def test_document_multiple_packages(self): doc = Document( Version(2, 1), License.from_identifier('CC0-1.0'), 'Sample_Document-V2.1', spdx_id='SPDXRef-DOCUMENT', namespace= 'https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301' ) doc.creation_info.add_creator(Tool('ScanCode')) doc.creation_info.set_created_now() package1 = Package(name='some/path1', download_location=NoAssert()) package1.spdx_id = 'SPDXRef-Package1' package1.cr_text = 'Some copyrught' package1.files_verified = False package1.license_declared = NoAssert() package1.conc_lics = NoAssert() doc.add_package(package1) package2 = Package(name='some/path2', download_location=NoAssert()) package2.spdx_id = 'SPDXRef-Package2' package2.cr_text = 'Some copyrught' package2.files_verified = False package2.license_declared = NoAssert() package2.conc_lics = NoAssert() doc.add_package(package2) assert len(doc.packages) == 2
def add_package(package, parent=None): """ Function to recursively add a package and it's deps""" spdxpackage = SpdxPackage(name=package.package_name, version=package.version) spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}' id_count[0] += 1 spdxpackage.homepage = SPDXNone() spdxpackage.cr_text = NoAssert() spdxpackage.download_location = UnKnown() spdxpackage.files_analyzed = False spdxpackage.conc_lics = NoAssert() spdxpackage.license_declared = NoAssert() spdxpackage.licenses_from_files = [NoAssert()] # if we have a parent be sure to list the relationship if parent != None: spdxpackage.add_relationship( Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF, parent)) # go through the same process for depenedencies for dep in package.dependencies: add_package(dep, parent=spdxpackage) # finally add it to the document doc.add_package(spdxpackage)
testfile2 = File("TestFile2") testfile2.type = FileType.SOURCE testfile2.spdx_id = "TestFile2#SPDXRef-FILE" testfile2.comment = "This is a test file." testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113") testfile2.conc_lics = License.from_identifier("Apache-2.0") testfile2.add_lics(License.from_identifier("Apache-2.0")) testfile2.copyright = NoAssert() # Package package = Package() package.name = "TagWriteTest" package.version = "1.0" package.file_name = "twt.jar" package.spdx_id = 'TestPackage#SPDXRef-PACKAGE' package.download_location = "http://www.tagwritetest.test/download" package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad") package.homepage = SPDXNone() package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba" license_set = LicenseConjunction( License.from_identifier("Apache-2.0"), License.from_identifier("BSD-2-Clause") ) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier("Apache-2.0")) package.add_lics_from_file(License.from_identifier("BSD-2-Clause")) package.cr_text = NoAssert() package.summary = "Simple package." package.description = "Really simple package." package.add_file(testfile1)