[issue-184] validate against json-spec

data/SPDXYamlExample.yaml

@@ -1,109 +1,77 @@
----
 Document:
   annotations:
-  - annotationDate: '2012-06-13T00:00:00Z'
-    annotationType: REVIEW
-    annotator: 'Person: Jim Reviewer'
-    comment: This is just an example. Some of the non-standard licenses look like
-      they are actually BSD 3 clause licenses
-    SPDXID: SPDXRef-45
+    - annotationDate: '2012-06-13T00:00:00Z'
+      annotationType: REVIEW
+      annotator: 'Person: Jim Reviewer'
+      comment: This is just an example. Some of the non-standard licenses look like
+        they are actually BSD 3 clause licenses
+      SPDXID: SPDXRef-45
   comment: This is a sample spreadsheet
   creationInfo:
     comment: This is an example of an SPDX spreadsheet format
     created: '2010-02-03T00:00:00Z'
     creators:
-    - 'Tool: SourceAuditor-V1.2'
-    - 'Organization: Source Auditor Inc.'
-    - 'Person: Gary O''Neall'
+      - 'Tool: SourceAuditor-V1.2'
+      - 'Organization: Source Auditor Inc.'
+      - 'Person: Gary O''Neall'
     licenseListVersion: '3.6'
   dataLicense: CC0-1.0
   documentDescribes:
-  - Package:
-      SPDXID: SPDXRef-Package
+    - SPDXRef-Package
+  packages:
+    - SPDXID: SPDXRef-Package
       checksums:
-      - algorithm: checksumAlgorithm_sha1
-        checksumValue: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
+        - algorithm: checksumAlgorithm_sha1
+          checksumValue: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
       copyrightText: ' Copyright 2010, 2011 Source Auditor Inc.'
       description: This utility translates and SPDX RDF XML document to a spreadsheet,
         translates a spreadsheet to an SPDX RDF XML document and translates an SPDX
         RDFa document to an SPDX RDF XML document.
       downloadLocation: http://www.spdx.org/tools
       attributionTexts:
-      - "The GNU C Library is free software.  See the file COPYING.LIB for copying conditions,\
+        - "The GNU C Library is free software.  See the file COPYING.LIB for copying conditions,\
         \ and LICENSES for notices about a few contributions that require these additional\
         \ notices to be distributed.  License copyright years may be listed using range\
         \ notation, e.g., 1996-2015, indicating that every year in the range, inclusive,\
         \ is a copyrightable year that would otherwise be listed individually."
-      files:
-      - File:
-          checksums:
-          - algorithm: checksumAlgorithm_sha1
-            checksumValue: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125
-          comment: This file belongs to Jena
-          copyrightText: (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
-            2008, 2009 Hewlett-Packard Development Company, LP
-          artifactOf:
-            - name: "Jena"
-              homePage: "http://www.openjena.org/"
-              projectUri: "http://subversion.apache.org/doap.rdf"
-          fileTypes:
-          - fileType_archive
-          SPDXID: SPDXRef-File1
-          licenseComments: This license is used by Jena
-          licenseConcluded: LicenseRef-1
-          licenseInfoFromFiles:
-          - LicenseRef-1
-          name: Jenna-2.6.3/jena-2.6.3-sources.jar
-          sha1: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125
-      - File:
-          checksums:
-          - algorithm: checksumAlgorithm_sha1
-            checksumValue: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
-          copyrightText: Copyright 2010, 2011 Source Auditor Inc.
-          fileTypes:
-          - fileType_source
-          SPDXID: SPDXRef-File2
-          licenseConcluded: Apache-2.0
-          licenseInfoFromFiles:
-          - Apache-2.0
-          name: src/org/spdx/parser/DOAPProject.java
-          sha1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
       licenseComments: The declared license information can be found in the NOTICE
         file at the root of the archive file
       licenseConcluded: (LicenseRef-3 AND LicenseRef-1 AND MPL-1.1 AND Apache-2.0
         AND LicenseRef-2 AND Apache-1.0 AND LicenseRef-4)
       licenseDeclared: (MPL-1.1 AND LicenseRef-4 AND LicenseRef-2 AND LicenseRef-1
         AND Apache-2.0 AND LicenseRef-3)
       licenseInfoFromFiles:
-      - Apache-2.0
-      - MPL-1.1
-      - LicenseRef-3
-      - LicenseRef-1
-      - LicenseRef-4
-      - Apache-1.0
-      - LicenseRef-2
+        - Apache-2.0
+        - MPL-1.1
+        - LicenseRef-3
+        - LicenseRef-1
+        - LicenseRef-4
+        - Apache-1.0
+        - LicenseRef-2
       name: SPDX Translator
       originator: 'Organization: SPDX'
       packageFileName: spdxtranslator-1.0.zip
+      hasFiles:
+        - SPDXRef-File1
+        - SPDXRef-File2
       packageVerificationCode:
         packageVerificationCodeExcludedFiles:
-        - SpdxTranslatorSpdx.txt
-        - SpdxTranslatorSpdx.rdf
+          - SpdxTranslatorSpdx.txt
+          - SpdxTranslatorSpdx.rdf
         packageVerificationCodeValue: 4e3211c67a2d28fced849ee1bb76e7391b93feba
-      sha1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
       sourceInfo: Version 1.0 of the SPDX Translator application
       summary: SPDX Translator utility
       supplier: 'Organization: Linux Foundation'
       versionInfo: Version 0.9.2
   externalDocumentRefs:
-  - checksum:
-      algorithm: checksumAlgorithm_sha1
-      checksumValue: d6a770ba38583ed4bb4525bd96e50461655d2759
-    externalDocumentId: DocumentRef-spdx-tool-2.1
-    spdxDocument: https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301
+    - checksum:
+        algorithm: checksumAlgorithm_sha1
+        checksumValue: d6a770ba38583ed4bb4525bd96e50461655d2759
+      externalDocumentId: DocumentRef-spdx-tool-2.1
+      spdxDocument: https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301
   hasExtractedLicensingInfos:
-  - comment: This is tye CyperNeko License
-    extractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright\
+    - comment: This is tye CyperNeko License
+      extractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright\
       \ 2002-2005, Andy Clark.  All rights reserved.\n \nRedistribution and use in\
       \ source and binary forms, with or without\nmodification, are permitted provided\
       \ that the following conditions\nare met:\n\n1. Redistributions of source code\
@@ -130,12 +98,12 @@ Document:
       \ CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY,\
       \ OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE\
       \ USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
-    licenseId: LicenseRef-3
-    name: CyberNeko License
-    seeAlso:
-    - http://justasample.url.com
-    - http://people.apache.org/~andyc/neko/LICENSE
-  - extractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006,\
+      licenseId: LicenseRef-3
+      name: CyberNeko License
+      seeAlso:
+        - http://justasample.url.com
+        - http://people.apache.org/~andyc/neko/LICENSE
+    - extractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006,\
       \ 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n\
       \ *\n * Redistribution and use in source and binary forms, with or without\n\
       \ * modification, are permitted provided that the following conditions\n * are\
@@ -156,8 +124,8 @@ Document:
       \ CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE)\
       \ ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF\
       \ THE POSSIBILITY OF SUCH DAMAGE.\n */"
-    licenseId: LicenseRef-1
-  - extractedText: "This package includes the GRDDL parser developed by Hewlett Packard\
+      licenseId: LicenseRef-1
+    - extractedText: "This package includes the GRDDL parser developed by Hewlett Packard\
       \ under the following license:\n\xA9 Copyright 2007 Hewlett-Packard Development\
       \ Company, LP\n\nRedistribution and use in source and binary forms, with or\
       \ without modification, are permitted provided that the following conditions\
@@ -177,8 +145,8 @@ Document:
       \ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\
       \ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\
       \ POSSIBILITY OF SUCH DAMAGE. "
-    licenseId: LicenseRef-2
-  - extractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights\
+      licenseId: LicenseRef-2
+    - extractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights\
       \ reserved.\n *\n * Redistribution and use in source and binary forms, with\
       \ or without\n * modification, are permitted provided that the following conditions\n\
       \ * are met:\n * 1. Redistributions of source code must retain the above copyright\n\
@@ -198,40 +166,61 @@ Document:
       \ CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE)\
       \ ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF\
       \ THE POSSIBILITY OF SUCH DAMAGE.\n */  "
-    licenseId: LicenseRef-4
+      licenseId: LicenseRef-4
   SPDXID: SPDXRef-DOCUMENT
   name: Sample_Document-V2.1
   documentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301
-  relationships:
-  - spdxElementId: "SPDXRef-DOCUMENT"
-    relatedSpdxElement: "SPDXRef-Package"
-    relationshipType: "DESCRIBES"
-  - spdxElementId: "SPDXRef-DOCUMENT"
-    relatedSpdxElement: "SPDXRef-Package"
-    relationshipType: "CONTAINS"
-  - spdxElementId: "SPDXRef-DOCUMENT"
-    relatedSpdxElement: "SPDXRef-File"
-    relationshipType: "DESCRIBES"
   reviewers:
-  - comment: Another example reviewer.
-    reviewDate: '2011-03-13T00:00:00Z'
-    reviewer: 'Person: Suzanne Reviewer'
-  - comment: This is just an example.  Some of the non-standard licenses look like
-      they are actually BSD 3 clause licenses
-    reviewDate: '2010-02-10T00:00:00Z'
-    reviewer: 'Person: Joe Reviewer'
+    - comment: Another example reviewer.
+      reviewDate: '2011-03-13T00:00:00Z'
+      reviewer: 'Person: Suzanne Reviewer'
+    - comment: This is just an example.  Some of the non-standard licenses look like
+        they are actually BSD 3 clause licenses
+      reviewDate: '2010-02-10T00:00:00Z'
+      reviewer: 'Person: Joe Reviewer'
   snippets:
-  - comment: This snippet was identified as significant and highlighted in this Apache-2.0
-      file, when a commercial scanner identified it as being derived from file foo.c
-      in package xyz which is licensed under GPL-2.0-or-later.
-    copyrightText: Copyright 2008-2010 John Smith
-    fileId: SPDXRef-DoapSource
-    SPDXID: SPDXRef-Snippet
-    licenseComments: The concluded license was taken from package xyz, from which
-      the snippet was copied into the current file. The concluded license information
-      was found in the COPYING.txt file in package xyz.
-    licenseConcluded: Apache-2.0
-    licenseInfoFromSnippet:
-    - Apache-2.0
-    name: from linux kernel
+    - comment: This snippet was identified as significant and highlighted in this Apache-2.0
+        file, when a commercial scanner identified it as being derived from file foo.c
+        in package xyz which is licensed under GPL-2.0-or-later.
+      copyrightText: Copyright 2008-2010 John Smith
+      fileId: SPDXRef-DoapSource
+      SPDXID: SPDXRef-Snippet
+      licenseComments: The concluded license was taken from package xyz, from which
+        the snippet was copied into the current file. The concluded license information
+        was found in the COPYING.txt file in package xyz.
+      licenseConcluded: Apache-2.0
+      licenseInfoFromSnippet:
+        - Apache-2.0
+      name: from linux kernel
   spdxVersion: SPDX-2.1
+  files:
+    - SPDXID: SPDXRef-File1
+      checksums:
+        - algorithm: checksumAlgorithm_sha1
+          checksumValue: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125
+      comment: This file belongs to Jena
+      copyrightText: (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+        2008, 2009 Hewlett-Packard Development Company, LP
+      artifactOf:
+        - name: "Jena"
+          homePage: "http://www.openjena.org/"
+          projectUri: "http://subversion.apache.org/doap.rdf"
+      fileTypes:
+        - fileType_archive
+      licenseComments: This license is used by Jena
+      licenseConcluded: LicenseRef-1
+      licenseInfoInFiles:
+        - LicenseRef-1
+      fileName: Jenna-2.6.3/jena-2.6.3-sources.jar
+
+    - SPDXID: SPDXRef-File2
+      checksums:
+        - algorithm: checksumAlgorithm_sha1
+          checksumValue: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
+      copyrightText: Copyright 2010, 2011 Source Auditor Inc.
+      fileTypes:
+        - fileType_source
+      licenseConcluded: Apache-2.0
+      licenseInfoInFiles:
+        - Apache-2.0
+      fileName: src/org/spdx/parser/DOAPProject.java

examples/write_tv.py

@@ -34,7 +34,7 @@
     testfile1.type = FileType.BINARY
     testfile1.spdx_id = "TestFilet#SPDXRef-FILE"
     testfile1.comment = "This is a test file."
-    testfile1.chk_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
+    testfile1.chksum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
     testfile1.conc_lics = License.from_identifier("BSD-2-Clause")
     testfile1.add_lics(License.from_identifier("BSD-2-Clause"))
     testfile1.copyright = SPDXNone()
@@ -46,7 +46,7 @@
     testfile2.type = FileType.SOURCE
     testfile2.spdx_id = "TestFile2#SPDXRef-FILE"
     testfile2.comment = "This is a test file."
-    testfile2.chk_sum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
+    testfile2.chksum = Algorithm("SHA1", "bb154f28d1cf0646ae21bb0bec6c669a2b90e113")
     testfile2.conc_lics = License.from_identifier("Apache-2.0")
     testfile2.add_lics(License.from_identifier("Apache-2.0"))
     testfile2.copyright = NoAssert()
@@ -58,7 +58,7 @@
     package.file_name = "twt.jar"
     package.spdx_id = 'TestPackage#SPDXRef-PACKAGE'
     package.download_location = "http://www.tagwritetest.test/download"
-    package.check_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
+    package.checksum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")
     package.homepage = SPDXNone()
     package.verif_code = "4e3211c67a2d28fced849ee1bb76e7391b93feba"
     license_set = LicenseConjunction(

spdx/cli_tools/parser.py

@@ -50,8 +50,8 @@ def main(file, force):
         "Package Download Location: {0}".format(doc.package.download_location)
     )
     print("Package Homepage: {0}".format(doc.package.homepage))
-    if doc.package.check_sum:
-        print("Package Checksum: {0}".format(doc.package.check_sum.value))
+    if doc.package.checksum:
+        print("Package Checksum: {0}".format(doc.package.checksum.value))
     print("Package Attribution Text: {0}".format(doc.package.attribution_text))
     print("Package verification code: {0}".format(doc.package.verif_code))
     print(
@@ -77,7 +77,7 @@ def main(file, force):
     for f in doc.files:
         print("\tFile name: {0}".format(f.name))
         print("\tFile type: {0}".format(VALUES[f.type]))
-        print("\tFile Checksum: {0}".format(f.chk_sum.value))
+        print("\tFile Checksum: {0}".format(f.chksum.value))
         print("\tFile license concluded: {0}".format(f.conc_lics))
         print(
             "\tFile license info in file: {0}".format(

spdx/creationinfo.py

@@ -44,7 +44,7 @@ class Organization(Creator):
     - email: Org's email address. Optional. Type: str.
     """
 
-    def __init__(self, name, email):
+    def __init__(self, name, email=None):
         super(Organization, self).__init__(name)
         self.email = email
 
@@ -80,7 +80,7 @@ class Person(Creator):
     - email: person's email address. Optional. Type: str.
     """
 
-    def __init__(self, name, email):
+    def __init__(self, name, email=None):
         super(Person, self).__init__(name)
         self.email = email