def test_document_multiple_packages(self):
doc = Document(
Version(2, 1),
License.from_identifier('CC0-1.0'),
'Sample_Document-V2.1',
spdx_id='SPDXRef-DOCUMENT',
namespace=
'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
)
doc.creation_info.add_creator(Tool('ScanCode'))
doc.creation_info.set_created_now()
package1 = Package(name='some/path1', download_location=NoAssert())
package1.spdx_id = 'SPDXRef-Package1'
package1.cr_text = 'Some copyrught'
package1.files_verified = False
package1.license_declared = NoAssert()
package1.conc_lics = NoAssert()
doc.add_package(package1)
package2 = Package(name='some/path2', download_location=NoAssert())
package2.spdx_id = 'SPDXRef-Package2'
package2.cr_text = 'Some copyrught'
package2.files_verified = False
package2.license_declared = NoAssert()
package2.conc_lics = NoAssert()
doc.add_package(package2)
assert len(doc.packages) == 2
def add_package(package, parent=None):
""" Function to recursively add a package and it's deps"""
spdxpackage = SpdxPackage(name=package.package_name,
version=package.version)
spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}'
id_count[0] += 1
spdxpackage.homepage = SPDXNone()
spdxpackage.cr_text = NoAssert()
spdxpackage.download_location = UnKnown()
spdxpackage.files_analyzed = False
spdxpackage.conc_lics = NoAssert()
spdxpackage.license_declared = NoAssert()
spdxpackage.licenses_from_files = [NoAssert()]
# if we have a parent be sure to list the relationship
if parent != None:
spdxpackage.add_relationship(
Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF,
parent))
# go through the same process for depenedencies
for dep in package.dependencies:
add_package(dep, parent=spdxpackage)
# finally add it to the document
doc.add_package(spdxpackage)
testfile2.conc_lics = License.from_identifier('Apache-2.0')
testfile2.add_lics(License.from_identifier('Apache-2.0'))
testfile2.copyright = NoAssert()
# Package
package = Package()
package.name = 'TagWriteTest'
package.version = '1.0'
package.file_name = 'twt.jar'
package.download_location = 'http://www.tagwritetest.test/download'
package.homepage = SPDXNone()
package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba'
license_set = LicenseConjuction(License.from_identifier('Apache-2.0'),
License.from_identifier('BSD-2-Clause'))
package.conc_lics = license_set
package.license_declared = license_set
package.add_lics_from_file(License.from_identifier('Apache-2.0'))
package.add_lics_from_file(License.from_identifier('BSD-2-Clause'))
package.cr_text = NoAssert()
package.summary = 'Simple package.'
package.description = 'Really simple package.'
package.add_file(testfile1)
package.add_file(testfile2)
doc.package = package
# An extracted license
lic = ExtractedLicense('LicenseRef-1')
lic.text = 'Some non legal legal text..'
doc.add_extr_lic(lic)
def generate_spdx_package(self) -> Package:
"""Generates the SPDX package.
Example of a SPDX package:
PackageName: eduVPN
DataFormat: SPDXRef-1
PackageSupplier: Organization: The Commons Conservancy eduVPN Programme
PackageHomePage: https://eduvpn.org
PackageLicenseDeclared: GPL-3.0+
PackageCopyrightText: 2017, The Commons Conservancy eduVPN Programme
PackageSummary: <text>EduVPN is designed to allow users to connect
securely and encrypted to the Internet from any standard device.
</text>
PackageComment: <text>The package includes the following libraries; see
Relationship information.
</text>
Created: 2017-06-06T09:00:00Z
PackageDownloadLocation: git://github.com/eduVPN/reponame
PackageDownloadLocation: git+https://github.com/eduVPN/reponame.git
PackageDownloadLocation: git+ssh://github.com/eduVPN/reponame.git
Creator: Person: Jane Doe
Returns:
the corresponding package
"""
package = Package(
name=determine_spdx_value(self.name),
spdx_id=f"SPDXRef-{self.id}",
download_location=determine_spdx_value(None),
version=determine_spdx_value(self.version),
file_name=determine_spdx_value(self.name),
supplier=None,
originator=Person(determine_spdx_value(self.author),
determine_spdx_value(self.author_email)),
)
package.check_sum = Algorithm("SHA1", str(NoAssert()))
package.cr_text = NoAssert()
package.homepage = determine_spdx_value(self.url)
package.license_declared = License.from_identifier(
str(determine_spdx_value(self.main_licence)))
package.conc_lics = License.from_identifier(
str(determine_spdx_value(self.licence)))
package.summary = determine_spdx_value(self.description)
package.description = NoAssert()
files = self.get_spdx_files()
if files:
package.files_analyzed = True
for file in files:
package.add_file(file.generate_spdx_file())
package.add_lics_from_file(
License.from_identifier(
str(determine_spdx_value(file.licence))))
_set_package_copyright(file, package)
package.verif_code = determine_spdx_value(
package.calc_verif_code())
else:
# Has to generate a dummy file because of the following rule in SDK:
# - Package must have at least one file
dummy_file = SpdxFile(Path(UNKNOWN), self._package_info.root_dir,
self.main_licence)
package.verif_code = NoAssert()
package.add_file(dummy_file.generate_spdx_file())
package.add_lics_from_file(
License.from_identifier(
str(determine_spdx_value(dummy_file.licence))))
return package
testfile2.add_lics(License.from_identifier('Apache-2.0'))
testfile2.copyright = NoAssert()
# Package
package = Package()
package.name = 'TagWriteTest'
package.version = '1.0'
package.file_name = 'twt.jar'
package.download_location = 'http://www.tagwritetest.test/download'
package.homepage = SPDXNone()
package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba'
license_set = LicenseConjuction(License.from_identifier('Apache-2.0'),
License.from_identifier('BSD-2-Clause'))
package.conc_lics = license_set
package.license_declared = license_set
package.add_lics_from_file(License.from_identifier('Apache-2.0'))
package.add_lics_from_file(License.from_identifier('BSD-2-Clause'))
package.cr_text = NoAssert()
package.summary = 'Simple package.'
package.description = 'Really simple package.'
package.add_file(testfile1)
package.add_file(testfile2)
doc.package = package
# An extracted license
lic = ExtractedLicense('LicenseRef-1')
lic.text = 'Some non legal legal text..'
doc.add_extr_lic(lic)