diff options
author | RishabhBhatnagar <bhatnagarrishabh4@gmail.com> | 2020-01-09 20:39:55 +0530 |
---|---|---|
committer | RishabhBhatnagar <bhatnagarrishabh4@gmail.com> | 2020-01-09 21:04:37 +0530 |
commit | cd59ee66408a908f7ef94548814514f6bc9fc906 (patch) | |
tree | 550b146d4de0cc00a4784147f7d8f2a7bc93cffe /licensediff | |
parent | f4fef41a45620391fca6481f4700b89de170ab88 (diff) | |
download | spdx-tools-cd59ee66408a908f7ef94548814514f6bc9fc906.tar.gz |
Create Go Module
- Unpack directory v0 to move all the content to the root directory.
- ./v0/* converted to ./*
- all the test cases were fixed to remove one directory less indexing for test files
- add go.mod
- go version 1.13 is used to have a relatively stable versioning system
Signed-off-by: RishabhBhatnagar <bhatnagarrishabh4@gmail.com>
Diffstat (limited to 'licensediff')
-rw-r--r-- | licensediff/licensediff.go | 81 | ||||
-rw-r--r-- | licensediff/licensediff_test.go | 499 |
2 files changed, 580 insertions, 0 deletions
diff --git a/licensediff/licensediff.go b/licensediff/licensediff.go new file mode 100644 index 0000000..9d693b0 --- /dev/null +++ b/licensediff/licensediff.go @@ -0,0 +1,81 @@ +// Package licensediff is used to generate a "diff" between the concluded +// licenses in two SPDX Packages, using the filename as the match point. +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package licensediff + +import ( + "github.com/spdx/tools-golang/spdx" +) + +// LicensePair is a result set where we are talking about two license strings, +// potentially differing, for a single filename between two SPDX Packages. +type LicensePair struct { + First string + Second string +} + +// MakePairs essentially just consolidates all files and LicenseConcluded +// strings into a single data structure. +func MakePairs(p1 *spdx.Package2_1, p2 *spdx.Package2_1) (map[string]LicensePair, error) { + pairs := map[string]LicensePair{} + + // first, go through and add all files/licenses from p1 + for _, f := range p1.Files { + pair := LicensePair{First: f.LicenseConcluded, Second: ""} + pairs[f.FileName] = pair + } + + // now, go through all files/licenses from p2. If already + // present, add as .second; if not, create new pair + for _, f := range p2.Files { + firstLic := "" + existingPair, ok := pairs[f.FileName] + if ok { + // already present; update it + firstLic = existingPair.First + } + // now, update what's there, either way + pair := LicensePair{First: firstLic, Second: f.LicenseConcluded} + pairs[f.FileName] = pair + } + + return pairs, nil +} + +// LicenseDiff is a structured version of the output of MakePairs. It is +// meant to make it easier to find and report on, e.g., just the files that +// have different licenses, or those that are in just one scan. +type LicenseDiff struct { + InBothChanged map[string]LicensePair + InBothSame map[string]string + InFirstOnly map[string]string + InSecondOnly map[string]string +} + +// MakeResults creates a more structured set of results from the output +// of MakePairs. +func MakeResults(pairs map[string]LicensePair) (*LicenseDiff, error) { + diff := &LicenseDiff{ + InBothChanged: map[string]LicensePair{}, + InBothSame: map[string]string{}, + InFirstOnly: map[string]string{}, + InSecondOnly: map[string]string{}, + } + + // walk through pairs and allocate them where they belong + for filename, pair := range pairs { + if pair.First == pair.Second { + diff.InBothSame[filename] = pair.First + } else { + if pair.First == "" { + diff.InSecondOnly[filename] = pair.Second + } else if pair.Second == "" { + diff.InFirstOnly[filename] = pair.First + } else { + diff.InBothChanged[filename] = pair + } + } + } + + return diff, nil +} diff --git a/licensediff/licensediff_test.go b/licensediff/licensediff_test.go new file mode 100644 index 0000000..4dedc58 --- /dev/null +++ b/licensediff/licensediff_test.go @@ -0,0 +1,499 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package licensediff + +import ( + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +// ===== License diff top-level function tests ===== +func TestDifferCanCreateDiffPairs(t *testing.T) { + // create files to be used in diff + // f1 will be identical in both + f1 := &spdx.File2_1{ + FileName: "/project/file1.txt", + FileSPDXIdentifier: "SPDXRef-File561", + FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFile", + }, + FileCopyrightText: "We'll ignore copyright values", + } + + // f2 will only appear in the first Package + f2 := &spdx.File2_1{ + FileName: "/project/file2.txt", + FileSPDXIdentifier: "SPDXRef-File562", + FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + LicenseConcluded: "GPL-2.0-or-later", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f3 will only appear in the second Package + f3 := &spdx.File2_1{ + FileName: "/project/file3.txt", + FileSPDXIdentifier: "SPDXRef-File563", + FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + LicenseConcluded: "MPL-2.0", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f4_1 and f4_2 will appear in first and second, + // with same name, same hash and different license + f4_1 := &spdx.File2_1{ + FileName: "/project/file4.txt", + FileSPDXIdentifier: "SPDXRef-File564", + FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f4_2 := &spdx.File2_1{ + FileName: "/project/file4.txt", + FileSPDXIdentifier: "SPDXRef-File564", + FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + LicenseConcluded: "Apache-2.0 AND MIT", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f5_1 and f5_2 will appear in first and second, + // with same name, different hash and same license + f5_1 := &spdx.File2_1{ + FileName: "/project/file5.txt", + FileSPDXIdentifier: "SPDXRef-File565", + FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f5_2 := &spdx.File2_1{ + FileName: "/project/file5.txt", + FileSPDXIdentifier: "SPDXRef-File565", + FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f6_1 and f6_2 will appear in first and second, + // with same name, different hash and different license + f6_1 := &spdx.File2_1{ + FileName: "/project/file6.txt", + FileSPDXIdentifier: "SPDXRef-File566", + FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + LicenseConcluded: "CC0-1.0", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f6_2 := &spdx.File2_1{ + FileName: "/project/file6.txt", + FileSPDXIdentifier: "SPDXRef-File566", + FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + LicenseConcluded: "Unlicense", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // create Packages + p1 := &spdx.Package2_1{ + IsUnpackaged: false, + PackageName: "p1", + PackageSPDXIdentifier: "SPDXRef-p1", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + // fake the verification code for present purposes + PackageVerificationCode: "abc123abc123", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{ + "NOASSERTION", + }, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: []*spdx.File2_1{ + f1, + f2, + f4_1, + f5_1, + f6_1, + }, + } + p2 := &spdx.Package2_1{ + IsUnpackaged: false, + PackageName: "p2", + PackageSPDXIdentifier: "SPDXRef-p2", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + // fake the verification code for present purposes + PackageVerificationCode: "def456def456", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{ + "NOASSERTION", + }, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: []*spdx.File2_1{ + f1, + f3, + f4_2, + f5_2, + f6_2, + }, + } + + // run the diff between the two packages + diffMap, err := MakePairs(p1, p2) + if err != nil { + t.Fatalf("Expected nil error, got %v", err) + } + + // check that the diff results are what we expect + // there should be 6 entries, one for each unique filename + if len(diffMap) != 6 { + t.Fatalf("Expected %d, got %d", 6, len(diffMap)) + } + + // check each filename is present, and check its pair + // pair 1 -- same in both + pair1, ok := diffMap["/project/file1.txt"] + if !ok { + t.Fatalf("Couldn't get pair1") + } + if pair1.First != f1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f1.LicenseConcluded, pair1.First) + } + if pair1.Second != f1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f2.LicenseConcluded, pair1.Second) + } + + // pair 2 -- only in first + pair2, ok := diffMap["/project/file2.txt"] + if !ok { + t.Fatalf("Couldn't get pair2") + } + if pair2.First != f2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f2.LicenseConcluded, pair2.First) + } + if pair2.Second != "" { + t.Errorf("Expected %s, got %s", "", pair2.Second) + } + + // pair 3 -- only in second + pair3, ok := diffMap["/project/file3.txt"] + if !ok { + t.Fatalf("Couldn't get pair3") + } + if pair3.First != "" { + t.Errorf("Expected %s, got %s", "", pair3.First) + } + if pair3.Second != f3.LicenseConcluded { + t.Errorf("Expected %s, got %s", f3.LicenseConcluded, pair3.Second) + } + + // pair 4 -- in both but different license + pair4, ok := diffMap["/project/file4.txt"] + if !ok { + t.Fatalf("Couldn't get pair4") + } + if pair4.First != f4_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f4_1.LicenseConcluded, pair4.First) + } + if pair4.Second != f4_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f4_2.LicenseConcluded, pair4.Second) + } + + // pair 5 -- in both but different hash, same license + pair5, ok := diffMap["/project/file5.txt"] + if !ok { + t.Fatalf("Couldn't get pair5") + } + if pair5.First != f5_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f5_1.LicenseConcluded, pair5.First) + } + if pair5.Second != f5_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f5_2.LicenseConcluded, pair5.Second) + } + + // pair 6 -- in both but different hash, different license + pair6, ok := diffMap["/project/file6.txt"] + if !ok { + t.Fatalf("Couldn't get pair6") + } + if pair6.First != f6_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f6_1.LicenseConcluded, pair6.First) + } + if pair6.Second != f6_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f6_2.LicenseConcluded, pair6.Second) + } +} + +func TestDifferCanCreateDiffStructuredResults(t *testing.T) { + // create files to be used in diff + // f1 will be identical in both + f1 := &spdx.File2_1{ + FileName: "/project/file1.txt", + FileSPDXIdentifier: "SPDXRef-File561", + FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{ + "LicenseRef-We-will-ignore-LicenseInfoInFile", + }, + FileCopyrightText: "We'll ignore copyright values", + } + + // f2 will only appear in the first Package + f2 := &spdx.File2_1{ + FileName: "/project/file2.txt", + FileSPDXIdentifier: "SPDXRef-File562", + FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + LicenseConcluded: "GPL-2.0-or-later", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f3 will only appear in the second Package + f3 := &spdx.File2_1{ + FileName: "/project/file3.txt", + FileSPDXIdentifier: "SPDXRef-File563", + FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + LicenseConcluded: "MPL-2.0", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f4_1 and f4_2 will appear in first and second, + // with same name, same hash and different license + f4_1 := &spdx.File2_1{ + FileName: "/project/file4.txt", + FileSPDXIdentifier: "SPDXRef-File564", + FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f4_2 := &spdx.File2_1{ + FileName: "/project/file4.txt", + FileSPDXIdentifier: "SPDXRef-File564", + FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + LicenseConcluded: "Apache-2.0 AND MIT", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f5_1 and f5_2 will appear in first and second, + // with same name, different hash and same license + f5_1 := &spdx.File2_1{ + FileName: "/project/file5.txt", + FileSPDXIdentifier: "SPDXRef-File565", + FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f5_2 := &spdx.File2_1{ + FileName: "/project/file5.txt", + FileSPDXIdentifier: "SPDXRef-File565", + FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // f6_1 and f6_2 will appear in first and second, + // with same name, different hash and different license + f6_1 := &spdx.File2_1{ + FileName: "/project/file6.txt", + FileSPDXIdentifier: "SPDXRef-File566", + FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + LicenseConcluded: "CC0-1.0", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + f6_2 := &spdx.File2_1{ + FileName: "/project/file6.txt", + FileSPDXIdentifier: "SPDXRef-File566", + FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + LicenseConcluded: "Unlicense", + LicenseInfoInFile: []string{ + "NOASSERTION", + }, + FileCopyrightText: "NOASSERTION", + } + + // create Packages + p1 := &spdx.Package2_1{ + IsUnpackaged: false, + PackageName: "p1", + PackageSPDXIdentifier: "SPDXRef-p1", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + // fake the verification code for present purposes + PackageVerificationCode: "abc123abc123", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{ + "NOASSERTION", + }, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: []*spdx.File2_1{ + f1, + f2, + f4_1, + f5_1, + f6_1, + }, + } + p2 := &spdx.Package2_1{ + IsUnpackaged: false, + PackageName: "p2", + PackageSPDXIdentifier: "SPDXRef-p2", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + // fake the verification code for present purposes + PackageVerificationCode: "def456def456", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{ + "NOASSERTION", + }, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: []*spdx.File2_1{ + f1, + f3, + f4_2, + f5_2, + f6_2, + }, + } + + // run the diff between the two packages + diffMap, err := MakePairs(p1, p2) + if err != nil { + t.Fatalf("Expected nil error, got %v", err) + } + + // now, create the LicenseDiff structured results from the pairs + diffResults, err := MakeResults(diffMap) + if err != nil { + t.Fatalf("Expected nil error, got %v", err) + } + + // check that the diff results are the expected lengths + if len(diffResults.InBothChanged) != 2 { + t.Fatalf("Expected %d, got %d", 2, len(diffResults.InBothChanged)) + } + if len(diffResults.InBothSame) != 2 { + t.Fatalf("Expected %d, got %d", 2, len(diffResults.InBothSame)) + } + if len(diffResults.InFirstOnly) != 1 { + t.Fatalf("Expected %d, got %d", 1, len(diffResults.InFirstOnly)) + } + if len(diffResults.InSecondOnly) != 1 { + t.Fatalf("Expected %d, got %d", 1, len(diffResults.InSecondOnly)) + } + + // check each filename is present where it belongs, and check license(s) + + // in both and different license: f4 and f6 + // filename will map to a LicensePair + check4, ok := diffResults.InBothChanged["/project/file4.txt"] + if !ok { + t.Fatalf("Couldn't get check4") + } + if check4.First != f4_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f4_1.LicenseConcluded, check4.First) + } + if check4.Second != f4_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f4_2.LicenseConcluded, check4.Second) + } + check6, ok := diffResults.InBothChanged["/project/file6.txt"] + if !ok { + t.Fatalf("Couldn't get check6") + } + if check6.First != f6_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f6_1.LicenseConcluded, check6.First) + } + if check6.Second != f6_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f6_2.LicenseConcluded, check6.Second) + } + + // in both and same license: f1 and f5 + // filename will map to a string + check1, ok := diffResults.InBothSame["/project/file1.txt"] + if !ok { + t.Fatalf("Couldn't get check1") + } + if check1 != f1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f1.LicenseConcluded, check1) + } + check5, ok := diffResults.InBothSame["/project/file5.txt"] + if !ok { + t.Fatalf("Couldn't get check5") + } + if check5 != f5_1.LicenseConcluded { + t.Errorf("Expected %s, got %s", f5_1.LicenseConcluded, check5) + } + if check5 != f5_2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f5_2.LicenseConcluded, check5) + } + + // in first only: f2 + // filename will map to a string + check2, ok := diffResults.InFirstOnly["/project/file2.txt"] + if !ok { + t.Fatalf("Couldn't get check2") + } + if check2 != f2.LicenseConcluded { + t.Errorf("Expected %s, got %s", f2.LicenseConcluded, check2) + } + + // in second only: f3 + // filename will map to a string + check3, ok := diffResults.InSecondOnly["/project/file3.txt"] + if !ok { + t.Fatalf("Couldn't get check3") + } + if check3 != f3.LicenseConcluded { + t.Errorf("Expected %s, got %s", f3.LicenseConcluded, check2) + } + +} |