Beispiel #1
0
    def test_document_multiple_packages(self):
        doc = Document(
            Version(2, 1),
            License.from_identifier('CC0-1.0'),
            'Sample_Document-V2.1',
            spdx_id='SPDXRef-DOCUMENT',
            namespace=
            'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
        )
        doc.creation_info.add_creator(Tool('ScanCode'))
        doc.creation_info.set_created_now()

        package1 = Package(name='some/path1', download_location=NoAssert())
        package1.spdx_id = 'SPDXRef-Package1'
        package1.cr_text = 'Some copyrught'
        package1.files_verified = False
        package1.license_declared = NoAssert()
        package1.conc_lics = NoAssert()
        doc.add_package(package1)

        package2 = Package(name='some/path2', download_location=NoAssert())
        package2.spdx_id = 'SPDXRef-Package2'
        package2.cr_text = 'Some copyrught'
        package2.files_verified = False
        package2.license_declared = NoAssert()
        package2.conc_lics = NoAssert()
        doc.add_package(package2)

        assert len(doc.packages) == 2
Beispiel #2
0
        def add_package(package, parent=None):
            """ Function to recursively add a package and it's deps"""
            spdxpackage = SpdxPackage(name=package.package_name,
                                      version=package.version)
            spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}'
            id_count[0] += 1
            spdxpackage.homepage = SPDXNone()
            spdxpackage.cr_text = NoAssert()
            spdxpackage.download_location = UnKnown()
            spdxpackage.files_analyzed = False
            spdxpackage.conc_lics = NoAssert()
            spdxpackage.license_declared = NoAssert()
            spdxpackage.licenses_from_files = [NoAssert()]
            # if we have a parent be sure to list the relationship
            if parent != None:
                spdxpackage.add_relationship(
                    Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF,
                                 parent))

            # go through the same process for depenedencies
            for dep in package.dependencies:
                add_package(dep, parent=spdxpackage)

            # finally add it to the document
            doc.add_package(spdxpackage)
Beispiel #3
0
    testfile2 = File("TestFile2")
    testfile2.type = FileType.SOURCE
    testfile2.spdx_id = "TestFile2#SPDXRef-FILE"
    testfile2.comment = "This is a test file."
    testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
    testfile2.conc_lics = License.from_identifier("Apache-2.0")
    testfile2.add_lics(License.from_identifier("Apache-2.0"))
    testfile2.copyright = NoAssert()

    # Package
    package = Package()
    package.name = "TagWriteTest"
    package.version = "1.0"
    package.file_name = "twt.jar"
    package.spdx_id = 'TestPackage#SPDXRef-PACKAGE'
    package.download_location = "http://www.tagwritetest.test/download"
    package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
    package.homepage = SPDXNone()
    package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba"
    license_set = LicenseConjunction(
        License.from_identifier("Apache-2.0"), License.from_identifier("BSD-2-Clause")
    )
    package.conc_lics = license_set
    package.license_declared = license_set
    package.add_lics_from_file(License.from_identifier("Apache-2.0"))
    package.add_lics_from_file(License.from_identifier("BSD-2-Clause"))
    package.cr_text = NoAssert()
    package.summary = "Simple package."
    package.description = "Really simple package."
    package.add_file(testfile1)