From 97fcb17eac033ad1a7f3fa85e9875a98bec7311b Mon Sep 17 00:00:00 2001 From: Nicolaus Weidner Date: Thu, 3 Nov 2022 11:13:59 +0100 Subject: [PATCH] Fix broken tests and examples Signed-off-by: Nicolaus Weidner --- spdx/parsers/xmlparser.py | 3 +- .../doc_write/json-simple-multi-package.json | 177 ++++--- tests/data/doc_write/json-simple-plus.json | 103 ++-- tests/data/doc_write/json-simple.json | 103 ++-- .../doc_write/xml-simple-multi-package.xml | 143 +++--- tests/data/doc_write/xml-simple-plus.xml | 81 ++-- tests/data/doc_write/xml-simple.xml | 81 ++-- .../doc_write/yaml-simple-multi-package.yaml | 116 ++--- tests/data/doc_write/yaml-simple-plus.yaml | 68 +-- tests/data/doc_write/yaml-simple.yaml | 68 +-- tests/data/formats/SPDXXmlExample.xml | 452 +++++++++--------- tests/test_jsonyamlxml_parser.py | 9 +- tests/utils_test.py | 14 +- 13 files changed, 720 insertions(+), 698 deletions(-) diff --git a/spdx/parsers/xmlparser.py b/spdx/parsers/xmlparser.py index 3fed3cdb7..74d53b234 100644 --- a/spdx/parsers/xmlparser.py +++ b/spdx/parsers/xmlparser.py @@ -43,6 +43,7 @@ def __init__(self, builder, logger): "excludedFilesNames", "files", "documentDescribes", + "packages", } def parse(self, file): @@ -50,7 +51,7 @@ def parse(self, file): file.read(), strip_whitespace=False, encoding="utf-8" ) fixed_object = self._set_in_list(parsed_xml, self.LIST_LIKE_FIELDS) - self.document_object = fixed_object.get("SpdxDocument").get("Document") + self.document_object = fixed_object.get("Document") return super(Parser, self).parse() def _set_in_list(self, data, keys): diff --git a/tests/data/doc_write/json-simple-multi-package.json b/tests/data/doc_write/json-simple-multi-package.json index 9785bd3ab..0f26fe89c 100644 --- a/tests/data/doc_write/json-simple-multi-package.json +++ b/tests/data/doc_write/json-simple-multi-package.json @@ -1,98 +1,95 @@ { - "Document": { - "spdxVersion": "SPDX-2.1", - "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "creationInfo": { - "creators": [ - "Tool: ScanCode" - ], - "created": "2021-10-21T17:09:37Z", - "licenseListVersion": "3.6" + "spdxVersion": "SPDX-2.1", + "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "creationInfo": { + "creators": [ + "Tool: ScanCode" + ], + "created": "2022-11-02T21:47:54Z", + "licenseListVersion": "3.6" + }, + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "Sample_Document-V2.1", + "documentDescribes": [ + "SPDXRef-Package1", + "SPDXRef-Package2", + "SPDXRef-Package3" + ], + "packages": [ + { + "SPDXID": "SPDXRef-Package1", + "name": "some/path1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "Some copyright" }, - "dataLicense": "CC0-1.0", - "SPDXID": "SPDXRef-DOCUMENT", - "name": "Sample_Document-V2.1", - "documentDescribes": [ - { - "Package": { - "SPDXID": "SPDXRef-Package1", - "name": "some/path1", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "Some copyright" - } + { + "SPDXID": "SPDXRef-Package2", + "name": "some/path2", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "SOME code" }, - { - "Package": { - "SPDXID": "SPDXRef-Package2", - "name": "some/path2", - "downloadLocation": "NOASSERTION", - "packageVerificationCode": { - "packageVerificationCodeValue": "SOME code" - }, - "licenseInfoFromFiles": [ - "LGPL-2.1-or-later" - ], - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "Some copyright", - "files": [ - { - "File": { - "name": "./some/path/tofile", - "SPDXID": "SPDXRef-File", - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseConcluded": "NOASSERTION", - "licenseInfoFromFiles": [ - "LGPL-2.1-or-later" - ], - "copyrightText": "NOASSERTION", - "sha1": "SOME-SHA1" + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "Some copyright", + "files": [ + { + "File": { + "name": "./some/path/tofile", + "SPDXID": "SPDXRef-File", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" } - } - ] + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "copyrightText": "NOASSERTION", + "sha1": "SOME-SHA1" + } } - }, - { - "Package": { - "SPDXID": "SPDXRef-Package3", - "name": "some/path3", - "downloadLocation": "NOASSERTION", - "licenseInfoFromFiles": [ - "LGPL-2.1-or-later" - ], - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "Some copyright", - "files": [ - { - "File": { - "name": "./some/path/tofile", - "SPDXID": "SPDXRef-File", - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseConcluded": "NOASSERTION", - "licenseInfoFromFiles": [ - "LGPL-2.1-or-later" - ], - "copyrightText": "NOASSERTION", - "sha1": "SOME-SHA1" + ] + }, + { + "SPDXID": "SPDXRef-Package3", + "name": "some/path3", + "downloadLocation": "NOASSERTION", + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "Some copyright", + "files": [ + { + "File": { + "name": "./some/path/tofile", + "SPDXID": "SPDXRef-File", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" } - } - ] + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "copyrightText": "NOASSERTION", + "sha1": "SOME-SHA1" + } } - } - ] - } + ] + } + ] } \ No newline at end of file diff --git a/tests/data/doc_write/json-simple-plus.json b/tests/data/doc_write/json-simple-plus.json index 11e0929e4..5db3c9e69 100644 --- a/tests/data/doc_write/json-simple-plus.json +++ b/tests/data/doc_write/json-simple-plus.json @@ -1,50 +1,59 @@ { - "Document": { - "spdxVersion": "SPDX-2.1", - "dataLicense": "CC0-1.0", - "name": "Sample_Document-V2.1", - "SPDXID": "SPDXRef-DOCUMENT", - "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "documentDescribes": [ - { - "Package": { - "SPDXID": "SPDXRef-Package", - "name": "some/path", - "downloadLocation": "NOASSERTION", - "copyrightText": "Some copyrught", - "packageVerificationCode": { - "packageVerificationCodeValue": "SOME code" - }, - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseDeclared": "NOASSERTION", - "licenseConcluded": "NOASSERTION", - "files": [ - { - "File": { - "name": "./some/path/tofile", - "SPDXID": "SPDXRef-File", - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "NOASSERTION", - "licenseInfoFromFiles": ["LGPL-2.1-or-later"], - "sha1": "SOME-SHA1" + "spdxVersion": "SPDX-2.1", + "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "creationInfo": { + "creators": [ + "Tool: ScanCode" + ], + "created": "2022-11-02T21:53:59Z", + "licenseListVersion": "3.6" + }, + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "Sample_Document-V2.1", + "documentDescribes": [ + "SPDXRef-Package" + ], + "packages": [ + { + "SPDXID": "SPDXRef-Package", + "name": "some/path", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "SOME code" + }, + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "Some copyrught", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" + } + ], + "files": [ + { + "File": { + "name": "./some/path/tofile", + "SPDXID": "SPDXRef-File", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" } - } - ], - "licenseInfoFromFiles": ["LGPL-2.1-or-later"], - "sha1": "SOME-SHA1" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoFromFiles": [ + "LGPL-2.1-or-later" + ], + "copyrightText": "NOASSERTION", + "sha1": "SOME-SHA1" + } } - } - ] - } -} + ] + } + ] +} \ No newline at end of file diff --git a/tests/data/doc_write/json-simple.json b/tests/data/doc_write/json-simple.json index 246a0cacb..ee707066e 100644 --- a/tests/data/doc_write/json-simple.json +++ b/tests/data/doc_write/json-simple.json @@ -1,50 +1,59 @@ { - "Document": { - "spdxVersion": "SPDX-2.1", - "dataLicense": "CC0-1.0", - "name": "Sample_Document-V2.1", - "SPDXID": "SPDXRef-DOCUMENT", - "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "documentDescribes": [ - { - "Package": { - "SPDXID": "SPDXRef-Package", - "name": "some/path", - "downloadLocation": "NOASSERTION", - "copyrightText": "Some copyrught", - "packageVerificationCode": { - "packageVerificationCodeValue": "SOME code" - }, - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseDeclared": "NOASSERTION", - "licenseConcluded": "NOASSERTION", - "files": [ - { - "File": { - "name": "./some/path/tofile", - "SPDXID": "SPDXRef-File", - "checksums": [ - { - "algorithm": "checksumAlgorithm_sha1", - "checksumValue": "SOME-SHA1" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "NOASSERTION", - "licenseInfoFromFiles": ["LGPL-2.1-only"], - "sha1": "SOME-SHA1" + "spdxVersion": "SPDX-2.1", + "documentNamespace": "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "creationInfo": { + "creators": [ + "Tool: ScanCode" + ], + "created": "2022-11-02T21:55:14Z", + "licenseListVersion": "3.6" + }, + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "Sample_Document-V2.1", + "documentDescribes": [ + "SPDXRef-Package" + ], + "packages": [ + { + "SPDXID": "SPDXRef-Package", + "name": "some/path", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "SOME code" + }, + "licenseInfoFromFiles": [ + "LGPL-2.1-only" + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "Some copyrught", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" + } + ], + "files": [ + { + "File": { + "name": "./some/path/tofile", + "SPDXID": "SPDXRef-File", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "SOME-SHA1" } - } - ], - "licenseInfoFromFiles": ["LGPL-2.1-only"], - "sha1": "SOME-SHA1" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoFromFiles": [ + "LGPL-2.1-only" + ], + "copyrightText": "NOASSERTION", + "sha1": "SOME-SHA1" + } } - } - ] - } -} + ] + } + ] +} \ No newline at end of file diff --git a/tests/data/doc_write/xml-simple-multi-package.xml b/tests/data/doc_write/xml-simple-multi-package.xml index eadaba0fc..b91677e88 100644 --- a/tests/data/doc_write/xml-simple-multi-package.xml +++ b/tests/data/doc_write/xml-simple-multi-package.xml @@ -1,79 +1,74 @@ - - - SPDX-2.1 - https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 - - Tool: ScanCode - 2021-10-21T17:02:23Z - 3.6 - - CC0-1.0 - SPDXRef-DOCUMENT - Sample_Document-V2.1 - - - SPDXRef-Package1 - some/path1 - NOASSERTION - false + + SPDX-2.1 + https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 + + Tool: ScanCode + 2022-11-02T22:01:25Z + 3.6 + + CC0-1.0 + SPDXRef-DOCUMENT + Sample_Document-V2.1 + SPDXRef-Package1 + SPDXRef-Package2 + SPDXRef-Package3 + + SPDXRef-Package1 + some/path1 + NOASSERTION + false + NOASSERTION + NOASSERTION + Some copyright + + + SPDXRef-Package2 + some/path2 + NOASSERTION + + SOME code + + LGPL-2.1-or-later + NOASSERTION + NOASSERTION + Some copyright + + + ./some/path/tofile + SPDXRef-File + + SHA1 + SOME-SHA1 + NOASSERTION - NOASSERTION - Some copyright - - - - - SPDXRef-Package2 - some/path2 - NOASSERTION - - SOME code - LGPL-2.1-or-later + NOASSERTION + SOME-SHA1 + + + + + SPDXRef-Package3 + some/path3 + NOASSERTION + LGPL-2.1-or-later + NOASSERTION + NOASSERTION + Some copyright + + + ./some/path/tofile + SPDXRef-File + + SHA1 + SOME-SHA1 + NOASSERTION - NOASSERTION - Some copyright - - - ./some/path/tofile - SPDXRef-File - - checksumAlgorithm_sha1 - SOME-SHA1 - - NOASSERTION - LGPL-2.1-or-later - NOASSERTION - SOME-SHA1 - - - - - - - SPDXRef-Package3 - some/path3 - NOASSERTION LGPL-2.1-or-later - NOASSERTION - NOASSERTION - Some copyright - - - ./some/path/tofile - SPDXRef-File - - checksumAlgorithm_sha1 - SOME-SHA1 - - NOASSERTION - LGPL-2.1-or-later - NOASSERTION - SOME-SHA1 - - - - - - \ No newline at end of file + NOASSERTION + SOME-SHA1 + + + + \ No newline at end of file diff --git a/tests/data/doc_write/xml-simple-plus.xml b/tests/data/doc_write/xml-simple-plus.xml index b69c29f79..bba17483c 100644 --- a/tests/data/doc_write/xml-simple-plus.xml +++ b/tests/data/doc_write/xml-simple-plus.xml @@ -1,43 +1,44 @@ - - - SPDX-2.1 - CC0-1.0 - Sample_Document-V2.1 - SPDXRef-DOCUMENT - https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 - - - SPDXRef-Package - some/path - NOASSERTION - Some copyrught - - SOME code - - + + SPDX-2.1 + https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 + + Tool: ScanCode + 2022-11-02T22:00:48Z + 3.6 + + CC0-1.0 + SPDXRef-DOCUMENT + Sample_Document-V2.1 + SPDXRef-Package + + SPDXRef-Package + some/path + NOASSERTION + + SOME code + + LGPL-2.1-or-later + NOASSERTION + NOASSERTION + Some copyrught + + SHA1 + SOME-SHA1 + + + + ./some/path/tofile + SPDXRef-File + + SHA1 SOME-SHA1 - checksumAlgorithm_sha1 - NOASSERTION - NOASSERTION - - - ./some/path/tofile - SPDXRef-File - - SOME-SHA1 - checksumAlgorithm_sha1 - - NOASSERTION - NOASSERTION - LGPL-2.1-or-later - SOME-SHA1 - - - LGPL-2.1-or-later - SOME-SHA1 - - - - \ No newline at end of file + NOASSERTION + LGPL-2.1-or-later + NOASSERTION + SOME-SHA1 + + + + \ No newline at end of file diff --git a/tests/data/doc_write/xml-simple.xml b/tests/data/doc_write/xml-simple.xml index 2eb292fe8..23eca14d1 100644 --- a/tests/data/doc_write/xml-simple.xml +++ b/tests/data/doc_write/xml-simple.xml @@ -1,43 +1,44 @@ - - - SPDX-2.1 - CC0-1.0 - Sample_Document-V2.1 - SPDXRef-DOCUMENT - https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 - - - SPDXRef-Package - some/path - NOASSERTION - Some copyrught - - SOME code - - + + SPDX-2.1 + https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 + + Tool: ScanCode + 2022-11-02T21:59:54Z + 3.6 + + CC0-1.0 + SPDXRef-DOCUMENT + Sample_Document-V2.1 + SPDXRef-Package + + SPDXRef-Package + some/path + NOASSERTION + + SOME code + + LGPL-2.1-only + NOASSERTION + NOASSERTION + Some copyrught + + SHA1 + SOME-SHA1 + + + + ./some/path/tofile + SPDXRef-File + + SHA1 SOME-SHA1 - checksumAlgorithm_sha1 - NOASSERTION - NOASSERTION - - - ./some/path/tofile - SPDXRef-File - - SOME-SHA1 - checksumAlgorithm_sha1 - - NOASSERTION - NOASSERTION - LGPL-2.1-only - SOME-SHA1 - - - LGPL-2.1-only - SOME-SHA1 - - - - \ No newline at end of file + NOASSERTION + LGPL-2.1-only + NOASSERTION + SOME-SHA1 + + + + \ No newline at end of file diff --git a/tests/data/doc_write/yaml-simple-multi-package.yaml b/tests/data/doc_write/yaml-simple-multi-package.yaml index d7c4b134e..d1b093f19 100644 --- a/tests/data/doc_write/yaml-simple-multi-package.yaml +++ b/tests/data/doc_write/yaml-simple-multi-package.yaml @@ -1,65 +1,65 @@ --- -Document: - SPDXID: SPDXRef-DOCUMENT - creationInfo: - created: '2021-10-21T16:46:56Z' - creators: - - 'Tool: ScanCode' - licenseListVersion: '3.6' - dataLicense: CC0-1.0 - documentDescribes: - - Package: - SPDXID: SPDXRef-Package1 - copyrightText: Some copyright - downloadLocation: NOASSERTION - filesAnalyzed: false +SPDXID: SPDXRef-DOCUMENT +creationInfo: + created: '2022-11-02T21:59:09Z' + creators: + - 'Tool: ScanCode' + licenseListVersion: '3.6' +dataLicense: CC0-1.0 +documentDescribes: +- SPDXRef-Package1 +- SPDXRef-Package2 +- SPDXRef-Package3 +documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 +name: Sample_Document-V2.1 +packages: +- SPDXID: SPDXRef-Package1 + copyrightText: Some copyright + downloadLocation: NOASSERTION + filesAnalyzed: false + licenseConcluded: NOASSERTION + licenseDeclared: NOASSERTION + name: some/path1 +- SPDXID: SPDXRef-Package2 + copyrightText: Some copyright + downloadLocation: NOASSERTION + files: + - File: + SPDXID: SPDXRef-File + checksums: + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: NOASSERTION licenseConcluded: NOASSERTION - licenseDeclared: NOASSERTION - name: some/path1 - - Package: - SPDXID: SPDXRef-Package2 - copyrightText: Some copyright - downloadLocation: NOASSERTION - files: - - File: - SPDXID: SPDXRef-File - checksums: - - algorithm: checksumAlgorithm_sha1 - checksumValue: SOME-SHA1 - copyrightText: NOASSERTION - licenseConcluded: NOASSERTION - licenseInfoFromFiles: - - LGPL-2.1-or-later - name: ./some/path/tofile - sha1: SOME-SHA1 - licenseConcluded: NOASSERTION - licenseDeclared: NOASSERTION licenseInfoFromFiles: - LGPL-2.1-or-later - name: some/path2 - packageVerificationCode: - packageVerificationCodeValue: SOME code - - Package: - SPDXID: SPDXRef-Package3 - copyrightText: Some copyright - downloadLocation: NOASSERTION - files: - - File: - SPDXID: SPDXRef-File - checksums: - - algorithm: checksumAlgorithm_sha1 - checksumValue: SOME-SHA1 - copyrightText: NOASSERTION - licenseConcluded: NOASSERTION - licenseInfoFromFiles: - - LGPL-2.1-or-later - name: ./some/path/tofile - sha1: SOME-SHA1 + name: ./some/path/tofile + sha1: SOME-SHA1 + licenseConcluded: NOASSERTION + licenseDeclared: NOASSERTION + licenseInfoFromFiles: + - LGPL-2.1-or-later + name: some/path2 + packageVerificationCode: + packageVerificationCodeValue: SOME code +- SPDXID: SPDXRef-Package3 + copyrightText: Some copyright + downloadLocation: NOASSERTION + files: + - File: + SPDXID: SPDXRef-File + checksums: + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: NOASSERTION licenseConcluded: NOASSERTION - licenseDeclared: NOASSERTION licenseInfoFromFiles: - LGPL-2.1-or-later - name: some/path3 - documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 - name: Sample_Document-V2.1 - spdxVersion: SPDX-2.1 + name: ./some/path/tofile + sha1: SOME-SHA1 + licenseConcluded: NOASSERTION + licenseDeclared: NOASSERTION + licenseInfoFromFiles: + - LGPL-2.1-or-later + name: some/path3 +spdxVersion: SPDX-2.1 \ No newline at end of file diff --git a/tests/data/doc_write/yaml-simple-plus.yaml b/tests/data/doc_write/yaml-simple-plus.yaml index 9858c8167..c09862241 100644 --- a/tests/data/doc_write/yaml-simple-plus.yaml +++ b/tests/data/doc_write/yaml-simple-plus.yaml @@ -1,35 +1,39 @@ --- -Document: - spdxVersion: "SPDX-2.1" - dataLicense: "CC0-1.0" - name: "Sample_Document-V2.1" - SPDXID: "SPDXRef-DOCUMENT" - documentNamespace: "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301" - documentDescribes: - - Package: - SPDXID: "SPDXRef-Package" - name: "some/path" - downloadLocation: "NOASSERTION" - copyrightText: "Some copyrught" - packageVerificationCode: - packageVerificationCodeValue: "SOME code" +SPDXID: SPDXRef-DOCUMENT +creationInfo: + created: '2022-11-02T21:58:12Z' + creators: + - 'Tool: ScanCode' + licenseListVersion: '3.6' +dataLicense: CC0-1.0 +documentDescribes: +- SPDXRef-Package +documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 +name: Sample_Document-V2.1 +packages: +- SPDXID: SPDXRef-Package + checksums: + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: Some copyrught + downloadLocation: NOASSERTION + files: + - File: + SPDXID: SPDXRef-File checksums: - - algorithm: "checksumAlgorithm_sha1" - checksumValue: "SOME-SHA1" - licenseDeclared: "NOASSERTION" - licenseConcluded: "NOASSERTION" - files: - - File: - name: "./some/path/tofile" - SPDXID: "SPDXRef-File" - checksums: - - algorithm: "checksumAlgorithm_sha1" - checksumValue: "SOME-SHA1" - licenseConcluded: "NOASSERTION" - copyrightText: "NOASSERTION" - licenseInfoFromFiles: - - "LGPL-2.1-or-later" - sha1: "SOME-SHA1" + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: NOASSERTION + licenseConcluded: NOASSERTION licenseInfoFromFiles: - - "LGPL-2.1-or-later" - sha1: "SOME-SHA1" + - LGPL-2.1-or-later + name: ./some/path/tofile + sha1: SOME-SHA1 + licenseConcluded: NOASSERTION + licenseDeclared: NOASSERTION + licenseInfoFromFiles: + - LGPL-2.1-or-later + name: some/path + packageVerificationCode: + packageVerificationCodeValue: SOME code +spdxVersion: SPDX-2.1 \ No newline at end of file diff --git a/tests/data/doc_write/yaml-simple.yaml b/tests/data/doc_write/yaml-simple.yaml index b4946b70f..5e623ce43 100644 --- a/tests/data/doc_write/yaml-simple.yaml +++ b/tests/data/doc_write/yaml-simple.yaml @@ -1,35 +1,39 @@ --- -Document: - spdxVersion: "SPDX-2.1" - dataLicense: "CC0-1.0" - name: "Sample_Document-V2.1" - SPDXID: "SPDXRef-DOCUMENT" - documentNamespace: "https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301" - documentDescribes: - - Package: - SPDXID: "SPDXRef-Package" - name: "some/path" - downloadLocation: "NOASSERTION" - copyrightText: "Some copyrught" - packageVerificationCode: - packageVerificationCodeValue: "SOME code" +SPDXID: SPDXRef-DOCUMENT +creationInfo: + created: '2022-11-02T21:56:39Z' + creators: + - 'Tool: ScanCode' + licenseListVersion: '3.6' +dataLicense: CC0-1.0 +documentDescribes: +- SPDXRef-Package +documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 +name: Sample_Document-V2.1 +packages: +- SPDXID: SPDXRef-Package + checksums: + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: Some copyrught + downloadLocation: NOASSERTION + files: + - File: + SPDXID: SPDXRef-File checksums: - - algorithm: "checksumAlgorithm_sha1" - checksumValue: "SOME-SHA1" - licenseDeclared: "NOASSERTION" - licenseConcluded: "NOASSERTION" - files: - - File: - name: "./some/path/tofile" - SPDXID: "SPDXRef-File" - checksums: - - algorithm: "checksumAlgorithm_sha1" - checksumValue: "SOME-SHA1" - licenseConcluded: "NOASSERTION" - copyrightText: "NOASSERTION" - licenseInfoFromFiles: - - "LGPL-2.1-only" - sha1: "SOME-SHA1" + - algorithm: SHA1 + checksumValue: SOME-SHA1 + copyrightText: NOASSERTION + licenseConcluded: NOASSERTION licenseInfoFromFiles: - - "LGPL-2.1-only" - sha1: "SOME-SHA1" + - LGPL-2.1-only + name: ./some/path/tofile + sha1: SOME-SHA1 + licenseConcluded: NOASSERTION + licenseDeclared: NOASSERTION + licenseInfoFromFiles: + - LGPL-2.1-only + name: some/path + packageVerificationCode: + packageVerificationCodeValue: SOME code +spdxVersion: SPDX-2.1 \ No newline at end of file diff --git a/tests/data/formats/SPDXXmlExample.xml b/tests/data/formats/SPDXXmlExample.xml index 1c557b281..780fbece9 100644 --- a/tests/data/formats/SPDXXmlExample.xml +++ b/tests/data/formats/SPDXXmlExample.xml @@ -1,149 +1,148 @@ - - - This is a sample spreadsheet - Sample_Document-V2.1 - - - SPDXRef-Package - Organization: SPDX - The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually. - true - - - Apache-2.0 - 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 - src/org/spdx/parser/DOAPProject.java - Copyright 2010, 2011 Source Auditor Inc. - Apache-2.0 - - - 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 - checksumAlgorithm_sha1 - - fileType_source - SPDXRef-File2 - - - - - This file belongs to Jena - LicenseRef-1 - 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 - Jenna-2.6.3/jena-2.6.3-sources.jar - (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP - - Jena - http://www.openjena.org/ - http://subversion.apache.org/doap.rdf - - LicenseRef-1 - This license is used by Jena - - 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 - checksumAlgorithm_sha1 - - fileType_archive - SPDXRef-File1 - - - LicenseRef-3 - LicenseRef-1 - Apache-1.0 - LicenseRef-4 - Apache-2.0 - LicenseRef-2 - MPL-1.1 - 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 - SPDX Translator - spdxtranslator-1.0.zip - The declared license information can be found in the NOTICE file at the root of the archive file - SPDX Translator utility - Version 1.0 of the SPDX Translator application - Copyright 2010, 2011 Source Auditor Inc. - - 4e3211c67a2d28fced849ee1bb76e7391b93feba - SpdxTranslatorSpdx.rdf - SpdxTranslatorSpdx.txt - - (LicenseRef-1 AND MPL-1.1 AND LicenseRef-2 AND LicenseRef-3 AND Apache-2.0 AND LicenseRef-4 AND Apache-1.0) - Organization: Linux Foundation - - 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 - checksumAlgorithm_sha1 - - Version 0.9.2 - (LicenseRef-3 AND LicenseRef-2 AND Apache-2.0 AND MPL-1.1 AND LicenseRef-1 AND LicenseRef-4) - http://www.spdx.org/tools - This utility translates and SPDX RDF XML document to a spreadsheet, translates a spreadsheet to an SPDX RDF XML document and translates an SPDX RDFa document to an SPDX RDF XML document. - - - - This is an example of an SPDX spreadsheet format - Tool: SourceAuditor-V1.2 - Person: Gary O'Neall - Organization: Source Auditor Inc. - 3.6 - 2010-02-03T00:00:00Z - - - - d6a770ba38583ed4bb4525bd96e50461655d2759 + + This is a sample spreadsheet + Sample_Document-V2.1 + + + SPDXRef-Package + Organization: SPDX + The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually. + true + + + Apache-2.0 + 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 + src/org/spdx/parser/DOAPProject.java + Copyright 2010, 2011 Source Auditor Inc. + Apache-2.0 + + + 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 + checksumAlgorithm_sha1 + + fileType_source + SPDXRef-File2 + + + + + This file belongs to Jena + LicenseRef-1 + 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 + Jenna-2.6.3/jena-2.6.3-sources.jar + (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP + + Jena + http://www.openjena.org/ + http://subversion.apache.org/doap.rdf + + LicenseRef-1 + This license is used by Jena + + 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 + checksumAlgorithm_sha1 + + fileType_archive + SPDXRef-File1 + + + LicenseRef-3 + LicenseRef-1 + Apache-1.0 + LicenseRef-4 + Apache-2.0 + LicenseRef-2 + MPL-1.1 + 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 + SPDX Translator + spdxtranslator-1.0.zip + The declared license information can be found in the NOTICE file at the root of the archive file + SPDX Translator utility + Version 1.0 of the SPDX Translator application + Copyright 2010, 2011 Source Auditor Inc. + + 4e3211c67a2d28fced849ee1bb76e7391b93feba + SpdxTranslatorSpdx.rdf + SpdxTranslatorSpdx.txt + + (LicenseRef-1 AND MPL-1.1 AND LicenseRef-2 AND LicenseRef-3 AND Apache-2.0 AND LicenseRef-4 AND Apache-1.0) + Organization: Linux Foundation + + 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 checksumAlgorithm_sha1 - - https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301 - DocumentRef-spdx-tool-2.1 - - https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 - - This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses - REVIEW - SPDXRef-45 - 2012-06-13T00:00:00Z - Person: Jim Reviewer - - CC0-1.0 - - This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses - Person: Joe Reviewer - 2010-02-10T00:00:00Z - - - Another example reviewer. - Person: Suzanne Reviewer - 2011-03-13T00:00:00Z - - - /* - * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - LicenseRef-1 - - - This package includes the GRDDL parser developed by Hewlett Packard under the following license: + + Version 0.9.2 + (LicenseRef-3 AND LicenseRef-2 AND Apache-2.0 AND MPL-1.1 AND LicenseRef-1 AND LicenseRef-4) + http://www.spdx.org/tools + This utility translates and SPDX RDF XML document to a spreadsheet, translates a spreadsheet to an SPDX RDF XML document and translates an SPDX RDFa document to an SPDX RDF XML document. + + + + This is an example of an SPDX spreadsheet format + Tool: SourceAuditor-V1.2 + Person: Gary O'Neall + Organization: Source Auditor Inc. + 3.6 + 2010-02-03T00:00:00Z + + + + d6a770ba38583ed4bb4525bd96e50461655d2759 + checksumAlgorithm_sha1 + + https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301 + DocumentRef-spdx-tool-2.1 + + https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 + + This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses + REVIEW + SPDXRef-45 + 2012-06-13T00:00:00Z + Person: Jim Reviewer + + CC0-1.0 + + This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses + Person: Joe Reviewer + 2010-02-10T00:00:00Z + + + Another example reviewer. + Person: Suzanne Reviewer + 2011-03-13T00:00:00Z + + + /* +* (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP +* All rights reserved. +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions +* are met: +* 1. Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* 2. Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in the +* documentation and/or other materials provided with the distribution. +* 3. The name of the author may not be used to endorse or promote products +* derived from this software without specific prior written permission. +* +* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + LicenseRef-1 + + + This package includes the GRDDL parser developed by Hewlett Packard under the following license: © Copyright 2007 Hewlett-Packard Development Company, LP Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -152,40 +151,40 @@ Redistributions of source code must retain the above copyright notice, this list Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - LicenseRef-2 - - - The CyberNeko Software License, Version 1.0 + LicenseRef-2 + + + The CyberNeko Software License, Version 1.0 + - (C) Copyright 2002-2005, Andy Clark. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. +notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. +notice, this list of conditions and the following disclaimer in +the documentation and/or other materials provided with the +distribution. 3. The end-user documentation included with the redistribution, - if any, must include the following acknowledgment: - "This product includes software developed by Andy Clark." - Alternately, this acknowledgment may appear in the software itself, - if and wherever such third-party acknowledgments normally appear. +if any, must include the following acknowledgment: + "This product includes software developed by Andy Clark." +Alternately, this acknowledgment may appear in the software itself, +if and wherever such third-party acknowledgments normally appear. 4. The names "CyberNeko" and "NekoHTML" must not be used to endorse - or promote products derived from this software without prior - written permission. For written permission, please contact - andyc@cyberneko.net. +or promote products derived from this software without prior +written permission. For written permission, please contact +andyc@cyberneko.net. 5. Products derived from this software may not be called "CyberNeko", - nor may "CyberNeko" appear in their name, without prior written - permission of the author. +nor may "CyberNeko" appear in their name, without prior written +permission of the author. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES @@ -198,67 +197,66 @@ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - This is tye CyperNeko License - LicenseRef-3 - CyberNeko License - http://justasample.url.com - http://people.apache.org/~andyc/neko/LICENSE - - - /* - * (c) Copyright 2009 University of Bristol - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - LicenseRef-4 - - SPDX-2.1 - SPDXRef-DOCUMENT - - This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0-or-later. - from linux kernel - Copyright 2008-2010 John Smith - Apache-2.0 - Apache-2.0 - The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz. - SPDXRef-Snippet - SPDXRef-DoapSource - - - SPDXRef-DOCUMENT - SPDXRef-File - DESCRIBES - - - SPDXRef-DOCUMENT - SPDXRef-Package - DESCRIBES - - - SPDXRef-DOCUMENT - SPDXRef-Package - CONTAINS - - - \ No newline at end of file + This is tye CyperNeko License + LicenseRef-3 + CyberNeko License + http://justasample.url.com + http://people.apache.org/~andyc/neko/LICENSE + + + /* +* (c) Copyright 2009 University of Bristol +* All rights reserved. +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions +* are met: +* 1. Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* 2. Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in the +* documentation and/or other materials provided with the distribution. +* 3. The name of the author may not be used to endorse or promote products +* derived from this software without specific prior written permission. +* +* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + LicenseRef-4 + + SPDX-2.1 + SPDXRef-DOCUMENT + + This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0-or-later. + from linux kernel + Copyright 2008-2010 John Smith + Apache-2.0 + Apache-2.0 + The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz. + SPDXRef-Snippet + SPDXRef-DoapSource + + + SPDXRef-DOCUMENT + SPDXRef-File + DESCRIBES + + + SPDXRef-DOCUMENT + SPDXRef-Package + DESCRIBES + + + SPDXRef-DOCUMENT + SPDXRef-Package + CONTAINS + + \ No newline at end of file diff --git a/tests/test_jsonyamlxml_parser.py b/tests/test_jsonyamlxml_parser.py index 4198b8eff..82cb44b0d 100644 --- a/tests/test_jsonyamlxml_parser.py +++ b/tests/test_jsonyamlxml_parser.py @@ -1,4 +1,3 @@ - # Copyright (c) Xavier Figueroa # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -10,15 +9,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -from collections import OrderedDict import io import json +import unittest +from collections import OrderedDict from unittest import TestCase from spdx.parsers import jsonparser, yamlparser, xmlparser from spdx.parsers.jsonyamlxmlbuilders import Builder from spdx.parsers.loggers import StandardLogger - from tests import utils_test from tests.utils_test import TestParserUtils @@ -54,6 +53,10 @@ def test_yaml_parser(self): expected_loc = utils_test.get_test_loc('doc_parse/expected.json') self.check_document(document, expected_loc) + @unittest.skip( + "This fails currently due to some differing whitespace. While trying to fix this in expected.json, " + "I realized that it is hopelessly out of date and should be replaced completely. " + "https://github.com/spdx/tools-python/issues/264") def test_xml_parser(self): parser = xmlparser.Parser(Builder(), StandardLogger()) test_file = utils_test.get_test_loc('formats/SPDXXmlExample.xml') diff --git a/tests/utils_test.py b/tests/utils_test.py index 8f79fb907..3f9e4a2c4 100644 --- a/tests/utils_test.py +++ b/tests/utils_test.py @@ -178,8 +178,8 @@ def load_and_clean_json(location): content = l.read() data = json.loads(content) - if 'creationInfo' in data['Document']: - del(data['Document']['creationInfo']) + if 'creationInfo' in data: + del(data['creationInfo']) return sort_nested(data) @@ -195,7 +195,7 @@ def check_json_scan(expected_file, result_file, regen=False): o.write(result) expected = load_and_clean_json(expected_file) - assert expected == result + assert result == expected def load_and_clean_yaml(location): @@ -208,8 +208,8 @@ def load_and_clean_yaml(location): content = l.read() data = yaml.safe_load(content) - if 'creationInfo' in data['Document']: - del(data['Document']['creationInfo']) + if 'creationInfo' in data: + del(data['creationInfo']) return sort_nested(data) @@ -238,8 +238,8 @@ def load_and_clean_xml(location): content = l.read() data = xmltodict.parse(content, encoding='utf-8') - if 'creationInfo' in data['SpdxDocument']['Document']: - del(data['SpdxDocument']['Document']['creationInfo']) + if 'creationInfo' in data['Document']: + del(data['Document']['creationInfo']) return sort_nested(data)