def test_document_validate_failures_returns_informative_messages(self): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) pack = doc.package = Package('some/path', NoAssert()) file1 = File('./some/path/tofile') file1.name = './some/path/tofile' file1.spdx_id = 'SPDXRef-File' file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1') lic1 = License.from_identifier('LGPL-2.1-only') file1.add_lics(lic1) pack.add_lics_from_file(lic1) messages = [] messages = doc.validate(messages) expected = [ 'No creators defined, must have at least one.', 'Creation info missing created date.', 'Package checksum must be instance of spdx.checksum.Algorithm', 'Package download_location can not be None.', 'Package verif_code can not be None.', 'Package cr_text can not be None.', 'Package must have at least one file.', 'Package concluded license must be instance of spdx.utils.SPDXNone ' 'or spdx.utils.NoAssert or spdx.document.License', 'Package declared license must be instance of spdx.utils.SPDXNone ' 'or spdx.utils.NoAssert or spdx.document.License' ] assert expected == messages
def _get_lgpl_doc(self, or_later=False): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) doc.creation_info.add_creator(Tool('ScanCode')) doc.creation_info.set_created_now() package = doc.package = Package(name='some/path', download_location=NoAssert()) package.cr_text = 'Some copyrught' package.verif_code = 'SOME code' package.license_declared = NoAssert() package.conc_lics = NoAssert() file1 = File('./some/path/tofile') file1.name = './some/path/tofile' file1.spdx_id = 'SPDXRef-File' file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1') file1.conc_lics = NoAssert() file1.copyright = NoAssert() lic1 = License.from_identifier('LGPL-2.1') if or_later: lic1 = License.from_identifier('LGPL-2.1+') file1.add_lics(lic1) package.add_lics_from_file(lic1) package.add_file(file1) return doc
def test_document_is_valid_when_using_or_later_licenses(self): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) doc.creation_info.add_creator(Tool('ScanCode')) doc.creation_info.set_created_now() package = doc.package = Package(name='some/path', download_location=NoAssert()) package.spdx_id = 'SPDXRef-Package' package.cr_text = 'Some copyrught' package.verif_code = 'SOME code' package.license_declared = NoAssert() package.conc_lics = NoAssert() file1 = File('./some/path/tofile') file1.name = './some/path/tofile' file1.spdx_id = 'SPDXRef-File' file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1') file1.conc_lics = NoAssert() file1.copyright = NoAssert() lic1 = License.from_identifier('LGPL-2.1-or-later') file1.add_lics(lic1) package.add_lics_from_file(lic1) package.add_file(file1) messages = ErrorMessages() messages = doc.validate(messages) assert not messages
def test_document_validate_failures_returns_informative_messages(self): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) pack = doc.package = Package('some/path', NoAssert()) file1 = File('./some/path/tofile') file1.name = './some/path/tofile' file1.spdx_id = 'SPDXRef-File' file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1') lic1 = License.from_identifier('LGPL-2.1') file1.add_lics(lic1) pack.add_lics_from_file(lic1) messages = [] is_valid = doc.validate(messages) assert not is_valid expected = ['No creators defined, must have at least one.'] assert expected == messages
def generate_spdx_file(self) -> File: """Generates the SPDX file. SPDX File example: FileName: ./tests/test_mbed_targets.py SPDXID: SPDXRef-cb9cce30c285e6083c2d19a463cbe592 FileChecksum: SHA1: d3db49873bd2b1cab45bf81e7d88617dea6caaff LicenseConcluded: NOASSERTION FileCopyrightText: NONE Returns: the corresponding file """ source_file = File(determine_spdx_value(self.unix_relative_path)) source_file.type = FileType.SOURCE source_file.comment = determine_spdx_value(None) source_file.chk_sum = Algorithm("SHA1", self.sha1_check_sum) source_file.conc_lics = License.from_identifier( str(determine_spdx_value(self.licence))) source_file.spdx_id = f"SPDXRef-{self.id}" source_file.copyright = determine_spdx_value(self.copyright) source_file.add_lics( License.from_identifier(str(determine_spdx_value(self.licence)))) return source_file
def create_spdx_document(self): """ Write identifier scan results as SPDX Tag/value or RDF. """ logging.basicConfig(level=logging.INFO) logging.info("Creating spdx document") self.get_output_file() self.spdx_document = Document( version=Version(2, 1), data_license=License.from_identifier( self.code_extra_params["lic_identifier"]), ) self.set_creation_info() if isdir(self.path_or_file): input_path = self.path_or_file else: input_path = dirname(self.path_or_file) package = self.spdx_document.package = Package( download_location=NoAssert(), version=self.get_package_version()) self.set_package_info(package) all_files_have_no_license = True all_files_have_no_copyright = True file_license_list = [] file_license_ids = [] if is_dir(self.path_or_file): for idx, file_data in enumerate(self.id_scan_results): file_data_instance = open(file_data["FileName"], "r") if not should_skip_file(file_data["FileName"], self.output_file_name): name = file_data["FileName"].replace( self.path_or_file, ".") file_entry = File( name=name, chk_sum=Algorithm( "SHA1", get_file_hash(file_data["FileName"]) or ""), ) spdx_license = None if self.doc_type == TAG_VALUE: spdx_license = License.from_identifier( file_data["SPDXID"]) else: licenseref_id = "SPDXID-Doc-Generator-" + file_data[ "SPDXID"] file_license_ids.append(licenseref_id) if licenseref_id in file_license_ids: spdx_license = ExtractedLicense(licenseref_id) spdx_license.name = NoAssert() comment = "N/A" spdx_license.comment = comment text = NoAssert() if not text: text = comment spdx_license.text = text self.spdx_document.add_extr_lic(spdx_license) package.add_lics_from_file(spdx_license) file_entry.add_lics(spdx_license) file_license_list.append(spdx_license) file_entry.conc_lics = NoAssert() file_entry.copyright = SPDXNone() file_entry.spdx_id = self.code_extra_params[ "file_ref"].format(idx + 1) package.add_file(file_entry) if self.doc_type == TAG_VALUE: for spdx_license in list(set(file_license_list)): package.add_lics_from_file(spdx_license) if len(package.files) == 0: if self.doc_type == TAG_VALUE: self.output_file.write( "# No results for package '{}'.\n".format(package.name)) else: self.output_file.write( "<!-- No results for package '{}'. -->\n".format( package.name)) if self.doc_type == TAG_VALUE: from spdx.writers.tagvalue import write_document # NOQA else: from spdx.writers.rdf import write_document # NOQA if package.files: spdx_output = io.StringIO() if self.doc_type == TAG_VALUE: write_document(self.spdx_document, spdx_output, validate=False) logging.info("SPDX Tag-Value Document created successfully.") else: # spdx_output = io.BytesIO() write_document(self.spdx_document, spdx_output, validate=False) logging.info("SPDX RDF Document created successfully.") result = spdx_output.getvalue() if self.doc_type == TAG_VALUE: result = result.encode("utf-8") self.output_file.write(result)
doc.version = Version(1, 2) doc.name = "Hello SPDX" doc.spdx_id = "Test#SPDXRef-DOCUMENT" doc.comment = "Example Document" doc.namespace = "spdx" doc.data_license = License.from_identifier("CC0-1.0") doc.creation_info.add_creator(Person("Alice", "*****@*****.**")) doc.creation_info.set_created_now() review = Review(Person("Joe", None)) review.set_review_date_now() review.comment = "Joe reviewed this document" doc.add_review(review) # File testfile1 = File("TestFile1") testfile1.type = FileType.BINARY testfile1.spdx_id = "TestFilet#SPDXRef-FILE" testfile1.comment = "This is a test file." testfile1.chk_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad") testfile1.conc_lics = License.from_identifier("BSD-2-Clause") testfile1.add_lics(License.from_identifier("BSD-2-Clause")) testfile1.copyright = SPDXNone() testfile1.add_artifact("name", "TagWriteTest") testfile1.add_artifact("home", UnKnown()) testfile1.add_artifact("uri", "http://tagwritetest.test") testfile2 = File("TestFile2") testfile2.type = FileType.SOURCE testfile2.spdx_id = "TestFile2#SPDXRef-FILE" testfile2.comment = "This is a test file." testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113") testfile2.conc_lics = License.from_identifier("Apache-2.0")
def create(self): """ Write identifier scan results as SPDX Tag/value or RDF. """ self.get_output_file() self.spdx_document = Document( version=Version(2, 1), data_license=License.from_identifier( self.code_extra_params["lic_identifier"])) self.set_creation_info() if isdir(self.path_or_file): input_path = self.path_or_file else: input_path = dirname(self.path_or_file) package = self.spdx_document.package = Package( download_location=NoAssert(), version=self.get_package_version()) self.set_package_info(package) all_files_have_no_license = True all_files_have_no_copyright = True file_license_list = [] file_license_ids = [] bar = Bar('Writing to spdx file', max=len(self.id_scan_results)) if isPath(self.path_or_file): for idx, file_data in enumerate(self.id_scan_results): file_data_instance = open(file_data["FileName"], "r") if not shouldSkipFile(file_data["FileName"], self.output_file_name): name = file_data["FileName"].replace( self.path_or_file, '.') file_entry = File(name=name, chk_sum=Algorithm( 'SHA1', get_file_hash(file_data["FileName"]) or '')) spdx_license = None if self.doc_type == TAG_VALUE: spdx_license = License.from_identifier( file_data["SPDXID"]) else: licenseref_id = 'SPDXID-Doc-Generator-' + file_data[ "SPDXID"] file_license_ids.append(licenseref_id) if licenseref_id in file_license_ids: spdx_license = ExtractedLicense(licenseref_id) spdx_license.name = NoAssert() comment = "N/A" spdx_license.comment = comment text = NoAssert() if not text: text = comment spdx_license.text = text self.spdx_document.add_extr_lic(spdx_license) package.add_lics_from_file(spdx_license) file_entry.add_lics(spdx_license) file_license_list.append(spdx_license) file_entry.conc_lics = NoAssert() file_entry.copyright = SPDXNone() file_entry.spdx_id = self.code_extra_params[ "file_ref"].format(idx + 1) package.add_file(file_entry) bar.next() if self.doc_type == TAG_VALUE: for spdx_license in list(set(file_license_list)): package.add_lics_from_file(spdx_license) bar.finish() if len(package.files) == 0: if self.doc_type == TAG_VALUE: self.output_file.write( "# No results for package '{}'.\n".format(package.name)) else: self.output_file.write( "<!-- No results for package '{}'. -->\n".format( package.name)) if self.doc_type == TAG_VALUE: from spdx.writers.tagvalue import write_document # NOQA else: from spdx.writers.rdf import write_document # NOQA if package.files: spdx_output = io.StringIO() if self.doc_type == TAG_VALUE: write_document(self.spdx_document, spdx_output, validate=True) else: spdx_output = io.BytesIO() write_document(self.spdx_document, spdx_output, validate=True) result = spdx_output.getvalue() if self.doc_type == TAG_VALUE: result = result.encode('utf-8') self.output_file.write(result)