diff options
author | Steve Winslow <steve@swinslow.net> | 2021-07-04 10:58:12 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-04 10:58:12 -0400 |
commit | edbff31685f91a801f64cd23c05b495141b66e60 (patch) | |
tree | bada1208dfc6effcf56c6d11d4f6a930a1f81603 /tvloader/parser2v2 | |
parent | 68f272030de367e80eab5338ea84aa8e0cd53620 (diff) | |
parent | b238c888559fcfaba7abc4d73741b633746c10d2 (diff) | |
download | spdx-tools-edbff31685f91a801f64cd23c05b495141b66e60.tar.gz |
Merge pull request #64 from specter25/package-spdxId
Throw error for pkgs / files without SPDX IDs
Diffstat (limited to 'tvloader/parser2v2')
-rw-r--r-- | tvloader/parser2v2/parse_creation_info.go | 9 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_file.go | 8 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_file_test.go | 45 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_package.go | 4 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_package_test.go | 25 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_snippet.go | 4 | ||||
-rw-r--r-- | tvloader/parser2v2/parse_snippet_test.go | 18 | ||||
-rw-r--r-- | tvloader/parser2v2/parser.go | 11 | ||||
-rw-r--r-- | tvloader/parser2v2/parser_test.go | 30 | ||||
-rw-r--r-- | tvloader/parser2v2/types.go | 2 |
10 files changed, 152 insertions, 4 deletions
diff --git a/tvloader/parser2v2/parse_creation_info.go b/tvloader/parser2v2/parse_creation_info.go index a3c7fbf..c2bfe40 100644 --- a/tvloader/parser2v2/parse_creation_info.go +++ b/tvloader/parser2v2/parse_creation_info.go @@ -12,7 +12,7 @@ import ( func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string) error { // fail if not in Creation Info parser state if parser.st != psCreationInfo2_2 { - return fmt.Errorf("Got invalid state %v in parsePairFromCreationInfo2_2", parser.st) + return fmt.Errorf("got invalid state %v in parsePairFromCreationInfo2_2", parser.st) } // create an SPDX Creation Info data struct if we don't have one already @@ -76,6 +76,13 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string // tag for going on to package section case "PackageName": + // error if last file does not have an identifier + // this may be a null case: can we ever have a "last file" in + // the "creation info" state? should go on to "file" state + // even when parsing unpackaged files. + if parser.file != nil && parser.file.FileSPDXIdentifier == nullSpdxElementId2_2 { + return fmt.Errorf("file with FileName %s does not have SPDX identifier", parser.file.FileName) + } parser.st = psPackage2_2 parser.pkg = &spdx.Package2_2{ FilesAnalyzed: true, diff --git a/tvloader/parser2v2/parse_file.go b/tvloader/parser2v2/parse_file.go index 86886d3..27ec6a4 100644 --- a/tvloader/parser2v2/parse_file.go +++ b/tvloader/parser2v2/parse_file.go @@ -18,11 +18,19 @@ func (parser *tvParser2_2) parsePairFromFile2_2(tag string, value string) error switch tag { // tag for creating new file section case "FileName": + // check if the previous file contained an spdx Id or not + if parser.file != nil && parser.file.FileSPDXIdentifier == nullSpdxElementId2_2 { + return fmt.Errorf("file with FileName %s does not have SPDX identifier", parser.file.FileName) + } parser.file = &spdx.File2_2{} parser.file.FileName = value // tag for creating new package section and going back to parsing Package case "PackageName": parser.st = psPackage2_2 + // check if the previous file contained an spdx Id or not + if parser.file != nil && parser.file.FileSPDXIdentifier == nullSpdxElementId2_2 { + return fmt.Errorf("file with FileName %s does not have SPDX identifier", parser.file.FileName) + } parser.file = nil return parser.parsePairFromPackage2_2(tag, value) // tag for going on to snippet section diff --git a/tvloader/parser2v2/parse_file_test.go b/tvloader/parser2v2/parse_file_test.go index 411593f..689a2df 100644 --- a/tvloader/parser2v2/parse_file_test.go +++ b/tvloader/parser2v2/parse_file_test.go @@ -917,3 +917,48 @@ func TestParser2_2FailsIfArtifactURIBeforeArtifactName(t *testing.T) { t.Errorf("expected non-nil error, got nil") } } + +func TestParser2_2FilesWithoutSpdxIdThrowError(t *testing.T) { + // case 1: The previous file (packaged or unpackaged) does not contain spdx ID + parser1 := tvParser2_2{ + doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + st: psFile2_2, + file: &spdx.File2_2{FileName: "FileName"}, + } + + err := parser1.parsePair2_2("FileName", "f2") + if err == nil { + t.Errorf("file without SPDX Identifier getting accepted") + } + + // case 2: Invalid file with snippet + // Last unpackaged file before the snippet start + fileName := "f2.txt" + sid1 := spdx.ElementID("s1") + parser2 := tvParser2_2{ + doc: &spdx.Document2_2{}, + st: psCreationInfo2_2, + file: &spdx.File2_2{FileName: fileName}, + } + err = parser2.parsePair2_2("SnippetSPDXID", string(sid1)) + if err == nil { + t.Errorf("file without SPDX Identifier getting accepted") + } + + // case 3: Invalid File without snippets + // Last unpackaged file before the package starts + // Last file of a package and New package starts + parser3 := tvParser2_2{ + doc: &spdx.Document2_2{}, + st: psCreationInfo2_2, + } + fileName = "f3.txt" + err = parser3.parsePair2_2("FileName", fileName) + if err != nil { + t.Errorf("%s", err) + } + err = parser3.parsePair2_2("PackageName", "p2") + if err == nil { + t.Errorf("file without SPDX Identifier getting accepted") + } +} diff --git a/tvloader/parser2v2/parse_package.go b/tvloader/parser2v2/parse_package.go index 3f5939b..15f7dc6 100644 --- a/tvloader/parser2v2/parse_package.go +++ b/tvloader/parser2v2/parse_package.go @@ -20,6 +20,10 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err case "PackageName": // if package already has a name, create and go on to a new package if parser.pkg == nil || parser.pkg.PackageName != "" { + // check if the previous package contained an spdx Id or not + if parser.pkg != nil && parser.pkg.PackageSPDXIdentifier == nullSpdxElementId2_2 { + return fmt.Errorf("package with PackageName %s does not have SPDX identifier", parser.pkg.PackageName) + } parser.pkg = &spdx.Package2_2{ FilesAnalyzed: true, IsFilesAnalyzedTagPresent: false, diff --git a/tvloader/parser2v2/parse_package_test.go b/tvloader/parser2v2/parse_package_test.go index 33b4784..5809931 100644 --- a/tvloader/parser2v2/parse_package_test.go +++ b/tvloader/parser2v2/parse_package_test.go @@ -1102,3 +1102,28 @@ func TestFailsPackageExternalRefWithInvalidFormat(t *testing.T) { t.Errorf("expected non-nil error, got nil") } } + +func TestParser2_2PackageWithoutSpdxIdentifierThrowsError(t *testing.T) { + // More than one package, the previous package doesn't contain an SPDX ID + pkgOldName := "p1" + parser := tvParser2_2{ + doc: &spdx.Document2_2{Packages: map[spdx.ElementID]*spdx.Package2_2{}}, + st: psPackage2_2, + pkg: &spdx.Package2_2{PackageName: pkgOldName}, + } + pkgOld := parser.pkg + parser.doc.Packages["p1"] = pkgOld + // the Document's Packages should have this one only + if parser.doc.Packages["p1"] != pkgOld { + t.Errorf("expected package %v, got %v", pkgOld, parser.doc.Packages["p1"]) + } + if len(parser.doc.Packages) != 1 { + t.Errorf("expected 1 package, got %d", len(parser.doc.Packages)) + } + + pkgName := "p2" + err := parser.parsePair2_2("PackageName", pkgName) + if err == nil { + t.Errorf("package without SPDX Identifier getting accepted") + } +} diff --git a/tvloader/parser2v2/parse_snippet.go b/tvloader/parser2v2/parse_snippet.go index 0d9dc3f..7f58604 100644 --- a/tvloader/parser2v2/parse_snippet.go +++ b/tvloader/parser2v2/parse_snippet.go @@ -13,6 +13,10 @@ func (parser *tvParser2_2) parsePairFromSnippet2_2(tag string, value string) err switch tag { // tag for creating new snippet section case "SnippetSPDXID": + // check here whether the file contained an SPDX ID or not + if parser.file != nil && parser.file.FileSPDXIdentifier == nullSpdxElementId2_2 { + return fmt.Errorf("file with FileName %s does not have SPDX identifier", parser.file.FileName) + } parser.snippet = &spdx.Snippet2_2{} eID, err := extractElementID(value) if err != nil { diff --git a/tvloader/parser2v2/parse_snippet_test.go b/tvloader/parser2v2/parse_snippet_test.go index 987fe2a..d019a0c 100644 --- a/tvloader/parser2v2/parse_snippet_test.go +++ b/tvloader/parser2v2/parse_snippet_test.go @@ -614,3 +614,21 @@ func TestParser2_2FailsForInvalidSnippetLineValues(t *testing.T) { t.Errorf("expected non-nil error, got nil") } } + +func TestParser2_2FilesWithoutSpdxIdThrowErrorWithSnippets(t *testing.T) { + // Invalid file with snippet + // Last unpackaged file before the snippet starts + // Last file of a package and New package starts + fileName := "f2.txt" + sid1 := spdx.ElementID("s1") + parser2 := tvParser2_2{ + doc: &spdx.Document2_2{}, + st: psCreationInfo2_2, + file: &spdx.File2_2{FileName: fileName}, + } + err := parser2.parsePair2_2("SnippetSPDXID", string(sid1)) + if err == nil { + t.Errorf("file without SPDX Identifier getting accepted") + } + +} diff --git a/tvloader/parser2v2/parser.go b/tvloader/parser2v2/parser.go index e89bab1..9886874 100644 --- a/tvloader/parser2v2/parser.go +++ b/tvloader/parser2v2/parser.go @@ -20,7 +20,12 @@ func ParseTagValues(tvs []reader.TagValuePair) (*spdx.Document2_2, error) { return nil, err } } - + if parser.file != nil && parser.file.FileSPDXIdentifier == nullSpdxElementId2_2 { + return nil, fmt.Errorf("file with FileName %s does not have SPDX identifier", parser.file.FileName) + } + if parser.pkg != nil && parser.pkg.PackageSPDXIdentifier == nullSpdxElementId2_2 { + return nil, fmt.Errorf("package with PackageName %s does not have SPDX identifier", parser.pkg.PackageName) + } return parser.doc, nil } @@ -41,14 +46,14 @@ func (parser *tvParser2_2) parsePair2_2(tag string, value string) error { case psReview2_2: return parser.parsePairFromReview2_2(tag, value) default: - return fmt.Errorf("Parser state %v not recognized when parsing (%s, %s)", parser.st, tag, value) + return fmt.Errorf("parser state %v not recognized when parsing (%s, %s)", parser.st, tag, value) } } func (parser *tvParser2_2) parsePairFromStart2_2(tag string, value string) error { // fail if not in Start parser state if parser.st != psStart2_2 { - return fmt.Errorf("Got invalid state %v in parsePairFromStart2_2", parser.st) + return fmt.Errorf("got invalid state %v in parsePairFromStart2_2", parser.st) } // create an SPDX Document data struct if we don't have one already diff --git a/tvloader/parser2v2/parser_test.go b/tvloader/parser2v2/parser_test.go index 7eec49c..4cd5228 100644 --- a/tvloader/parser2v2/parser_test.go +++ b/tvloader/parser2v2/parser_test.go @@ -77,3 +77,33 @@ func TestParser2_2StartFailsToParseIfInInvalidState(t *testing.T) { t.Errorf("expected non-nil error, got nil") } } + +func TestParser2_2FilesWithoutSpdxIdThrowErrorAtCompleteParse(t *testing.T) { + // case: Checks the last file + // Last unpackaged file with no packages in doc + // Last file of last package in the doc + tvPairs := []reader.TagValuePair{ + {Tag: "SPDXVersion", Value: "SPDX-2.2"}, + {Tag: "DataLicense", Value: "CC0-1.0"}, + {Tag: "SPDXID", Value: "SPDXRef-DOCUMENT"}, + {Tag: "FileName", Value: "f1"}, + } + _, err := ParseTagValues(tvPairs) + if err == nil { + t.Errorf("file without SPDX Identifier getting accepted") + } +} + +func TestParser2_2PackageWithoutSpdxIdThrowErrorAtCompleteParse(t *testing.T) { + // case: Checks the last package + tvPairs := []reader.TagValuePair{ + {Tag: "SPDXVersion", Value: "SPDX-2.2"}, + {Tag: "DataLicense", Value: "CC0-1.0"}, + {Tag: "SPDXID", Value: "SPDXRef-DOCUMENT"}, + {Tag: "PackageName", Value: "p1"}, + } + _, err := ParseTagValues(tvPairs) + if err == nil { + t.Errorf("package without SPDX Identifier getting accepted") + } +} diff --git a/tvloader/parser2v2/types.go b/tvloader/parser2v2/types.go index 6039a1c..1cdbcef 100644 --- a/tvloader/parser2v2/types.go +++ b/tvloader/parser2v2/types.go @@ -52,3 +52,5 @@ const ( // in review section psReview2_2 ) + +const nullSpdxElementId2_2 = spdx.ElementID("") |