def test_package_with_non_sha1_check_sum(self):
package = Package()
package.check_sum = Algorithm("SHA256", '')
# Make sure that validation still works despite the checksum not being SHA1
messages = []
messages = package.validate_checksum(messages)
def generate_spdx_package(self) -> Package:
"""Generates the SPDX package.
Example of a SPDX package:
PackageName: eduVPN
DataFormat: SPDXRef-1
PackageSupplier: Organization: The Commons Conservancy eduVPN Programme
PackageHomePage: https://eduvpn.org
PackageLicenseDeclared: GPL-3.0+
PackageCopyrightText: 2017, The Commons Conservancy eduVPN Programme
PackageSummary: <text>EduVPN is designed to allow users to connect
securely and encrypted to the Internet from any standard device.
</text>
PackageComment: <text>The package includes the following libraries; see
Relationship information.
</text>
Created: 2017-06-06T09:00:00Z
PackageDownloadLocation: git://github.com/eduVPN/reponame
PackageDownloadLocation: git+https://github.com/eduVPN/reponame.git
PackageDownloadLocation: git+ssh://github.com/eduVPN/reponame.git
Creator: Person: Jane Doe
Returns:
the corresponding package
"""
package = Package(
name=determine_spdx_value(self.name),
spdx_id=f"SPDXRef-{self.id}",
download_location=determine_spdx_value(None),
version=determine_spdx_value(self.version),
file_name=determine_spdx_value(self.name),
supplier=None,
originator=Person(determine_spdx_value(self.author),
determine_spdx_value(self.author_email)),
)
package.check_sum = Algorithm("SHA1", str(NoAssert()))
package.cr_text = NoAssert()
package.homepage = determine_spdx_value(self.url)
package.license_declared = License.from_identifier(
str(determine_spdx_value(self.main_licence)))
package.conc_lics = License.from_identifier(
str(determine_spdx_value(self.licence)))
package.summary = determine_spdx_value(self.description)
package.description = NoAssert()
files = self.get_spdx_files()
if files:
package.files_analyzed = True
for file in files:
package.add_file(file.generate_spdx_file())
package.add_lics_from_file(
License.from_identifier(
str(determine_spdx_value(file.licence))))
_set_package_copyright(file, package)
package.verif_code = determine_spdx_value(
package.calc_verif_code())
else:
# Has to generate a dummy file because of the following rule in SDK:
# - Package must have at least one file
dummy_file = SpdxFile(Path(UNKNOWN), self._package_info.root_dir,
self.main_licence)
package.verif_code = NoAssert()
package.add_file(dummy_file.generate_spdx_file())
package.add_lics_from_file(
License.from_identifier(
str(determine_spdx_value(dummy_file.licence))))
return package
testfile2.type = FileType.SOURCE
testfile2.spdx_id = "TestFile2#SPDXRef-FILE"
testfile2.comment = "This is a test file."
testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
testfile2.conc_lics = License.from_identifier("Apache-2.0")
testfile2.add_lics(License.from_identifier("Apache-2.0"))
testfile2.copyright = NoAssert()
# Package
package = Package()
package.name = "TagWriteTest"
package.version = "1.0"
package.file_name = "twt.jar"
package.spdx_id = 'TestPackage#SPDXRef-PACKAGE'
package.download_location = "http://www.tagwritetest.test/download"
package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
package.homepage = SPDXNone()
package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba"
license_set = LicenseConjunction(
License.from_identifier("Apache-2.0"), License.from_identifier("BSD-2-Clause")
)
package.conc_lics = license_set
package.license_declared = license_set
package.add_lics_from_file(License.from_identifier("Apache-2.0"))
package.add_lics_from_file(License.from_identifier("BSD-2-Clause"))
package.cr_text = NoAssert()
package.summary = "Simple package."
package.description = "Really simple package."
package.add_file(testfile1)
package.add_file(testfile2)
