[issue-184] squashed review commits

 - correct checksum in json example
 - add JSONExample2.2 from spec but exclude in tests since 2.2 is not yet completely supported
 - add files only once if they appear in multiple packages
 - parse only spdxid in documentDescribes, delete commented out code
 - delete unused XMLWriter and JsonYamlWriter class, updated xml test results
 - rework create_document_describes method
 - delete surrounding document in json/yaml test
 - rename licenseinfoinfiles method according to variable
 - rename chk_sum/ check_sum to chksum/checksum
 - delete duplicated relationships from json/yaml/xml

Signed-off-by: Meret Behrens <[email protected]>

data/SPDXJsonExample.json

@@ -42,7 +42,7 @@
       "checksums": [
         {
           "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
-          "algorithm": "checksumAlgorithm_sha1"
+          "algorithm": "SHA1"
         }
       ],
       "versionInfo": "Version 0.9.2",
@@ -71,7 +71,7 @@
       "checksums": [
         {
           "checksumValue": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125",
-          "algorithm": "checksumAlgorithm_sha1"
+          "algorithm": "SHA1"
         }
       ],
       "fileTypes": [
@@ -89,7 +89,7 @@
       "checksums": [
         {
           "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
-          "algorithm": "checksumAlgorithm_sha1"
+          "algorithm": "SHA1"
         }
       ],
       "fileTypes": [
@@ -112,7 +112,7 @@
     {
       "checksum": {
         "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759",
-        "algorithm": "checksumAlgorithm_sha1"
+        "algorithm": "SHA1"
       },
       "spdxDocument": "https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301",
       "externalDocumentId": "DocumentRef-spdx-tool-2.1"
@@ -128,23 +128,6 @@
       "annotator": "Person: Jim Reviewer"
     }
   ],
-  "relationships": [
-    {
-      "spdxElementId": "SPDXRef-DOCUMENT",
-      "relatedSpdxElement": "SPDXRef-Package",
-      "relationshipType": "CONTAINS"
-    },
-    {
-      "spdxElementId": "SPDXRef-DOCUMENT",
-      "relatedSpdxElement": "SPDXRef-File",
-      "relationshipType": "DESCRIBES"
-    },
-    {
-      "spdxElementId": "SPDXRef-DOCUMENT",
-      "relatedSpdxElement": "SPDXRef-Package",
-      "relationshipType": "DESCRIBES"
-    }
-  ],
   "dataLicense": "CC0-1.0",
   "reviewers": [
     {
@@ -160,11 +143,11 @@
   ],
   "hasExtractedLicensingInfos": [
     {
-      "extractedText": "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n\u00a9 Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ",
+      "extractedText": "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n\u00a9 Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.\nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.\nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.\nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ",
       "licenseId": "LicenseRef-2"
     },
     {
-      "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark.  All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in\n   the documentation and/or other materials provided with the\n   distribution.\n\n3. The end-user documentation included with the redistribution,\n   if any, must include the following acknowledgment:  \n     \"This product includes software developed by Andy Clark.\"\n   Alternately, this acknowledgment may appear in the software itself,\n   if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n   or promote products derived from this software without prior \n   written permission. For written permission, please contact \n   [email protected].\n\n5. Products derived from this software may not be called \"CyberNeko\",\n   nor may \"CyberNeko\" appear in their name, without prior written\n   permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
+      "extractedText": "The CyberNeko Software License, Version 1.0\n\n\n(C) Copyright 2002-2005, Andy Clark.  All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in\n   the documentation and/or other materials provided with the\n   distribution.\n\n3. The end-user documentation included with the redistribution,\n   if any, must include the following acknowledgment:\n     \"This product includes software developed by Andy Clark.\"\n   Alternately, this acknowledgment may appear in the software itself,\n   if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n   or promote products derived from this software without prior\n   written permission. For written permission, please contact\n   [email protected].\n\n5. Products derived from this software may not be called \"CyberNeko\",\n   nor may \"CyberNeko\" appear in their name, without prior written\n   permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
       "comment": "This is tye CyperNeko License",
       "licenseId": "LicenseRef-3",
       "name": "CyberNeko License",

data/SPDXXmlExample.xml

@@ -237,19 +237,4 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</extractedText>
 			<SPDXID>SPDXRef-Snippet</SPDXID>
 			<fileId>SPDXRef-DoapSource</fileId>
         </snippets>
-        <relationships>
-            <spdxElementId>SPDXRef-DOCUMENT</spdxElementId>
-            <relatedSpdxElement>SPDXRef-File</relatedSpdxElement>
-            <relationshipType>DESCRIBES</relationshipType>
-        </relationships>
-        <relationships>
-            <spdxElementId>SPDXRef-DOCUMENT</spdxElementId>
-            <relatedSpdxElement>SPDXRef-Package</relatedSpdxElement>
-            <relationshipType>DESCRIBES</relationshipType>
-        </relationships>
-        <relationships>
-            <spdxElementId>SPDXRef-DOCUMENT</spdxElementId>
-            <relatedSpdxElement>SPDXRef-Package</relatedSpdxElement>
-            <relationshipType>CONTAINS</relationshipType>
-        </relationships>
 	</Document>

data/SPDXYamlExample.yaml

@@ -170,16 +170,6 @@ Document:
   SPDXID: SPDXRef-DOCUMENT
   name: Sample_Document-V2.1
   documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301
-  relationships:
-    - spdxElementId: "SPDXRef-DOCUMENT"
-      relatedSpdxElement: "SPDXRef-Package"
-      relationshipType: "DESCRIBES"
-    - spdxElementId: "SPDXRef-DOCUMENT"
-      relatedSpdxElement: "SPDXRef-Package"
-      relationshipType: "CONTAINS"
-    - spdxElementId: "SPDXRef-DOCUMENT"
-      relatedSpdxElement: "SPDXRef-File"
-      relationshipType: "DESCRIBES"
   reviewers:
     - comment: Another example reviewer.
       reviewDate: '2011-03-13T00:00:00Z'

examples/write_tv.py

@@ -34,7 +34,7 @@
     testfile1.type = FileType.BINARY
     testfile1.spdx_id = "TestFilet#SPDXRef-FILE"
     testfile1.comment = "This is a test file."
-    testfile1.chk_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
+    testfile1.chksum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
     testfile1.conc_lics = License.from_identifier("BSD-2-Clause")
     testfile1.add_lics(License.from_identifier("BSD-2-Clause"))
     testfile1.copyright = SPDXNone()
@@ -46,7 +46,7 @@
     testfile2.type = FileType.SOURCE
     testfile2.spdx_id = "TestFile2#SPDXRef-FILE"
     testfile2.comment = "This is a test file."
-    testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
+    testfile2.chksum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
     testfile2.conc_lics = License.from_identifier("Apache-2.0")
     testfile2.add_lics(License.from_identifier("Apache-2.0"))
     testfile2.copyright = NoAssert()
@@ -58,7 +58,7 @@
     package.file_name = "twt.jar"
     package.spdx_id = 'TestPackage#SPDXRef-PACKAGE'
     package.download_location = "http://www.tagwritetest.test/download"
-    package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
+    package.checksum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
     package.homepage = SPDXNone()
     package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba"
     license_set = LicenseConjunction(

spdx/cli_tools/parser.py

@@ -50,8 +50,8 @@ def main(file, force):
         "Package Download Location: {0}".format(doc.package.download_location)
     )
     print("Package Homepage: {0}".format(doc.package.homepage))
-    if doc.package.check_sum:
-        print("Package Checksum: {0}".format(doc.package.check_sum.value))
+    if doc.package.checksum:
+        print("Package Checksum: {0}".format(doc.package.checksum.value))
     print("Package Attribution Text: {0}".format(doc.package.attribution_text))
     print("Package verification code: {0}".format(doc.package.verif_code))
     print(
@@ -77,7 +77,7 @@ def main(file, force):
     for f in doc.files:
         print("\tFile name: {0}".format(f.name))
         print("\tFile type: {0}".format(VALUES[f.type]))
-        print("\tFile Checksum: {0}".format(f.chk_sum.value))
+        print("\tFile Checksum: {0}".format(f.chksum.value))
         print("\tFile license concluded: {0}".format(f.conc_lics))
         print(
             "\tFile license info in file: {0}".format(

spdx/file.py

@@ -42,7 +42,7 @@ class File(object):
     - comment: File comment str, Optional zero or one.
     - type: one of FileType.SOURCE, FileType.BINARY, FileType.ARCHIVE
       and FileType.OTHER, optional zero or one.
-    - chk_sum: SHA1, Mandatory one.
+    - chksum: SHA1, Mandatory one.
     - conc_lics: Mandatory one. document.License or utils.NoAssert or utils.SPDXNone.
     - licenses_in_file: list of licenses found in file, mandatory one or more.
       document.License or utils.SPDXNone or utils.NoAssert.
@@ -58,12 +58,12 @@ class File(object):
     -attribution_text: optional string.
     """
 
-    def __init__(self, name, spdx_id=None, chk_sum=None):
+    def __init__(self, name, spdx_id=None, chksum=None):
         self.name = name
         self.spdx_id = spdx_id
         self.comment = None
         self.type = None
-        self.checksums = [None]
+        self.checksums = [chksum]
         self.conc_lics = None
         self.licenses_in_file = []
         self.license_comment = None
@@ -83,15 +83,15 @@ def __lt__(self, other):
         return self.name < other.name
 
     @property
-    def chk_sum(self):
+    def chksum(self):
         """
         Backwards compatibility, return first checksum.
         """
         # NOTE Package.check_sum but File.chk_sum
         return self.checksums[0]
 
-    @chk_sum.setter
-    def chk_sum(self, value):
+    @chksum.setter
+    def chksum(self, value):
         self.checksums[0] = value
 
     def add_lics(self, lics):
@@ -190,12 +190,12 @@ def validate_type(self, messages):
         return messages
 
     def validate_checksum(self, messages):
-        if not isinstance(self.chk_sum, checksum.Algorithm):
+        if not isinstance(self.chksum, checksum.Algorithm):
             messages.append(
                 "File checksum must be instance of spdx.checksum.Algorithm"
             )
         else:
-            if not self.chk_sum.identifier == "SHA1":
+            if not self.chksum.identifier == "SHA1":
                 messages.append("File checksum algorithm must be SHA1")
 
         return messages

spdx/package.py

@@ -106,15 +106,15 @@ def are_files_analyzed(self):
         # return self.files_analyzed or self.files_analyzed is None
 
     @property
-    def check_sum(self):
+    def checksum(self):
         """
         Backwards compatibility, return first checksum.
         """
         # NOTE Package.check_sum but File.chk_sum
         return self.checksums[0]
 
-    @check_sum.setter
-    def check_sum(self, value):
+    @checksum.setter
+    def checksum(self, value):
         self.checksums[0] = value
 
     def add_file(self, fil):
@@ -283,12 +283,12 @@ def validate_str_fields(self, fields, optional, messages):
         return messages
 
     def validate_checksum(self, messages):
-        if self.check_sum is not None:
-            if not isinstance(self.check_sum, checksum.Algorithm):
+        if self.checksum is not None:
+            if not isinstance(self.checksum, checksum.Algorithm):
                 messages.append(
                     "Package checksum must be instance of spdx.checksum.Algorithm"
                 )
-            elif not self.check_sum.identifier == "SHA1":
+            elif not self.checksum.identifier == "SHA1":
                 messages.append(
                     "First checksum in package must be SHA1."
                 )
@@ -300,10 +300,10 @@ def calc_verif_code(self):
 
         for file_entry in self.files:
             if (
-                isinstance(file_entry.chk_sum, checksum.Algorithm)
-                and file_entry.chk_sum.identifier == "SHA1"
+                isinstance(file_entry.chksum, checksum.Algorithm)
+                and file_entry.chksum.identifier == "SHA1"
             ):
-                sha1 = file_entry.chk_sum.value
+                sha1 = file_entry.chksum.value
             else:
                 sha1 = file_entry.calc_chksum()
             hashes.append(sha1)