def test_package_with_non_sha1_check_sum(self): package = Package() package.check_sum = Algorithm("SHA256", '') # Make sure that validation still works despite the checksum not being SHA1 messages = [] messages = package.validate_checksum(messages)
def generate_spdx_package(self) -> Package: """Generates the SPDX package. Example of a SPDX package: PackageName: eduVPN DataFormat: SPDXRef-1 PackageSupplier: Organization: The Commons Conservancy eduVPN Programme PackageHomePage: https://eduvpn.org PackageLicenseDeclared: GPL-3.0+ PackageCopyrightText: 2017, The Commons Conservancy eduVPN Programme PackageSummary: <text>EduVPN is designed to allow users to connect securely and encrypted to the Internet from any standard device. </text> PackageComment: <text>The package includes the following libraries; see Relationship information. </text> Created: 2017-06-06T09:00:00Z PackageDownloadLocation: git://github.com/eduVPN/reponame PackageDownloadLocation: git+https://github.com/eduVPN/reponame.git PackageDownloadLocation: git+ssh://github.com/eduVPN/reponame.git Creator: Person: Jane Doe Returns: the corresponding package """ package = Package( name=determine_spdx_value(self.name), spdx_id=f"SPDXRef-{self.id}", download_location=determine_spdx_value(None), version=determine_spdx_value(self.version), file_name=determine_spdx_value(self.name), supplier=None, originator=Person(determine_spdx_value(self.author), determine_spdx_value(self.author_email)), ) package.check_sum = Algorithm("SHA1", str(NoAssert())) package.cr_text = NoAssert() package.homepage = determine_spdx_value(self.url) package.license_declared = License.from_identifier( str(determine_spdx_value(self.main_licence))) package.conc_lics = License.from_identifier( str(determine_spdx_value(self.licence))) package.summary = determine_spdx_value(self.description) package.description = NoAssert() files = self.get_spdx_files() if files: package.files_analyzed = True for file in files: package.add_file(file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(file.licence)))) _set_package_copyright(file, package) package.verif_code = determine_spdx_value( package.calc_verif_code()) else: # Has to generate a dummy file because of the following rule in SDK: # - Package must have at least one file dummy_file = SpdxFile(Path(UNKNOWN), self._package_info.root_dir, self.main_licence) package.verif_code = NoAssert() package.add_file(dummy_file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(dummy_file.licence)))) return package
testfile2.type = FileType.SOURCE testfile2.spdx_id = "TestFile2#SPDXRef-FILE" testfile2.comment = "This is a test file." testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113") testfile2.conc_lics = License.from_identifier("Apache-2.0") testfile2.add_lics(License.from_identifier("Apache-2.0")) testfile2.copyright = NoAssert() # Package package = Package() package.name = "TagWriteTest" package.version = "1.0" package.file_name = "twt.jar" package.spdx_id = 'TestPackage#SPDXRef-PACKAGE' package.download_location = "http://www.tagwritetest.test/download" package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad") package.homepage = SPDXNone() package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba" license_set = LicenseConjunction( License.from_identifier("Apache-2.0"), License.from_identifier("BSD-2-Clause") ) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier("Apache-2.0")) package.add_lics_from_file(License.from_identifier("BSD-2-Clause")) package.cr_text = NoAssert() package.summary = "Simple package." package.description = "Really simple package." package.add_file(testfile1) package.add_file(testfile2)