def test_document_validate_failures_returns_informative_messages(self):
doc = Document(
Version(2, 1),
License.from_identifier('CC0-1.0'),
'Sample_Document-V2.1',
spdx_id='SPDXRef-DOCUMENT',
namespace=
'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
)
pack = doc.package = Package('some/path', NoAssert())
file1 = File('./some/path/tofile')
file1.name = './some/path/tofile'
file1.spdx_id = 'SPDXRef-File'
file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1')
lic1 = License.from_identifier('LGPL-2.1-only')
file1.add_lics(lic1)
pack.add_lics_from_file(lic1)
messages = []
messages = doc.validate(messages)
expected = [
'No creators defined, must have at least one.',
'Creation info missing created date.',
'Package checksum must be instance of spdx.checksum.Algorithm',
'Package download_location can not be None.',
'Package verif_code can not be None.',
'Package cr_text can not be None.',
'Package must have at least one file.',
'Package concluded license must be instance of spdx.utils.SPDXNone '
'or spdx.utils.NoAssert or spdx.document.License',
'Package declared license must be instance of spdx.utils.SPDXNone '
'or spdx.utils.NoAssert or spdx.document.License'
]
assert expected == messages
def _get_lgpl_doc(self, or_later=False):
doc = Document(
Version(2, 1),
License.from_identifier('CC0-1.0'),
'Sample_Document-V2.1',
spdx_id='SPDXRef-DOCUMENT',
namespace=
'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
)
doc.creation_info.add_creator(Tool('ScanCode'))
doc.creation_info.set_created_now()
package = doc.package = Package(name='some/path',
download_location=NoAssert())
package.cr_text = 'Some copyrught'
package.verif_code = 'SOME code'
package.license_declared = NoAssert()
package.conc_lics = NoAssert()
file1 = File('./some/path/tofile')
file1.name = './some/path/tofile'
file1.spdx_id = 'SPDXRef-File'
file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1')
file1.conc_lics = NoAssert()
file1.copyright = NoAssert()
lic1 = License.from_identifier('LGPL-2.1')
if or_later:
lic1 = License.from_identifier('LGPL-2.1+')
file1.add_lics(lic1)
package.add_lics_from_file(lic1)
package.add_file(file1)
return doc
def test_document_is_valid_when_using_or_later_licenses(self):
doc = Document(
Version(2, 1),
License.from_identifier('CC0-1.0'),
'Sample_Document-V2.1',
spdx_id='SPDXRef-DOCUMENT',
namespace=
'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
)
doc.creation_info.add_creator(Tool('ScanCode'))
doc.creation_info.set_created_now()
package = doc.package = Package(name='some/path',
download_location=NoAssert())
package.spdx_id = 'SPDXRef-Package'
package.cr_text = 'Some copyrught'
package.verif_code = 'SOME code'
package.license_declared = NoAssert()
package.conc_lics = NoAssert()
file1 = File('./some/path/tofile')
file1.name = './some/path/tofile'
file1.spdx_id = 'SPDXRef-File'
file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1')
file1.conc_lics = NoAssert()
file1.copyright = NoAssert()
lic1 = License.from_identifier('LGPL-2.1-or-later')
file1.add_lics(lic1)
package.add_lics_from_file(lic1)
package.add_file(file1)
messages = ErrorMessages()
messages = doc.validate(messages)
assert not messages
def test_document_validate_failures_returns_informative_messages(self):
doc = Document(
Version(2, 1),
License.from_identifier('CC0-1.0'),
'Sample_Document-V2.1',
spdx_id='SPDXRef-DOCUMENT',
namespace=
'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301'
)
pack = doc.package = Package('some/path', NoAssert())
file1 = File('./some/path/tofile')
file1.name = './some/path/tofile'
file1.spdx_id = 'SPDXRef-File'
file1.chk_sum = Algorithm('SHA1', 'SOME-SHA1')
lic1 = License.from_identifier('LGPL-2.1')
file1.add_lics(lic1)
pack.add_lics_from_file(lic1)
messages = []
is_valid = doc.validate(messages)
assert not is_valid
expected = ['No creators defined, must have at least one.']
assert expected == messages
def generate_spdx_file(self) -> File:
"""Generates the SPDX file.
SPDX File example:
FileName: ./tests/test_mbed_targets.py
SPDXID: SPDXRef-cb9cce30c285e6083c2d19a463cbe592
FileChecksum: SHA1: d3db49873bd2b1cab45bf81e7d88617dea6caaff
LicenseConcluded: NOASSERTION
FileCopyrightText: NONE
Returns:
the corresponding file
"""
source_file = File(determine_spdx_value(self.unix_relative_path))
source_file.type = FileType.SOURCE
source_file.comment = determine_spdx_value(None)
source_file.chk_sum = Algorithm("SHA1", self.sha1_check_sum)
source_file.conc_lics = License.from_identifier(
str(determine_spdx_value(self.licence)))
source_file.spdx_id = f"SPDXRef-{self.id}"
source_file.copyright = determine_spdx_value(self.copyright)
source_file.add_lics(
License.from_identifier(str(determine_spdx_value(self.licence))))
return source_file
def create_spdx_document(self):
"""
Write identifier scan results as SPDX Tag/value or RDF.
"""
logging.basicConfig(level=logging.INFO)
logging.info("Creating spdx document")
self.get_output_file()
self.spdx_document = Document(
version=Version(2, 1),
data_license=License.from_identifier(
self.code_extra_params["lic_identifier"]),
)
self.set_creation_info()
if isdir(self.path_or_file):
input_path = self.path_or_file
else:
input_path = dirname(self.path_or_file)
package = self.spdx_document.package = Package(
download_location=NoAssert(), version=self.get_package_version())
self.set_package_info(package)
all_files_have_no_license = True
all_files_have_no_copyright = True
file_license_list = []
file_license_ids = []
if is_dir(self.path_or_file):
for idx, file_data in enumerate(self.id_scan_results):
file_data_instance = open(file_data["FileName"], "r")
if not should_skip_file(file_data["FileName"],
self.output_file_name):
name = file_data["FileName"].replace(
self.path_or_file, ".")
file_entry = File(
name=name,
chk_sum=Algorithm(
"SHA1",
get_file_hash(file_data["FileName"]) or ""),
)
spdx_license = None
if self.doc_type == TAG_VALUE:
spdx_license = License.from_identifier(
file_data["SPDXID"])
else:
licenseref_id = "SPDXID-Doc-Generator-" + file_data[
"SPDXID"]
file_license_ids.append(licenseref_id)
if licenseref_id in file_license_ids:
spdx_license = ExtractedLicense(licenseref_id)
spdx_license.name = NoAssert()
comment = "N/A"
spdx_license.comment = comment
text = NoAssert()
if not text:
text = comment
spdx_license.text = text
self.spdx_document.add_extr_lic(spdx_license)
package.add_lics_from_file(spdx_license)
file_entry.add_lics(spdx_license)
file_license_list.append(spdx_license)
file_entry.conc_lics = NoAssert()
file_entry.copyright = SPDXNone()
file_entry.spdx_id = self.code_extra_params[
"file_ref"].format(idx + 1)
package.add_file(file_entry)
if self.doc_type == TAG_VALUE:
for spdx_license in list(set(file_license_list)):
package.add_lics_from_file(spdx_license)
if len(package.files) == 0:
if self.doc_type == TAG_VALUE:
self.output_file.write(
"# No results for package '{}'.\n".format(package.name))
else:
self.output_file.write(
"<!-- No results for package '{}'. -->\n".format(
package.name))
if self.doc_type == TAG_VALUE:
from spdx.writers.tagvalue import write_document # NOQA
else:
from spdx.writers.rdf import write_document # NOQA
if package.files:
spdx_output = io.StringIO()
if self.doc_type == TAG_VALUE:
write_document(self.spdx_document, spdx_output, validate=False)
logging.info("SPDX Tag-Value Document created successfully.")
else:
# spdx_output = io.BytesIO()
write_document(self.spdx_document, spdx_output, validate=False)
logging.info("SPDX RDF Document created successfully.")
result = spdx_output.getvalue()
if self.doc_type == TAG_VALUE:
result = result.encode("utf-8")
self.output_file.write(result)
doc.version = Version(1, 2)
doc.name = "Hello SPDX"
doc.spdx_id = "Test#SPDXRef-DOCUMENT"
doc.comment = "Example Document"
doc.namespace = "spdx"
doc.data_license = License.from_identifier("CC0-1.0")
doc.creation_info.add_creator(Person("Alice", "*****@*****.**"))
doc.creation_info.set_created_now()
review = Review(Person("Joe", None))
review.set_review_date_now()
review.comment = "Joe reviewed this document"
doc.add_review(review)
# File
testfile1 = File("TestFile1")
testfile1.type = FileType.BINARY
testfile1.spdx_id = "TestFilet#SPDXRef-FILE"
testfile1.comment = "This is a test file."
testfile1.chk_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
testfile1.conc_lics = License.from_identifier("BSD-2-Clause")
testfile1.add_lics(License.from_identifier("BSD-2-Clause"))
testfile1.copyright = SPDXNone()
testfile1.add_artifact("name", "TagWriteTest")
testfile1.add_artifact("home", UnKnown())
testfile1.add_artifact("uri", "http://tagwritetest.test")
testfile2 = File("TestFile2")
testfile2.type = FileType.SOURCE
testfile2.spdx_id = "TestFile2#SPDXRef-FILE"
testfile2.comment = "This is a test file."
testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
testfile2.conc_lics = License.from_identifier("Apache-2.0")
def create(self):
"""
Write identifier scan results as SPDX Tag/value or RDF.
"""
self.get_output_file()
self.spdx_document = Document(
version=Version(2, 1),
data_license=License.from_identifier(
self.code_extra_params["lic_identifier"]))
self.set_creation_info()
if isdir(self.path_or_file):
input_path = self.path_or_file
else:
input_path = dirname(self.path_or_file)
package = self.spdx_document.package = Package(
download_location=NoAssert(), version=self.get_package_version())
self.set_package_info(package)
all_files_have_no_license = True
all_files_have_no_copyright = True
file_license_list = []
file_license_ids = []
bar = Bar('Writing to spdx file', max=len(self.id_scan_results))
if isPath(self.path_or_file):
for idx, file_data in enumerate(self.id_scan_results):
file_data_instance = open(file_data["FileName"], "r")
if not shouldSkipFile(file_data["FileName"],
self.output_file_name):
name = file_data["FileName"].replace(
self.path_or_file, '.')
file_entry = File(name=name,
chk_sum=Algorithm(
'SHA1',
get_file_hash(file_data["FileName"])
or ''))
spdx_license = None
if self.doc_type == TAG_VALUE:
spdx_license = License.from_identifier(
file_data["SPDXID"])
else:
licenseref_id = 'SPDXID-Doc-Generator-' + file_data[
"SPDXID"]
file_license_ids.append(licenseref_id)
if licenseref_id in file_license_ids:
spdx_license = ExtractedLicense(licenseref_id)
spdx_license.name = NoAssert()
comment = "N/A"
spdx_license.comment = comment
text = NoAssert()
if not text:
text = comment
spdx_license.text = text
self.spdx_document.add_extr_lic(spdx_license)
package.add_lics_from_file(spdx_license)
file_entry.add_lics(spdx_license)
file_license_list.append(spdx_license)
file_entry.conc_lics = NoAssert()
file_entry.copyright = SPDXNone()
file_entry.spdx_id = self.code_extra_params[
"file_ref"].format(idx + 1)
package.add_file(file_entry)
bar.next()
if self.doc_type == TAG_VALUE:
for spdx_license in list(set(file_license_list)):
package.add_lics_from_file(spdx_license)
bar.finish()
if len(package.files) == 0:
if self.doc_type == TAG_VALUE:
self.output_file.write(
"# No results for package '{}'.\n".format(package.name))
else:
self.output_file.write(
"<!-- No results for package '{}'. -->\n".format(
package.name))
if self.doc_type == TAG_VALUE:
from spdx.writers.tagvalue import write_document # NOQA
else:
from spdx.writers.rdf import write_document # NOQA
if package.files:
spdx_output = io.StringIO()
if self.doc_type == TAG_VALUE:
write_document(self.spdx_document, spdx_output, validate=True)
else:
spdx_output = io.BytesIO()
write_document(self.spdx_document, spdx_output, validate=True)
result = spdx_output.getvalue()
if self.doc_type == TAG_VALUE:
result = result.encode('utf-8')
self.output_file.write(result)
