1, + rln2, + rln3, + }, + Annotations: []*spdx.Annotation2_2{ + ann1, + ann2, + }, + Reviews: []*spdx.Review2_2{ + rev1, + rev2, + }, + } + + want := bytes.NewBufferString(`SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: tools-golang-0.0.1.abcdef +DocumentNamespace: https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever +Creator: Person: John Doe +Created: 2018-10-10T06:20:00Z + +##### Unpackaged files + +FileName: /tmp/whatever1.txt +SPDXID: SPDXRef-File1231 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe + +FileName: /tmp/whatever2.txt +SPDXID: SPDXRef-File1232 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983d +LicenseConcluded: MIT +LicenseInfoInFile: MIT +FileCopyrightText: Copyright (c) John Doe + +##### Package: p1 + +PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: true +PackageVerificationCode: 0123456789abcdef0123456789abcdef01234567 +PackageLicenseConcluded: GPL-2.0-or-later AND BSD-3-Clause AND WTFPL +PackageLicenseInfoFromFiles: Apache-2.0 +PackageLicenseInfoFromFiles: GPL-2.0-or-later +PackageLicenseInfoFromFiles: WTFPL +PackageLicenseInfoFromFiles: BSD-3-Clause +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: Copyright (c) John Doe, Inc. + +FileName: /tmp/another-file.txt +SPDXID: SPDXRef-FileAnother +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983f +LicenseConcluded: BSD-3-Clause +LicenseInfoInFile: BSD-3-Clause +FileCopyrightText: Copyright (c) Jane Doe LLC + +FileName: /tmp/file-with-snippets.txt +SPDXID: SPDXRef-FileHasSnippets +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983e +LicenseConcluded: GPL-2.0-or-later AND WTFPL +LicenseInfoInFile: Apache-2.0 +LicenseInfoInFile: GPL-2.0-or-later +LicenseInfoInFile: WTFPL +FileCopyrightText: Copyright (c) Jane Doe + +SnippetSPDXIdentifier: SPDXRef-Snippet19 +SnippetFromFileSPDXID: SPDXRef-FileHasSnippets +SnippetByteRange: 17:209 +SnippetLicenseConcluded: GPL-2.0-or-later +SnippetCopyrightText: Copyright (c) John Doe 20x6 + +SnippetSPDXIdentifier: SPDXRef-Snippet20 +SnippetFromFileSPDXID: SPDXRef-FileHasSnippets +SnippetByteRange: 268:309 +SnippetLicenseConcluded: WTFPL +SnippetCopyrightText: NOASSERTION + +##### Other Licenses + +LicenseID: LicenseRef-1 +ExtractedText: License 1 text +blah blah blah +blah blah blah blah +LicenseName: License 1 + +LicenseID: LicenseRef-2 +ExtractedText: License 2 text - this is a license that does some stuff +LicenseName: License 2 + +##### Relationships + +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-p1 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File1231 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File1232 + +##### Annotations + +Annotator: Person: John Doe +AnnotationDate: 2018-10-10T17:52:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: This is an annotation about the SPDX document + +Annotator: Organization: John Doe, Inc. +AnnotationDate: 2018-10-10T17:52:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-p1 +AnnotationComment: This is an annotation about Package p1 + +##### Reviews + +Reviewer: Person: John Doe +ReviewDate: 2018-10-14T10:28:00Z + +Reviewer: Organization: Jane Doe LLC +ReviewDate: 2018-10-14T10:28:00Z +ReviewComment: I have reviewed this SPDX document and it is awesome + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := RenderDocument2_2(doc, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected {{{%v}}}, got {{{%v}}}", want.String(), got.String()) + } + +} + +func TestSaver2_2DocumentReturnsErrorIfNilCreationInfo(t *testing.T) { + doc := &spdx.Document2_2{} + + var got bytes.Buffer + err := RenderDocument2_2(doc, &got) + if err == nil { + t.Errorf("Expected error, got nil") + } +} diff --git a/tvsaver/saver2v2/save_file.go b/tvsaver/saver2v2/save_file.go new file mode 100644 index 0000000..8edacfc --- /dev/null +++ b/tvsaver/saver2v2/save_file.go @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + "sort" + + "github.com/spdx/tools-golang/spdx" +) + +func renderFile2_2(f *spdx.File2_2, w io.Writer) error { + if f.FileName != "" { + fmt.Fprintf(w, "FileName: %s\n", f.FileName) + } + if f.FileSPDXIdentifier != "" { + fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(f.FileSPDXIdentifier)) + } + for _, s := range f.FileType { + fmt.Fprintf(w, "FileType: %s\n", s) + } + if f.FileChecksumSHA1 != "" { + fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksumSHA1) + } + if f.FileChecksumSHA256 != "" { + fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksumSHA256) + } + if f.FileChecksumMD5 != "" { + fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksumMD5) + } + if f.LicenseConcluded != "" { + fmt.Fprintf(w, "LicenseConcluded: %s\n", f.LicenseConcluded) + } + for _, s := range f.LicenseInfoInFile { + fmt.Fprintf(w, "LicenseInfoInFile: %s\n", s) + } + if f.LicenseComments != "" { + fmt.Fprintf(w, "LicenseComments: %s\n", f.LicenseComments) + } + if f.FileCopyrightText != "" { + fmt.Fprintf(w, "FileCopyrightText: %s\n", textify(f.FileCopyrightText)) + } + for _, aop := range f.ArtifactOfProjects { + fmt.Fprintf(w, "ArtifactOfProjectName: %s\n", aop.Name) + if aop.HomePage != "" { + fmt.Fprintf(w, "ArtifactOfProjectHomePage: %s\n", aop.HomePage) + } + if aop.URI != "" { + fmt.Fprintf(w, "ArtifactOfProjectURI: %s\n", aop.URI) + } + } + if f.FileComment != "" { + fmt.Fprintf(w, "FileComment: %s\n", f.FileComment) + } + if f.FileNotice != "" { + fmt.Fprintf(w, "FileNotice: %s\n", f.FileNotice) + } + for _, s := range f.FileContributor { + fmt.Fprintf(w, "FileContributor: %s\n", s) + } + for _, s := range f.FileAttributionTexts { + fmt.Fprintf(w, "FileAttributionText: %s\n", textify(s)) + } + for _, s := range f.FileDependencies { + fmt.Fprintf(w, "FileDependency: %s\n", s) + } + + fmt.Fprintf(w, "\n") + + // also render any snippets for this file + // get slice of Snippet identifiers so we can sort them + snippetKeys := []string{} + for k := range f.Snippets { + snippetKeys = append(snippetKeys, string(k)) + } + sort.Strings(snippetKeys) + for _, sID := range snippetKeys { + s := f.Snippets[spdx.ElementID(sID)] + renderSnippet2_2(s, w) + } + + return nil +} diff --git a/tvsaver/saver2v2/save_file_test.go b/tvsaver/saver2v2/save_file_test.go new file mode 100644 index 0000000..1fd4fca --- /dev/null +++ b/tvsaver/saver2v2/save_file_test.go @@ -0,0 +1,253 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== File section Saver tests ===== +func TestSaver2_2FileSavesText(t *testing.T) { + f := &spdx.File2_2{ + FileName: "/tmp/whatever.txt", + FileSPDXIdentifier: spdx.ElementID("File123"), + FileType: []string{ + "TEXT", + "DOCUMENTATION", + }, + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + FileChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + FileChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "Apache-2.0", + "Apache-1.1", + }, + LicenseComments: "this is a license comment(s)", + FileCopyrightText: "Copyright (c) Jane Doe", + ArtifactOfProjects: []*spdx.ArtifactOfProject2_2{ + &spdx.ArtifactOfProject2_2{ + Name: "project1", + HomePage: "http://example.com/1/", + URI: "http://example.com/1/uri.whatever", + }, + &spdx.ArtifactOfProject2_2{ + Name: "project2", + }, + &spdx.ArtifactOfProject2_2{ + Name: "project3", + HomePage: "http://example.com/3/", + }, + &spdx.ArtifactOfProject2_2{ + Name: "project4", + URI: "http://example.com/4/uri.whatever", + }, + }, + FileComment: "this is a file comment", + FileNotice: "This file may be used under either Apache-2.0 or Apache-1.1.", + FileContributor: []string{ + "John Doe jdoe@example.com", + "EvilCorp", + }, + FileAttributionTexts: []string{ + "attributions", + }, + FileDependencies: []string{ + "f-1.txt", + "g.txt", + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`FileName: /tmp/whatever.txt +SPDXID: SPDXRef-File123 +FileType: TEXT +FileType: DOCUMENTATION +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +FileChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +FileChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +LicenseInfoInFile: Apache-1.1 +LicenseComments: this is a license comment(s) +FileCopyrightText: Copyright (c) Jane Doe +ArtifactOfProjectName: project1 +ArtifactOfProjectHomePage: http://example.com/1/ +ArtifactOfProjectURI: http://example.com/1/uri.whatever +ArtifactOfProjectName: project2 +ArtifactOfProjectName: project3 +ArtifactOfProjectHomePage: http://example.com/3/ +ArtifactOfProjectName: project4 +ArtifactOfProjectURI: http://example.com/4/uri.whatever +FileComment: this is a file comment +FileNotice: This file may be used under either Apache-2.0 or Apache-1.1. +FileContributor: John Doe jdoe@example.com +FileContributor: EvilCorp +FileAttributionText: attributions +FileDependency: f-1.txt +FileDependency: g.txt + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderFile2_2(f, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2FileSavesSnippetsAlso(t *testing.T) { + sn1 := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet19"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", + } + + sn2 := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet20"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File123"), + SnippetByteRangeStart: 268, + SnippetByteRangeEnd: 309, + SnippetLicenseConcluded: "WTFPL", + SnippetCopyrightText: "NOASSERTION", + } + + sns := map[spdx.ElementID]*spdx.Snippet2_2{ + spdx.ElementID("Snippet19"): sn1, + spdx.ElementID("Snippet20"): sn2, + } + + f := &spdx.File2_2{ + FileName: "/tmp/whatever.txt", + FileSPDXIdentifier: spdx.ElementID("File123"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "Apache-2.0", + }, + FileCopyrightText: "Copyright (c) Jane Doe", + Snippets: sns, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`FileName: /tmp/whatever.txt +SPDXID: SPDXRef-File123 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe + +SnippetSPDXIdentifier: SPDXRef-Snippet19 +SnippetFromFileSPDXID: SPDXRef-File123 +SnippetByteRange: 17:209 +SnippetLicenseConcluded: GPL-2.0-or-later +SnippetCopyrightText: Copyright (c) John Doe 20x6 + +SnippetSPDXIdentifier: SPDXRef-Snippet20 +SnippetFromFileSPDXID: SPDXRef-File123 +SnippetByteRange: 268:309 +SnippetLicenseConcluded: WTFPL +SnippetCopyrightText: NOASSERTION + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderFile2_2(f, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2FileOmitsOptionalFieldsIfEmpty(t *testing.T) { + f := &spdx.File2_2{ + FileName: "/tmp/whatever.txt", + FileSPDXIdentifier: spdx.ElementID("File123"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "Apache-2.0", + }, + FileCopyrightText: "Copyright (c) Jane Doe", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`FileName: /tmp/whatever.txt +SPDXID: SPDXRef-File123 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderFile2_2(f, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2FileWrapsCopyrightMultiLine(t *testing.T) { + f := &spdx.File2_2{ + FileName: "/tmp/whatever.txt", + FileSPDXIdentifier: spdx.ElementID("File123"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "Apache-2.0", + }, + FileCopyrightText: `Copyright (c) Jane Doe +Copyright (c) John Doe`, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`FileName: /tmp/whatever.txt +SPDXID: SPDXRef-File123 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe +Copyright (c) John Doe + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderFile2_2(f, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_other_license.go b/tvsaver/saver2v2/save_other_license.go new file mode 100644 index 0000000..eaac9ac --- /dev/null +++ b/tvsaver/saver2v2/save_other_license.go @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderOtherLicense2_2(ol *spdx.OtherLicense2_2, w io.Writer) error { + if ol.LicenseIdentifier != "" { + fmt.Fprintf(w, "LicenseID: %s\n", ol.LicenseIdentifier) + } + if ol.ExtractedText != "" { + fmt.Fprintf(w, "ExtractedText: %s\n", textify(ol.ExtractedText)) + } + if ol.LicenseName != "" { + fmt.Fprintf(w, "LicenseName: %s\n", ol.LicenseName) + } + for _, s := range ol.LicenseCrossReferences { + fmt.Fprintf(w, "LicenseCrossReference: %s\n", s) + } + if ol.LicenseComment != "" { + fmt.Fprintf(w, "LicenseComment: %s\n", textify(ol.LicenseComment)) + } + + fmt.Fprintf(w, "\n") + + return nil +} diff --git a/tvsaver/saver2v2/save_other_license_test.go b/tvsaver/saver2v2/save_other_license_test.go new file mode 100644 index 0000000..982e109 --- /dev/null +++ b/tvsaver/saver2v2/save_other_license_test.go @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Other License section Saver tests ===== +func TestSaver2_2OtherLicenseSavesText(t *testing.T) { + ol := &spdx.OtherLicense2_2{ + LicenseIdentifier: "LicenseRef-1", + ExtractedText: `License 1 text +blah blah blah +blah blah blah blah`, + LicenseName: "License 1", + LicenseCrossReferences: []string{ + "http://example.com/License1/", + "http://example.com/License1AnotherURL/", + }, + LicenseComment: "this is a license comment", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`LicenseID: LicenseRef-1 +ExtractedText: License 1 text +blah blah blah +blah blah blah blah +LicenseName: License 1 +LicenseCrossReference: http://example.com/License1/ +LicenseCrossReference: http://example.com/License1AnotherURL/ +LicenseComment: this is a license comment + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderOtherLicense2_2(ol, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2OtherLicenseOmitsOptionalFieldsIfEmpty(t *testing.T) { + ol := &spdx.OtherLicense2_2{ + LicenseIdentifier: "LicenseRef-1", + ExtractedText: `License 1 text +blah blah blah +blah blah blah blah`, + LicenseName: "License 1", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`LicenseID: LicenseRef-1 +ExtractedText: License 1 text +blah blah blah +blah blah blah blah +LicenseName: License 1 + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderOtherLicense2_2(ol, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_package.go b/tvsaver/saver2v2/save_package.go new file mode 100644 index 0000000..3a413cb --- /dev/null +++ b/tvsaver/saver2v2/save_package.go @@ -0,0 +1,127 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + "sort" + + "github.com/spdx/tools-golang/spdx" +) + +func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { + if pkg.PackageName != "" { + fmt.Fprintf(w, "PackageName: %s\n", pkg.PackageName) + } + if pkg.PackageSPDXIdentifier != "" { + fmt.Fprintf(w, "SPDXID: %s\n", spdx.RenderElementID(pkg.PackageSPDXIdentifier)) + } + if pkg.PackageVersion != "" { + fmt.Fprintf(w, "PackageVersion: %s\n", pkg.PackageVersion) + } + if pkg.PackageFileName != "" { + fmt.Fprintf(w, "PackageFileName: %s\n", pkg.PackageFileName) + } + if pkg.PackageSupplierPerson != "" { + fmt.Fprintf(w, "PackageSupplier: Person: %s\n", pkg.PackageSupplierPerson) + } + if pkg.PackageSupplierOrganization != "" { + fmt.Fprintf(w, "PackageSupplier: Organization: %s\n", pkg.PackageSupplierOrganization) + } + if pkg.PackageSupplierNOASSERTION == true { + fmt.Fprintf(w, "PackageSupplier: NOASSERTION\n") + } + if pkg.PackageOriginatorPerson != "" { + fmt.Fprintf(w, "PackageOriginator: Person: %s\n", pkg.PackageOriginatorPerson) + } + if pkg.PackageOriginatorOrganization != "" { + fmt.Fprintf(w, "PackageOriginator: Organization: %s\n", pkg.PackageOriginatorOrganization) + } + if pkg.PackageOriginatorNOASSERTION == true { + fmt.Fprintf(w, "PackageOriginator: NOASSERTION\n") + } + if pkg.PackageDownloadLocation != "" { + fmt.Fprintf(w, "PackageDownloadLocation: %s\n", pkg.PackageDownloadLocation) + } + if pkg.FilesAnalyzed == true { + if pkg.IsFilesAnalyzedTagPresent == true { + fmt.Fprintf(w, "FilesAnalyzed: true\n") + } + } else { + fmt.Fprintf(w, "FilesAnalyzed: false\n") + } + if pkg.PackageVerificationCode != "" && pkg.FilesAnalyzed == true { + if pkg.PackageVerificationCodeExcludedFile == "" { + fmt.Fprintf(w, "PackageVerificationCode: %s\n", pkg.PackageVerificationCode) + } else { + fmt.Fprintf(w, "PackageVerificationCode: %s (excludes %s)\n", pkg.PackageVerificationCode, pkg.PackageVerificationCodeExcludedFile) + } + } + if pkg.PackageChecksumSHA1 != "" { + fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksumSHA1) + } + if pkg.PackageChecksumSHA256 != "" { + fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksumSHA256) + } + if pkg.PackageChecksumMD5 != "" { + fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksumMD5) + } + if pkg.PackageHomePage != "" { + fmt.Fprintf(w, "PackageHomePage: %s\n", pkg.PackageHomePage) + } + if pkg.PackageSourceInfo != "" { + fmt.Fprintf(w, "PackageSourceInfo: %s\n", textify(pkg.PackageSourceInfo)) + } + if pkg.PackageLicenseConcluded != "" { + fmt.Fprintf(w, "PackageLicenseConcluded: %s\n", pkg.PackageLicenseConcluded) + } + if pkg.FilesAnalyzed == true { + for _, s := range pkg.PackageLicenseInfoFromFiles { + fmt.Fprintf(w, "PackageLicenseInfoFromFiles: %s\n", s) + } + } + if pkg.PackageLicenseDeclared != "" { + fmt.Fprintf(w, "PackageLicenseDeclared: %s\n", pkg.PackageLicenseDeclared) + } + if pkg.PackageLicenseComments != "" { + fmt.Fprintf(w, "PackageLicenseComments: %s\n", textify(pkg.PackageLicenseComments)) + } + if pkg.PackageCopyrightText != "" { + fmt.Fprintf(w, "PackageCopyrightText: %s\n", pkg.PackageCopyrightText) + } + if pkg.PackageSummary != "" { + fmt.Fprintf(w, "PackageSummary: %s\n", textify(pkg.PackageSummary)) + } + if pkg.PackageDescription != "" { + fmt.Fprintf(w, "PackageDescription: %s\n", textify(pkg.PackageDescription)) + } + if pkg.PackageComment != "" { + fmt.Fprintf(w, "PackageComment: %s\n", textify(pkg.PackageComment)) + } + for _, s := range pkg.PackageExternalReferences { + fmt.Fprintf(w, "ExternalRef: %s %s %s\n", s.Category, s.RefType, s.Locator) + if s.ExternalRefComment != "" { + fmt.Fprintf(w, "ExternalRefComment: %s\n", s.ExternalRefComment) + } + } + for _, s := range pkg.PackageAttributionTexts { + fmt.Fprintf(w, "PackageAttributionText: %s\n", textify(s)) + } + + fmt.Fprintf(w, "\n") + + // also render any files for this package + // get slice of File identifiers so we can sort them + fileKeys := []string{} + for k := range pkg.Files { + fileKeys = append(fileKeys, string(k)) + } + sort.Strings(fileKeys) + for _, fiID := range fileKeys { + fi := pkg.Files[spdx.ElementID(fiID)] + renderFile2_2(fi, w) + } + + return nil +} diff --git a/tvsaver/saver2v2/save_package_test.go b/tvsaver/saver2v2/save_package_test.go new file mode 100644 index 0000000..466ff7f --- /dev/null +++ b/tvsaver/saver2v2/save_package_test.go @@ -0,0 +1,430 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Package section Saver tests ===== +func TestSaver2_2PackageSavesTextCombo1(t *testing.T) { + // include package external refs + // test Supplier:Organization, Originator:Person + // FilesAnalyzed true, IsFilesAnalyzedTagPresent true + // PackageVerificationCodeExcludedFile has string + + // NOTE, this is an entirely made up CPE and the format is likely invalid + per1 := &spdx.PackageExternalReference2_2{ + Category: "SECURITY", + RefType: "cpe22Type", + Locator: "cpe:/a:john_doe_inc:p1:0.1.0", + ExternalRefComment: "this is an external ref comment #1", + } + + // NOTE, this is an entirely made up NPM + per2 := &spdx.PackageExternalReference2_2{ + Category: "PACKAGE-MANAGER", + RefType: "npm", + Locator: "p1@0.1.0", + // no ExternalRefComment for this one + } + + // NOTE, this is an entirely made up SWH persistent ID + per3 := &spdx.PackageExternalReference2_2{ + Category: "PERSISTENT-ID", + RefType: "swh", + Locator: "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", + // no ExternalRefComment for this one + } + + per4 := &spdx.PackageExternalReference2_2{ + Category: "OTHER", + RefType: "anything", + Locator: "anything-without-spaces-can-go-here", + // no ExternalRefComment for this one + } + + pkg := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplierOrganization: "John Doe, Inc.", + PackageOriginatorPerson: "John Doe", + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageVerificationCodeExcludedFile: "p1-0.1.0.spdx", + PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{"Include this notice in all advertising materials"}, + PackageExternalReferences: []*spdx.PackageExternalReference2_2{ + per1, + per2, + per3, + per4, + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: Organization: John Doe, Inc. +PackageOriginator: Person: John Doe +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: true +PackageVerificationCode: 0123456789abcdef0123456789abcdef01234567 (excludes p1-0.1.0.spdx) +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseInfoFromFiles: Apache-1.1 +PackageLicenseInfoFromFiles: Apache-2.0 +PackageLicenseInfoFromFiles: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +ExternalRef: SECURITY cpe22Type cpe:/a:john_doe_inc:p1:0.1.0 +ExternalRefComment: this is an external ref comment #1 +ExternalRef: PACKAGE-MANAGER npm p1@0.1.0 +ExternalRef: PERSISTENT-ID swh swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 +ExternalRef: OTHER anything anything-without-spaces-can-go-here +PackageAttributionText: Include this notice in all advertising materials + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_2(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2PackageSavesTextCombo2(t *testing.T) { + // no package external refs + // test Supplier:NOASSERTION, Originator:Organization + // FilesAnalyzed true, IsFilesAnalyzedTagPresent false + // PackageVerificationCodeExcludedFile is empty + + pkg := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplierNOASSERTION: true, + PackageOriginatorOrganization: "John Doe, Inc.", + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{"Include this notice in all advertising materials"}, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: NOASSERTION +PackageOriginator: Organization: John Doe, Inc. +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +PackageVerificationCode: 0123456789abcdef0123456789abcdef01234567 +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseInfoFromFiles: Apache-1.1 +PackageLicenseInfoFromFiles: Apache-2.0 +PackageLicenseInfoFromFiles: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +PackageAttributionText: Include this notice in all advertising materials + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_2(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2PackageSavesTextCombo3(t *testing.T) { + // no package external refs + // test Supplier:Person, Originator:NOASSERTION + // FilesAnalyzed false, IsFilesAnalyzedTagPresent true + // PackageVerificationCodeExcludedFile is empty + // three PackageAttributionTexts, one with multi-line text + + pkg := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageVersion: "0.1.0", + PackageFileName: "p1-0.1.0-master.tar.gz", + PackageSupplierPerson: "John Doe", + PackageOriginatorNOASSERTION: true, + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output + // since FilesAnalyzed is false + PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", + PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageLicenseComments: "this is a license comment(s)", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + PackageSummary: "this is a summary comment", + PackageDescription: "this is a description comment", + PackageComment: "this is a comment comment", + PackageAttributionTexts: []string{ + "Include this notice in all advertising materials", + "and also this notice", + `and this multi-line notice +which goes across two lines`, + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageVersion: 0.1.0 +PackageFileName: p1-0.1.0-master.tar.gz +PackageSupplier: Person: John Doe +PackageOriginator: NOASSERTION +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://example.com/p1 +PackageSourceInfo: this is a source comment +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageLicenseComments: this is a license comment(s) +PackageCopyrightText: Copyright (c) John Doe, Inc. +PackageSummary: this is a summary comment +PackageDescription: this is a description comment +PackageComment: this is a comment comment +PackageAttributionText: Include this notice in all advertising materials +PackageAttributionText: and also this notice +PackageAttributionText: and this multi-line notice +which goes across two lines + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_2(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2PackageSaveOmitsOptionalFieldsIfEmpty(t *testing.T) { + pkg := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output, + // even if present in model, since FilesAnalyzed is false + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // even if present in model, since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: Copyright (c) John Doe, Inc. + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_2(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2PackageSavesFilesIfPresent(t *testing.T) { + f1 := &spdx.File2_2{ + FileName: "/tmp/whatever1.txt", + FileSPDXIdentifier: spdx.ElementID("File1231"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", + } + + f2 := &spdx.File2_2{ + FileName: "/tmp/whatever2.txt", + FileSPDXIdentifier: spdx.ElementID("File1232"), + FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", + } + + pkg := &spdx.Package2_2{ + PackageName: "p1", + PackageSPDXIdentifier: spdx.ElementID("p1"), + PackageDownloadLocation: "http://example.com/p1/p1-0.1.0-master.tar.gz", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + // NOTE that verification code MUST be omitted from output, + // even if present in model, since FilesAnalyzed is false + PackageLicenseConcluded: "GPL-2.0-or-later", + // NOTE that license info from files MUST be omitted from output + // even if present in model, since FilesAnalyzed is false + PackageLicenseInfoFromFiles: []string{ + "Apache-1.1", + "Apache-2.0", + "GPL-2.0-or-later", + }, + PackageLicenseDeclared: "Apache-2.0 OR GPL-2.0-or-later", + PackageCopyrightText: "Copyright (c) John Doe, Inc.", + Files: map[spdx.ElementID]*spdx.File2_2{ + spdx.ElementID("File1231"): f1, + spdx.ElementID("File1232"): f2, + }, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`PackageName: p1 +SPDXID: SPDXRef-p1 +PackageDownloadLocation: http://example.com/p1/p1-0.1.0-master.tar.gz +FilesAnalyzed: false +PackageLicenseConcluded: GPL-2.0-or-later +PackageLicenseDeclared: Apache-2.0 OR GPL-2.0-or-later +PackageCopyrightText: Copyright (c) John Doe, Inc. + +FileName: /tmp/whatever1.txt +SPDXID: SPDXRef-File1231 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright (c) Jane Doe + +FileName: /tmp/whatever2.txt +SPDXID: SPDXRef-File1232 +FileChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983d +LicenseConcluded: MIT +LicenseInfoInFile: MIT +FileCopyrightText: Copyright (c) John Doe + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderPackage2_2(pkg, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_relationship.go b/tvsaver/saver2v2/save_relationship.go new file mode 100644 index 0000000..cff5a4a --- /dev/null +++ b/tvsaver/saver2v2/save_relationship.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderRelationship2_2(rln *spdx.Relationship2_2, w io.Writer) error { + rlnAStr := spdx.RenderDocElementID(rln.RefA) + rlnBStr := spdx.RenderDocElementID(rln.RefB) + if rlnAStr != "SPDXRef-" && rlnBStr != "SPDXRef-" && rln.Relationship != "" { + fmt.Fprintf(w, "Relationship: %s %s %s\n", rlnAStr, rln.Relationship, rlnBStr) + } + if rln.RelationshipComment != "" { + fmt.Fprintf(w, "RelationshipComment: %s\n", rln.RelationshipComment) + } + + return nil +} diff --git a/tvsaver/saver2v2/save_relationship_test.go b/tvsaver/saver2v2/save_relationship_test.go new file mode 100644 index 0000000..eecbb6c --- /dev/null +++ b/tvsaver/saver2v2/save_relationship_test.go @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Relationship section Saver tests ===== +func TestSaver2_2RelationshipSavesText(t *testing.T) { + rln := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "2"), + Relationship: "DESCRIBES", + RelationshipComment: "this is a comment", + } + + // what we want to get, as a buffer of bytes + // no trailing blank newline + want := bytes.NewBufferString(`Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-2 +RelationshipComment: this is a comment +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderRelationship2_2(rln, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2RelationshipOmitsOptionalFieldsIfEmpty(t *testing.T) { + rln := &spdx.Relationship2_2{ + RefA: spdx.MakeDocElementID("", "DOCUMENT"), + RefB: spdx.MakeDocElementID("", "2"), + Relationship: "DESCRIBES", + } + + // what we want to get, as a buffer of bytes + // no trailing blank newline + want := bytes.NewBufferString("Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-2\n") + + // render as buffer of bytes + var got bytes.Buffer + err := renderRelationship2_2(rln, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_review.go b/tvsaver/saver2v2/save_review.go new file mode 100644 index 0000000..5e2da6e --- /dev/null +++ b/tvsaver/saver2v2/save_review.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderReview2_2(rev *spdx.Review2_2, w io.Writer) error { + if rev.Reviewer != "" && rev.ReviewerType != "" { + fmt.Fprintf(w, "Reviewer: %s: %s\n", rev.ReviewerType, rev.Reviewer) + } + if rev.ReviewDate != "" { + fmt.Fprintf(w, "ReviewDate: %s\n", rev.ReviewDate) + } + if rev.ReviewComment != "" { + fmt.Fprintf(w, "ReviewComment: %s\n", rev.ReviewComment) + } + + fmt.Fprintf(w, "\n") + + return nil +} diff --git a/tvsaver/saver2v2/save_review_test.go b/tvsaver/saver2v2/save_review_test.go new file mode 100644 index 0000000..15fa28d --- /dev/null +++ b/tvsaver/saver2v2/save_review_test.go @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Review section Saver tests ===== +func TestSaver2_2ReviewSavesText(t *testing.T) { + rev := &spdx.Review2_2{ + Reviewer: "John Doe", + ReviewerType: "Person", + ReviewDate: "2018-10-14T10:28:00Z", + ReviewComment: "this is a review comment", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`Reviewer: Person: John Doe +ReviewDate: 2018-10-14T10:28:00Z +ReviewComment: this is a review comment + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderReview2_2(rev, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2ReviewOmitsOptionalFieldsIfEmpty(t *testing.T) { + rev := &spdx.Review2_2{ + Reviewer: "John Doe", + ReviewerType: "Person", + ReviewDate: "2018-10-14T10:28:00Z", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`Reviewer: Person: John Doe +ReviewDate: 2018-10-14T10:28:00Z + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderReview2_2(rev, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/save_snippet.go b/tvsaver/saver2v2/save_snippet.go new file mode 100644 index 0000000..5cf2f2a --- /dev/null +++ b/tvsaver/saver2v2/save_snippet.go @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "io" + + "github.com/spdx/tools-golang/spdx" +) + +func renderSnippet2_2(sn *spdx.Snippet2_2, w io.Writer) error { + if sn.SnippetSPDXIdentifier != "" { + fmt.Fprintf(w, "SnippetSPDXIdentifier: %s\n", spdx.RenderElementID(sn.SnippetSPDXIdentifier)) + } + snFromFileIDStr := spdx.RenderDocElementID(sn.SnippetFromFileSPDXIdentifier) + if snFromFileIDStr != "" { + fmt.Fprintf(w, "SnippetFromFileSPDXID: %s\n", snFromFileIDStr) + } + if sn.SnippetByteRangeStart != 0 && sn.SnippetByteRangeEnd != 0 { + fmt.Fprintf(w, "SnippetByteRange: %d:%d\n", sn.SnippetByteRangeStart, sn.SnippetByteRangeEnd) + } + if sn.SnippetLineRangeStart != 0 && sn.SnippetLineRangeEnd != 0 { + fmt.Fprintf(w, "SnippetLineRange: %d:%d\n", sn.SnippetLineRangeStart, sn.SnippetLineRangeEnd) + } + if sn.SnippetLicenseConcluded != "" { + fmt.Fprintf(w, "SnippetLicenseConcluded: %s\n", sn.SnippetLicenseConcluded) + } + for _, s := range sn.LicenseInfoInSnippet { + fmt.Fprintf(w, "LicenseInfoInSnippet: %s\n", s) + } + if sn.SnippetLicenseComments != "" { + fmt.Fprintf(w, "SnippetLicenseComments: %s\n", textify(sn.SnippetLicenseComments)) + } + if sn.SnippetCopyrightText != "" { + fmt.Fprintf(w, "SnippetCopyrightText: %s\n", sn.SnippetCopyrightText) + } + if sn.SnippetComment != "" { + fmt.Fprintf(w, "SnippetComment: %s\n", textify(sn.SnippetComment)) + } + if sn.SnippetName != "" { + fmt.Fprintf(w, "SnippetName: %s\n", sn.SnippetName) + } + for _, s := range sn.SnippetAttributionTexts { + fmt.Fprintf(w, "SnippetAttributionText: %s\n", textify(s)) + } + + fmt.Fprintf(w, "\n") + + return nil +} diff --git a/tvsaver/saver2v2/save_snippet_test.go b/tvsaver/saver2v2/save_snippet_test.go new file mode 100644 index 0000000..72378b4 --- /dev/null +++ b/tvsaver/saver2v2/save_snippet_test.go @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== Snippet section Saver tests ===== +func TestSaver2_2SnippetSavesText(t *testing.T) { + sn := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLineRangeStart: 3, + SnippetLineRangeEnd: 8, + SnippetLicenseConcluded: "GPL-2.0-or-later", + LicenseInfoInSnippet: []string{ + "GPL-2.0-or-later", + "MIT", + }, + SnippetLicenseComments: "this is a comment(s) about the snippet license", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", + SnippetComment: "this is a snippet comment", + SnippetName: "from John's program", + SnippetAttributionTexts: []string{"some attributions"}, + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`SnippetSPDXIdentifier: SPDXRef-Snippet17 +SnippetFromFileSPDXID: SPDXRef-File292 +SnippetByteRange: 17:209 +SnippetLineRange: 3:8 +SnippetLicenseConcluded: GPL-2.0-or-later +LicenseInfoInSnippet: GPL-2.0-or-later +LicenseInfoInSnippet: MIT +SnippetLicenseComments: this is a comment(s) about the snippet license +SnippetCopyrightText: Copyright (c) John Doe 20x6 +SnippetComment: this is a snippet comment +SnippetName: from John's program +SnippetAttributionText: some attributions + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderSnippet2_2(sn, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} + +func TestSaver2_2SnippetOmitsOptionalFieldsIfEmpty(t *testing.T) { + sn := &spdx.Snippet2_2{ + SnippetSPDXIdentifier: spdx.ElementID("Snippet17"), + SnippetFromFileSPDXIdentifier: spdx.MakeDocElementID("", "File292"), + SnippetByteRangeStart: 17, + SnippetByteRangeEnd: 209, + SnippetLicenseConcluded: "GPL-2.0-or-later", + SnippetCopyrightText: "Copyright (c) John Doe 20x6", + } + + // what we want to get, as a buffer of bytes + want := bytes.NewBufferString(`SnippetSPDXIdentifier: SPDXRef-Snippet17 +SnippetFromFileSPDXID: SPDXRef-File292 +SnippetByteRange: 17:209 +SnippetLicenseConcluded: GPL-2.0-or-later +SnippetCopyrightText: Copyright (c) John Doe 20x6 + +`) + + // render as buffer of bytes + var got bytes.Buffer + err := renderSnippet2_2(sn, &got) + if err != nil { + t.Errorf("Expected nil error, got %v", err) + } + + // check that they match + c := bytes.Compare(want.Bytes(), got.Bytes()) + if c != 0 { + t.Errorf("Expected %v, got %v", want.String(), got.String()) + } +} diff --git a/tvsaver/saver2v2/util.go b/tvsaver/saver2v2/util.go new file mode 100644 index 0000000..988d2be --- /dev/null +++ b/tvsaver/saver2v2/util.go @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "fmt" + "strings" +) + +func textify(s string) string { + if strings.Contains(s, "\n") { + return fmt.Sprintf("%s", s) + } + + return s +} diff --git a/tvsaver/saver2v2/util_test.go b/tvsaver/saver2v2/util_test.go new file mode 100644 index 0000000..cdbf6f5 --- /dev/null +++ b/tvsaver/saver2v2/util_test.go @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "testing" +) + +// ===== Utility function tests ===== +func TestTextifyWrapsStringWithNewline(t *testing.T) { + s := `this text has +a newline in it` + want := `this text has +a newline in it` + + got := textify(s) + + if want != got { + t.Errorf("Expected %s, got %s", want, got) + } +} + +func TestTextifyDoesNotWrapsStringWithNoNewline(t *testing.T) { + s := `this text has no newline in it` + want := s + + got := textify(s) + + if want != got { + t.Errorf("Expected %s, got %s", want, got) + } +} diff --git a/tvsaver/tvsaver.go b/tvsaver/tvsaver.go index 3f09d91..002b0e9 100644 --- a/tvsaver/tvsaver.go +++ b/tvsaver/tvsaver.go @@ -8,6 +8,7 @@ import ( "github.com/spdx/tools-golang/spdx" "github.com/spdx/tools-golang/tvsaver/saver2v1" + "github.com/spdx/tools-golang/tvsaver/saver2v2" ) // Save2_1 takes an io.Writer and an SPDX Document (version 2.1), @@ -16,3 +17,10 @@ import ( func Save2_1(doc *spdx.Document2_1, w io.Writer) error { return saver2v1.RenderDocument2_1(doc, w) } + +// Save2_2 takes an io.Writer and an SPDX Document (version 2.2), +// and writes it to the writer in tag-value format. It returns error +// if any error is encountered. +func Save2_2(doc *spdx.Document2_2, w io.Writer) error { + return saver2v2.RenderDocument2_2(doc, w) +} -- cgit v1.2.3