def test_document_multiple_packages(self): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) doc.creation_info.add_creator(Tool('ScanCode')) doc.creation_info.set_created_now() package1 = Package(name='some/path1', download_location=NoAssert()) package1.spdx_id = 'SPDXRef-Package1' package1.cr_text = 'Some copyrught' package1.files_verified = False package1.license_declared = NoAssert() package1.conc_lics = NoAssert() doc.add_package(package1) package2 = Package(name='some/path2', download_location=NoAssert()) package2.spdx_id = 'SPDXRef-Package2' package2.cr_text = 'Some copyrught' package2.files_verified = False package2.license_declared = NoAssert() package2.conc_lics = NoAssert() doc.add_package(package2) assert len(doc.packages) == 2
def add_package(package, parent=None): """ Function to recursively add a package and it's deps""" spdxpackage = SpdxPackage(name=package.package_name, version=package.version) spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}' id_count[0] += 1 spdxpackage.homepage = SPDXNone() spdxpackage.cr_text = NoAssert() spdxpackage.download_location = UnKnown() spdxpackage.files_analyzed = False spdxpackage.conc_lics = NoAssert() spdxpackage.license_declared = NoAssert() spdxpackage.licenses_from_files = [NoAssert()] # if we have a parent be sure to list the relationship if parent != None: spdxpackage.add_relationship( Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF, parent)) # go through the same process for depenedencies for dep in package.dependencies: add_package(dep, parent=spdxpackage) # finally add it to the document doc.add_package(spdxpackage)
testfile2.conc_lics = License.from_identifier('Apache-2.0') testfile2.add_lics(License.from_identifier('Apache-2.0')) testfile2.copyright = NoAssert() # Package package = Package() package.name = 'TagWriteTest' package.version = '1.0' package.file_name = 'twt.jar' package.download_location = 'http://www.tagwritetest.test/download' package.homepage = SPDXNone() package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba' license_set = LicenseConjuction(License.from_identifier('Apache-2.0'), License.from_identifier('BSD-2-Clause')) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier('Apache-2.0')) package.add_lics_from_file(License.from_identifier('BSD-2-Clause')) package.cr_text = NoAssert() package.summary = 'Simple package.' package.description = 'Really simple package.' package.add_file(testfile1) package.add_file(testfile2) doc.package = package # An extracted license lic = ExtractedLicense('LicenseRef-1') lic.text = 'Some non legal legal text..' doc.add_extr_lic(lic)
def generate_spdx_package(self) -> Package: """Generates the SPDX package. Example of a SPDX package: PackageName: eduVPN DataFormat: SPDXRef-1 PackageSupplier: Organization: The Commons Conservancy eduVPN Programme PackageHomePage: https://eduvpn.org PackageLicenseDeclared: GPL-3.0+ PackageCopyrightText: 2017, The Commons Conservancy eduVPN Programme PackageSummary: <text>EduVPN is designed to allow users to connect securely and encrypted to the Internet from any standard device. </text> PackageComment: <text>The package includes the following libraries; see Relationship information. </text> Created: 2017-06-06T09:00:00Z PackageDownloadLocation: git://github.com/eduVPN/reponame PackageDownloadLocation: git+https://github.com/eduVPN/reponame.git PackageDownloadLocation: git+ssh://github.com/eduVPN/reponame.git Creator: Person: Jane Doe Returns: the corresponding package """ package = Package( name=determine_spdx_value(self.name), spdx_id=f"SPDXRef-{self.id}", download_location=determine_spdx_value(None), version=determine_spdx_value(self.version), file_name=determine_spdx_value(self.name), supplier=None, originator=Person(determine_spdx_value(self.author), determine_spdx_value(self.author_email)), ) package.check_sum = Algorithm("SHA1", str(NoAssert())) package.cr_text = NoAssert() package.homepage = determine_spdx_value(self.url) package.license_declared = License.from_identifier( str(determine_spdx_value(self.main_licence))) package.conc_lics = License.from_identifier( str(determine_spdx_value(self.licence))) package.summary = determine_spdx_value(self.description) package.description = NoAssert() files = self.get_spdx_files() if files: package.files_analyzed = True for file in files: package.add_file(file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(file.licence)))) _set_package_copyright(file, package) package.verif_code = determine_spdx_value( package.calc_verif_code()) else: # Has to generate a dummy file because of the following rule in SDK: # - Package must have at least one file dummy_file = SpdxFile(Path(UNKNOWN), self._package_info.root_dir, self.main_licence) package.verif_code = NoAssert() package.add_file(dummy_file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(dummy_file.licence)))) return package
testfile2.add_lics(License.from_identifier('Apache-2.0')) testfile2.copyright = NoAssert() # Package package = Package() package.name = 'TagWriteTest' package.version = '1.0' package.file_name = 'twt.jar' package.download_location = 'http://www.tagwritetest.test/download' package.homepage = SPDXNone() package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba' license_set = LicenseConjuction(License.from_identifier('Apache-2.0'), License.from_identifier('BSD-2-Clause')) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier('Apache-2.0')) package.add_lics_from_file(License.from_identifier('BSD-2-Clause')) package.cr_text = NoAssert() package.summary = 'Simple package.' package.description = 'Really simple package.' package.add_file(testfile1) package.add_file(testfile2) doc.package = package # An extracted license lic = ExtractedLicense('LicenseRef-1') lic.text = 'Some non legal legal text..' doc.add_extr_lic(lic)