Add builder and tests for 2.2

Signed-off-by: Steve Winslow <steve@swinslow.net>

8 files changed, 590 insertions, 0 deletions

diff --git a/builder/builder2v2/build_creation_info.go b/builder/builder2v2/build_creation_info.go
new file mode 100644
index 0000000..89e1b3c
--- /dev/null
+++ b/builder/builder2v2/build_creation_info.go
@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// BuildCreationInfoSection2_2 creates an SPDX Package (version 2.2), returning that
+// package or error if any is encountered. Arguments:
+//   - packageName: name of package / directory
+//   - code: verification code from Package
+//   - namespacePrefix: prefix for DocumentNamespace (packageName and code will be added)
+//   - creatorType: one of Person, Organization or Tool
+//   - creator: creator string
+//   - testValues: for testing only; call with nil when using in production
+func BuildCreationInfoSection2_2(packageName string, code string, namespacePrefix string, creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_2, error) {
+	// build creator slices
+	cPersons := []string{}
+	cOrganizations := []string{}
+	cTools := []string{}
+	// add builder as a tool
+	cTools = append(cTools, "github.com/spdx/tools-golang/builder")
+
+	switch creatorType {
+	case "Person":
+		cPersons = append(cPersons, creator)
+	case "Organization":
+		cOrganizations = append(cOrganizations, creator)
+	case "Tool":
+		cTools = append(cTools, creator)
+	default:
+		cPersons = append(cPersons, creator)
+	}
+
+	// use test Created time if passing test values
+	location, _ := time.LoadLocation("UTC")
+	locationTime := time.Now().In(location)
+	created := locationTime.Format("2006-01-02T15:04:05Z")
+	if testVal := testValues["Created"]; testVal != "" {
+		created = testVal
+	}
+
+	ci := &spdx.CreationInfo2_2{
+		SPDXVersion:          "SPDX-2.2",
+		DataLicense:          "CC0-1.0",
+		SPDXIdentifier:       spdx.ElementID("DOCUMENT"),
+		DocumentName:         packageName,
+		DocumentNamespace:    fmt.Sprintf("%s%s-%s", namespacePrefix, packageName, code),
+		CreatorPersons:       cPersons,
+		CreatorOrganizations: cOrganizations,
+		CreatorTools:         cTools,
+		Created:              created,
+	}
+	return ci, nil
+}
diff --git a/builder/builder2v2/build_creation_info_test.go b/builder/builder2v2/build_creation_info_test.go
new file mode 100644
index 0000000..188bd74
--- /dev/null
+++ b/builder/builder2v2/build_creation_info_test.go
@@ -0,0 +1,167 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// ===== CreationInfo section builder tests =====
+func TestBuilder2_2CanBuildCreationInfoSection(t *testing.T) {
+
+	namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-"
+	creatorType := "Organization"
+	creator := "Jane Doe LLC"
+	testValues := make(map[string]string)
+	testValues["Created"] = "2018-10-20T16:48:00Z"
+	packageName := "project1"
+	verificationCode := "TESTCODE"
+
+	ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if ci == nil {
+		t.Fatalf("expected non-nil CreationInfo, got nil")
+	}
+	if ci.SPDXVersion != "SPDX-2.2" {
+		t.Errorf("expected %s, got %s", "SPDX-2.2", ci.SPDXVersion)
+	}
+	if ci.DataLicense != "CC0-1.0" {
+		t.Errorf("expected %s, got %s", "CC0-1.0", ci.DataLicense)
+	}
+	if ci.SPDXIdentifier != spdx.ElementID("DOCUMENT") {
+		t.Errorf("expected %s, got %v", "DOCUMENT", ci.SPDXIdentifier)
+	}
+	if ci.DocumentName != "project1" {
+		t.Errorf("expected %s, got %s", "project1", ci.DocumentName)
+	}
+	wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-project1-%s", verificationCode)
+	if ci.DocumentNamespace != wantNamespace {
+		t.Errorf("expected %s, got %s", wantNamespace, ci.DocumentNamespace)
+	}
+	if len(ci.CreatorPersons) != 0 {
+		t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons))
+	}
+	if len(ci.CreatorOrganizations) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorOrganizations))
+	}
+	if ci.CreatorOrganizations[0] != "Jane Doe LLC" {
+		t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.CreatorOrganizations[0])
+	}
+	if len(ci.CreatorTools) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools))
+	}
+	if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" {
+		t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0])
+	}
+	if ci.Created != "2018-10-20T16:48:00Z" {
+		t.Errorf("expected %s, got %s", "2018-10-20T16:48:00Z", ci.Created)
+	}
+}
+
+func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) {
+	namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-"
+	creatorType := "Person"
+	creator := "John Doe"
+	testValues := make(map[string]string)
+	testValues["Created"] = "2018-10-20T16:48:00Z"
+	packageName := "project1"
+	verificationCode := "TESTCODE"
+
+	ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if ci == nil {
+		t.Fatalf("expected non-nil CreationInfo, got nil")
+	}
+	if len(ci.CreatorPersons) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons))
+	}
+	if ci.CreatorPersons[0] != "John Doe" {
+		t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0])
+	}
+	if len(ci.CreatorOrganizations) != 0 {
+		t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations))
+	}
+	if len(ci.CreatorTools) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools))
+	}
+	if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" {
+		t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0])
+	}
+}
+
+func TestBuilder2_2CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) {
+	namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-"
+	creatorType := "Tool"
+	creator := "some-other-tool-2.1"
+	testValues := make(map[string]string)
+	testValues["Created"] = "2018-10-20T16:48:00Z"
+	packageName := "project1"
+	verificationCode := "TESTCODE"
+
+	ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if ci == nil {
+		t.Fatalf("expected non-nil CreationInfo, got nil")
+	}
+	if len(ci.CreatorPersons) != 0 {
+		t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons))
+	}
+	if len(ci.CreatorOrganizations) != 0 {
+		t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations))
+	}
+	if len(ci.CreatorTools) != 2 {
+		t.Fatalf("expected %d, got %d", 2, len(ci.CreatorTools))
+	}
+	if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" {
+		t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0])
+	}
+	if ci.CreatorTools[1] != "some-other-tool-2.1" {
+		t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.CreatorTools[1])
+	}
+}
+
+func TestBuilder2_2CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) {
+	namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-"
+	creatorType := "Whatever"
+	creator := "John Doe"
+	testValues := make(map[string]string)
+	testValues["Created"] = "2018-10-20T16:48:00Z"
+	packageName := "project1"
+	verificationCode := "TESTCODE"
+
+	ci, err := BuildCreationInfoSection2_2(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if ci == nil {
+		t.Fatalf("expected non-nil CreationInfo, got nil")
+	}
+	if len(ci.CreatorPersons) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons))
+	}
+	if ci.CreatorPersons[0] != "John Doe" {
+		t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0])
+	}
+	if len(ci.CreatorOrganizations) != 0 {
+		t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations))
+	}
+	if len(ci.CreatorTools) != 1 {
+		t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools))
+	}
+	if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" {
+		t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0])
+	}
+}
diff --git a/builder/builder2v2/build_file.go b/builder/builder2v2/build_file.go
new file mode 100644
index 0000000..8042992
--- /dev/null
+++ b/builder/builder2v2/build_file.go
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/spdx/tools-golang/spdx"
+	"github.com/spdx/tools-golang/utils"
+)
+
+// BuildFileSection2_2 creates an SPDX File (version 2.2), returning that
+// file or error if any is encountered. Arguments:
+//   - filePath: path to file, relative to prefix
+//   - prefix: relative directory for filePath
+//   - fileNumber: integer index (unique within package) to use in identifier
+func BuildFileSection2_2(filePath string, prefix string, fileNumber int) (*spdx.File2_2, error) {
+	// build the full file path
+	p := filepath.Join(prefix, filePath)
+
+	// make sure we can get the file and its hashes
+	ssha1, ssha256, smd5, err := utils.GetHashesForFilePath(p)
+	if err != nil {
+		return nil, err
+	}
+
+	// build the identifier
+	i := fmt.Sprintf("File%d", fileNumber)
+
+	// now build the File section
+	f := &spdx.File2_2{
+		FileName:           filePath,
+		FileSPDXIdentifier: spdx.ElementID(i),
+		FileChecksumSHA1:   ssha1,
+		FileChecksumSHA256: ssha256,
+		FileChecksumMD5:    smd5,
+		LicenseConcluded:   "NOASSERTION",
+		LicenseInfoInFile:  []string{},
+		FileCopyrightText:  "NOASSERTION",
+	}
+
+	return f, nil
+}
diff --git a/builder/builder2v2/build_file_test.go b/builder/builder2v2/build_file_test.go
new file mode 100644
index 0000000..bd74421
--- /dev/null
+++ b/builder/builder2v2/build_file_test.go
@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"testing"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// ===== File section builder tests =====
+func TestBuilder2_2CanBuildFileSection(t *testing.T) {
+	filePath := "/file1.testdata.txt"
+	prefix := "../../testdata/project1/"
+	fileNumber := 17
+
+	file1, err := BuildFileSection2_2(filePath, prefix, fileNumber)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if file1 == nil {
+		t.Fatalf("expected non-nil file, got nil")
+	}
+	if file1.FileName != "/file1.testdata.txt" {
+		t.Errorf("expected %v, got %v", "/file1.testdata.txt", file1.FileName)
+	}
+	if file1.FileSPDXIdentifier != spdx.ElementID("File17") {
+		t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier)
+	}
+	if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" {
+		t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1)
+	}
+	if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" {
+		t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256)
+	}
+	if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" {
+		t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5)
+	}
+	if file1.LicenseConcluded != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded)
+	}
+	if len(file1.LicenseInfoInFile) != 0 {
+		t.Errorf("expected %v, got %v", 0, len(file1.LicenseInfoInFile))
+	}
+	if file1.FileCopyrightText != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", file1.FileCopyrightText)
+	}
+
+}
+
+func TestBuilder2_2BuildFileSectionFailsForInvalidFilePath(t *testing.T) {
+	filePath := "/file1.testdata.txt"
+	prefix := "oops/wrong/path"
+	fileNumber := 11
+
+	_, err := BuildFileSection2_2(filePath, prefix, fileNumber)
+	if err == nil {
+		t.Fatalf("expected non-nil error, got nil")
+	}
+}
diff --git a/builder/builder2v2/build_package.go b/builder/builder2v2/build_package.go
new file mode 100644
index 0000000..35c0a86
--- /dev/null
+++ b/builder/builder2v2/build_package.go
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"fmt"
+
+	"github.com/spdx/tools-golang/spdx"
+	"github.com/spdx/tools-golang/utils"
+)
+
+// BuildPackageSection2_2 creates an SPDX Package (version 2.2), returning
+// that package or error if any is encountered. Arguments:
+//   - packageName: name of package / directory
+//   - dirRoot: path to directory to be analyzed
+//   - pathsIgnore: slice of strings for filepaths to ignore
+func BuildPackageSection2_2(packageName string, dirRoot string, pathsIgnore []string) (*spdx.Package2_2, error) {
+	// build the file section first, so we'll have it available
+	// for calculating the package verification code
+	filepaths, err := utils.GetAllFilePaths(dirRoot, pathsIgnore)
+	if err != nil {
+		return nil, err
+	}
+
+	files := map[spdx.ElementID]*spdx.File2_2{}
+	fileNumber := 0
+	for _, fp := range filepaths {
+		newFile, err := BuildFileSection2_2(fp, dirRoot, fileNumber)
+		if err != nil {
+			return nil, err
+		}
+		files[newFile.FileSPDXIdentifier] = newFile
+		fileNumber++
+	}
+
+	// get the verification code
+	code, err := utils.GetVerificationCode2_2(files, "")
+	if err != nil {
+		return nil, err
+	}
+
+	// now build the package section
+	pkg := &spdx.Package2_2{
+		PackageName:                 packageName,
+		PackageSPDXIdentifier:       spdx.ElementID(fmt.Sprintf("Package-%s", packageName)),
+		PackageDownloadLocation:     "NOASSERTION",
+		FilesAnalyzed:               true,
+		IsFilesAnalyzedTagPresent:   true,
+		PackageVerificationCode:     code,
+		PackageLicenseConcluded:     "NOASSERTION",
+		PackageLicenseInfoFromFiles: []string{},
+		PackageLicenseDeclared:      "NOASSERTION",
+		PackageCopyrightText:        "NOASSERTION",
+		Files:                       files,
+	}
+
+	return pkg, nil
+}
diff --git a/builder/builder2v2/build_package_test.go b/builder/builder2v2/build_package_test.go
new file mode 100644
index 0000000..c7e4dc3
--- /dev/null
+++ b/builder/builder2v2/build_package_test.go
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"testing"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// ===== Package section builder tests =====
+func TestBuilder2_2CanBuildPackageSection(t *testing.T) {
+	packageName := "project1"
+	dirRoot := "../../testdata/project1/"
+
+	wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b"
+
+	pkg, err := BuildPackageSection2_2(packageName, dirRoot, nil)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if pkg == nil {
+		t.Fatalf("expected non-nil Package, got nil")
+	}
+	if pkg.PackageName != "project1" {
+		t.Errorf("expected %v, got %v", "project1", pkg.PackageName)
+	}
+	if pkg.PackageSPDXIdentifier != spdx.ElementID("Package-project1") {
+		t.Errorf("expected %v, got %v", "Package-project1", pkg.PackageSPDXIdentifier)
+	}
+	if pkg.PackageDownloadLocation != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation)
+	}
+	if pkg.FilesAnalyzed != true {
+		t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed)
+	}
+	if pkg.IsFilesAnalyzedTagPresent != true {
+		t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent)
+	}
+	if pkg.PackageVerificationCode != wantVerificationCode {
+		t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode)
+	}
+	if pkg.PackageLicenseConcluded != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseConcluded)
+	}
+	if len(pkg.PackageLicenseInfoFromFiles) != 0 {
+		t.Errorf("expected %v, got %v", 0, len(pkg.PackageLicenseInfoFromFiles))
+	}
+	if pkg.PackageLicenseDeclared != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseDeclared)
+	}
+	if pkg.PackageCopyrightText != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageCopyrightText)
+	}
+
+	// and make sure we got the right number of files, and check the first one
+	if pkg.Files == nil {
+		t.Fatalf("expected non-nil pkg.Files, got nil")
+	}
+	if len(pkg.Files) != 5 {
+		t.Fatalf("expected %d, got %d", 5, len(pkg.Files))
+	}
+	fileEmpty := pkg.Files[spdx.ElementID("File0")]
+	if fileEmpty == nil {
+		t.Fatalf("expected non-nil file, got nil")
+	}
+	if fileEmpty.FileName != "/emptyfile.testdata.txt" {
+		t.Errorf("expected %v, got %v", "/emptyfile.testdata.txt", fileEmpty.FileName)
+	}
+	if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") {
+		t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier)
+	}
+	if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" {
+		t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1)
+	}
+	if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" {
+		t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256)
+	}
+	if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" {
+		t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5)
+	}
+	if fileEmpty.LicenseConcluded != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded)
+	}
+	if len(fileEmpty.LicenseInfoInFile) != 0 {
+		t.Errorf("expected %v, got %v", 0, len(fileEmpty.LicenseInfoInFile))
+	}
+	if fileEmpty.FileCopyrightText != "NOASSERTION" {
+		t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.FileCopyrightText)
+	}
+}
+
+func TestBuilder2_2CanIgnoreFiles(t *testing.T) {
+	packageName := "project3"
+	dirRoot := "../../testdata/project3/"
+	pathsIgnored := []string{
+		"**/ignoredir/",
+		"/excludedir/",
+		"**/ignorefile.txt",
+		"/alsoEXCLUDEthis.txt",
+	}
+	pkg, err := BuildPackageSection2_2(packageName, dirRoot, pathsIgnored)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	// make sure we got the right files
+	if pkg.Files == nil {
+		t.Fatalf("expected non-nil pkg.Files, got nil")
+	}
+	if len(pkg.Files) != 5 {
+		t.Fatalf("expected %d, got %d", 5, len(pkg.Files))
+	}
+
+	want := "/dontscan.txt"
+	got := pkg.Files[spdx.ElementID("File0")].FileName
+	if want != got {
+		t.Errorf("expected %v, got %v", want, got)
+	}
+
+	want = "/keep/keep.txt"
+	got = pkg.Files[spdx.ElementID("File1")].FileName
+	if want != got {
+		t.Errorf("expected %v, got %v", want, got)
+	}
+
+	want = "/keep.txt"
+	got = pkg.Files[spdx.ElementID("File2")].FileName
+	if want != got {
+		t.Errorf("expected %v, got %v", want, got)
+	}
+
+	want = "/subdir/keep/dontscan.txt"
+	got = pkg.Files[spdx.ElementID("File3")].FileName
+	if want != got {
+		t.Errorf("expected %v, got %v", want, got)
+	}
+
+	want = "/subdir/keep/keep.txt"
+	got = pkg.Files[spdx.ElementID("File4")].FileName
+	if want != got {
+		t.Errorf("expected %v, got %v", want, got)
+	}
+}
diff --git a/builder/builder2v2/build_relationship.go b/builder/builder2v2/build_relationship.go
new file mode 100644
index 0000000..5eaf9de
--- /dev/null
+++ b/builder/builder2v2/build_relationship.go
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"fmt"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// BuildRelationshipSection2_2 creates an SPDX Relationship (version 2.2)
+// solely for the document "DESCRIBES" package relationship, returning that
+// relationship or error if any is encountered. Arguments:
+//   - packageName: name of package / directory
+func BuildRelationshipSection2_2(packageName string) (*spdx.Relationship2_2, error) {
+	rln := &spdx.Relationship2_2{
+		RefA:         spdx.MakeDocElementID("", "DOCUMENT"),
+		RefB:         spdx.MakeDocElementID("", fmt.Sprintf("Package-%s", packageName)),
+		Relationship: "DESCRIBES",
+	}
+
+	return rln, nil
+}
diff --git a/builder/builder2v2/build_relationship_test.go b/builder/builder2v2/build_relationship_test.go
new file mode 100644
index 0000000..4e8ba99
--- /dev/null
+++ b/builder/builder2v2/build_relationship_test.go
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package builder2v2
+
+import (
+	"testing"
+
+	"github.com/spdx/tools-golang/spdx"
+)
+
+// ===== Relationship section builder tests =====
+func TestBuilder2_2CanBuildRelationshipSection(t *testing.T) {
+	packageName := "project17"
+
+	rln, err := BuildRelationshipSection2_2(packageName)
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+
+	if rln == nil {
+		t.Fatalf("expected non-nil relationship, got nil")
+	}
+	if rln.RefA != spdx.MakeDocElementID("", "DOCUMENT") {
+		t.Errorf("expected %v, got %v", "DOCUMENT", rln.RefA)
+	}
+	if rln.RefB != spdx.MakeDocElementID("", "Package-project17") {
+		t.Errorf("expected %v, got %v", "Package-project17", rln.RefB)
+	}
+	if rln.Relationship != "DESCRIBES" {
+		t.Errorf("expected %v, got %v", "DESCRIBES", rln.Relationship)
+	}
+
+}