diff options
24 files changed, 797 insertions, 270 deletions
diff --git a/builder/build_test.go b/builder/build_test.go index cf59d45..d7e3045 100644 --- a/builder/build_test.go +++ b/builder/build_test.go @@ -482,15 +482,32 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) - } + for _, checksum := range fileEmpty.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } + } + + // if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + // t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + // } + // if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + // t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + // } + // if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + // t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + // } if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } @@ -512,15 +529,32 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File1") { t.Errorf("expected %v, got %v", "File1", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) - } + for _, checksum := range file1.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } + } + + // if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { + // t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) + // } + // if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + // t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) + // } + // if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { + // t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + // } if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) } @@ -542,15 +576,32 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file3.FileSPDXIdentifier != spdx.ElementID("File2") { t.Errorf("expected %v, got %v", "File2", file3.FileSPDXIdentifier) } - if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { - t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) - } - if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { - t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) - } - if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { - t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) - } + for _, checksum := range file3.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "a46114b70e163614f01c64adf44cdd438f158fce" { + t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "3e02d3ab9c58eec6911dbba37570934f" { + t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", checksum.Value) + } + } + } + + // if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { + // t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) + // } + // if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + // t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) + // } + // if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { + // t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) + // } if file3.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) } @@ -572,15 +623,32 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if file4.FileSPDXIdentifier != spdx.ElementID("File3") { t.Errorf("expected %v, got %v", "File3", file4.FileSPDXIdentifier) } - if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { - t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) - } - if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { - t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) - } - if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { - t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) - } + for _, checksum := range file4.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "96e6a25d35df5b1c477710ef4d0c7210" { + t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", checksum.Value) + } + } + } + + // if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + // t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) + // } + // if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + // t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) + // } + // if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { + // t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) + // } if file4.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) } @@ -602,15 +670,31 @@ func TestBuild2_2CreatesDocument(t *testing.T) { if lastfile.FileSPDXIdentifier != spdx.ElementID("File4") { t.Errorf("expected %v, got %v", "File4", lastfile.FileSPDXIdentifier) } - if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { - t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) - } - if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { - t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) - } - if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { - t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) - } + for _, checksum := range lastfile.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "f60baa793870d9085461ad6bbab50b7f" { + t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", checksum.Value) + } + } + } + // if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + // t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) + // } + // if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + // t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) + // } + // if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { + // t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) + // } if lastfile.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) } diff --git a/builder/builder2v2/build_file.go b/builder/builder2v2/build_file.go index 8042992..2791160 100644 --- a/builder/builder2v2/build_file.go +++ b/builder/builder2v2/build_file.go @@ -32,12 +32,27 @@ func BuildFileSection2_2(filePath string, prefix string, fileNumber int) (*spdx. f := &spdx.File2_2{ FileName: filePath, FileSPDXIdentifier: spdx.ElementID(i), - FileChecksumSHA1: ssha1, - FileChecksumSHA256: ssha256, - FileChecksumMD5: smd5, - LicenseConcluded: "NOASSERTION", - LicenseInfoInFile: []string{}, - FileCopyrightText: "NOASSERTION", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: ssha1, + }, + spdx.SHA256: spdx.Checksum2_2{ + Algorithm: spdx.SHA256, + Value: ssha256, + }, + spdx.MD5: spdx.Checksum2_2{ + Algorithm: spdx.MD5, + Value: smd5, + }, + }, + + // FileChecksumSHA1: ssha1, + // FileChecksumSHA256: ssha256, + // FileChecksumMD5: smd5, + LicenseConcluded: "NOASSERTION", + LicenseInfoInFile: []string{}, + FileCopyrightText: "NOASSERTION", } return f, nil diff --git a/builder/builder2v2/build_file_test.go b/builder/builder2v2/build_file_test.go index bd74421..60f285c 100644 --- a/builder/builder2v2/build_file_test.go +++ b/builder/builder2v2/build_file_test.go @@ -28,14 +28,21 @@ func TestBuilder2_2CanBuildFileSection(t *testing.T) { if file1.FileSPDXIdentifier != spdx.ElementID("File17") { t.Errorf("expected %v, got %v", "File17", file1.FileSPDXIdentifier) } - if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { - t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) - } - if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { - t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) - } - if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { - t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + for _, checksum := range file1.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", checksum.Value) + } + } } if file1.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) diff --git a/builder/builder2v2/build_package_test.go b/builder/builder2v2/build_package_test.go index c7e4dc3..47f7604 100644 --- a/builder/builder2v2/build_package_test.go +++ b/builder/builder2v2/build_package_test.go @@ -71,15 +71,32 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) { if fileEmpty.FileSPDXIdentifier != spdx.ElementID("File0") { t.Errorf("expected %v, got %v", "File0", fileEmpty.FileSPDXIdentifier) } - if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { - t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) - } - if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { - t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) - } - if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { - t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + for _, checksum := range fileEmpty.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", checksum.Value) + } + case spdx.MD5: + if checksum.Value != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", checksum.Value) + } + } } + + // if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + // t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + // } + // if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + // t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + // } + // if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + // t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + // } if fileEmpty.LicenseConcluded != "NOASSERTION" { t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) } diff --git a/licensediff/licensediff_test.go b/licensediff/licensediff_test.go index ccd92e1..26622f0 100644 --- a/licensediff/licensediff_test.go +++ b/licensediff/licensediff_test.go @@ -501,8 +501,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - LicenseConcluded: "Apache-2.0", + // FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "LicenseRef-We-will-ignore-LicenseInfoInFile", }, @@ -513,8 +520,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", - LicenseConcluded: "GPL-2.0-or-later", + // FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "GPL-2.0-or-later", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -525,8 +539,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", - LicenseConcluded: "MPL-2.0", + // FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "MPL-2.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -538,8 +559,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "MIT", + // FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -548,8 +576,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "Apache-2.0 AND MIT", + // FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Apache-2.0 AND MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -561,8 +596,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_1 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "BSD-3-Clause", + // FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -571,8 +613,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "BSD-3-Clause", + // FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -584,8 +633,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "CC0-1.0", + // FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "CC0-1.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -594,8 +650,15 @@ func Test2_2DifferCanCreateDiffPairs(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "Unlicense", + // FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Unlicense", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -740,8 +803,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/project/file1.txt", FileSPDXIdentifier: spdx.ElementID("File561"), - FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", - LicenseConcluded: "Apache-2.0", + // FileChecksumSHA1: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "LicenseRef-We-will-ignore-LicenseInfoInFile", }, @@ -752,8 +822,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f2 := &spdx.File2_2{ FileName: "/project/file2.txt", FileSPDXIdentifier: spdx.ElementID("File562"), - FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", - LicenseConcluded: "GPL-2.0-or-later", + // FileChecksumSHA1: "066c5139bd9a43d15812ec1a1755b08ccf199824", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "GPL-2.0-or-later", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -764,8 +841,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/project/file3.txt", FileSPDXIdentifier: spdx.ElementID("File563"), - FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", - LicenseConcluded: "MPL-2.0", + // FileChecksumSHA1: "bd0f4863b15fad2b79b35303af54fcb5baaf7c68", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "MPL-2.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -777,8 +861,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_1 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "MIT", + // FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -787,8 +878,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f4_2 := &spdx.File2_2{ FileName: "/project/file4.txt", FileSPDXIdentifier: spdx.ElementID("File564"), - FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", - LicenseConcluded: "Apache-2.0 AND MIT", + // FileChecksumSHA1: "bc417a575ceae93435bcb7bfd382ac28cbdaa8b5", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Apache-2.0 AND MIT", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -800,8 +898,8 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f5_1 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "BSD-3-Clause", + // FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -810,8 +908,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f5_2 := &spdx.File2_2{ FileName: "/project/file5.txt", FileSPDXIdentifier: spdx.ElementID("File565"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "BSD-3-Clause", + // FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "BSD-3-Clause", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -823,8 +928,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_1 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", - LicenseConcluded: "CC0-1.0", + // FileChecksumSHA1: "ba226db943bbbf455da77afab6f16dbab156d000", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "CC0-1.0", LicenseInfoInFile: []string{ "NOASSERTION", }, @@ -833,8 +945,15 @@ func Test2_2DifferCanCreateDiffStructuredResults(t *testing.T) { f6_2 := &spdx.File2_2{ FileName: "/project/file6.txt", FileSPDXIdentifier: spdx.ElementID("File566"), - FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", - LicenseConcluded: "Unlicense", + // FileChecksumSHA1: "b6e0ec7d085c5699b46f6f8d425413702652874d", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "6c92dc8bc462b6889d9b1c0bc16c54d19a2cbdd3", + }, + }, + + LicenseConcluded: "Unlicense", LicenseInfoInFile: []string{ "NOASSERTION", }, diff --git a/rdfloader/parser2v2/parse_file.go b/rdfloader/parser2v2/parse_file.go index 647cef9..485aeba 100644 --- a/rdfloader/parser2v2/parse_file.go +++ b/rdfloader/parser2v2/parse_file.go @@ -4,9 +4,10 @@ package parser2v2 import ( "fmt" + "strings" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" - "strings" ) // returns a file instance and the error if any encountered. @@ -26,7 +27,7 @@ func (parser *rdfParser2_2) getFileFromNode(fileNode *gordfParser.Node) (file *s } // setting color to grey to indicate that we've started parsing this node. - parser.cache[fileNode.ID].Color = GREY; + parser.cache[fileNode.ID].Color = GREY // setting color to black just before function returns to the caller to // indicate that parsing current node is complete. @@ -129,13 +130,16 @@ func (parser *rdfParser2_2) setFileChecksumFromNode(file *spdx.File2_2, checksum if err != nil { return fmt.Errorf("error parsing checksumNode of a file: %v", err) } + if file.FileChecksums == nil { + file.FileChecksums = map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{} + } switch checksumAlgorithm { - case "MD5": - file.FileChecksumMD5 = checksumValue - case "SHA1": - file.FileChecksumSHA1 = checksumValue - case "SHA256": - file.FileChecksumSHA256 = checksumValue + case spdx.MD5: + file.FileChecksums[spdx.MD5] = spdx.Checksum2_2{Algorithm: spdx.MD5, Value: checksumValue} + case spdx.SHA1: + file.FileChecksums[spdx.SHA1] = spdx.Checksum2_2{Algorithm: spdx.SHA1, Value: checksumValue} + case spdx.SHA256: + file.FileChecksums[spdx.SHA256] = spdx.Checksum2_2{Algorithm: spdx.SHA256, Value: checksumValue} case "": return fmt.Errorf("empty checksum algorithm and value") default: diff --git a/rdfloader/parser2v2/parse_file_test.go b/rdfloader/parser2v2/parse_file_test.go index 4d7c8b3..069eb26 100644 --- a/rdfloader/parser2v2/parse_file_test.go +++ b/rdfloader/parser2v2/parse_file_test.go @@ -4,12 +4,13 @@ package parser2v2 import ( "bufio" + "strings" + "testing" + gordfParser "github.com/spdx/gordf/rdfloader/parser" rdfloader2 "github.com/spdx/gordf/rdfloader/xmlreader" gordfWriter "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" - "strings" - "testing" ) // content is the tags within the rdf:RDF tag @@ -206,14 +207,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { t.Errorf("error parsing a valid checksum node") } checksumValue := "d2356e0fe1c0b85285d83c6b2ad51b5f" - if file.FileChecksumMD5 != checksumValue { - t.Errorf("wrong checksum value for md5. Expected: %s, found: %s", checksumValue, file.FileChecksumMD5) - } - if file.FileChecksumSHA1 != "" { - t.Errorf("incorrectly set sha1, should've been empty") - } - if file.FileChecksumSHA256 != "" { - t.Errorf("incorrectly set sha256, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != "" { + t.Errorf("incorrectly set sha1, should've been empty") + } + case spdx.SHA256: + if checksum.Value != "" { + t.Errorf("incorrectly set sha256, should've been empty") + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for md5. Expected: %s, found: %s", checksumValue, checksum.Value) + } + } } // TestCase 2: valid sha1 checksum @@ -229,14 +237,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - if file.FileChecksumSHA1 != checksumValue { - t.Errorf("wrong checksum value for sha1. Expected: %s, found: %s", checksumValue, file.FileChecksumSHA1) - } - if file.FileChecksumMD5 != "" { - t.Errorf("incorrectly set md5, should've been empty") - } - if file.FileChecksumSHA256 != "" { - t.Errorf("incorrectly set sha256, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for sha1. Expected: %s, found: %s", checksumValue, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != "" { + t.Errorf("incorrectly set sha256, should've been empty") + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set md5, should've been empty") + } + } } // TestCase 3: valid sha256 checksum @@ -252,14 +267,21 @@ func Test_rdfParser2_2_setFileChecksumFromNode(t *testing.T) { if err != nil { t.Errorf("error parsing a valid checksum node") } - if file.FileChecksumSHA256 != checksumValue { - t.Errorf("wrong checksum value for sha256. Expected: %s, found: %s", checksumValue, file.FileChecksumSHA256) - } - if file.FileChecksumMD5 != "" { - t.Errorf("incorrectly set md5, should've been empty") - } - if file.FileChecksumSHA1 != "" { - t.Errorf("incorrectly set sha1, should've been empty") + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set sha1, should've been empty") + } + case spdx.SHA256: + if checksum.Value != checksumValue { + t.Errorf("wrong checksum value for sha256. Expected: %s, found: %s", checksumValue, checksum.Value) + } + case spdx.MD5: + if checksum.Value != checksumValue { + t.Errorf("incorrectly set md5, should've been empty") + } + } } // TestCase 4: checksum node without one of the mandatory attributes @@ -494,7 +516,6 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { t.Errorf("expected %s, found %s", expectedLicenseInfoInFile, file.LicenseInfoInFile[0]) } - // TestCase 12: checking if recursive dependencies are resolved. parser, _ = parserFromBodyContent(` <spdx:File rdf:about="#SPDXRef-ParentFile"> @@ -578,8 +599,14 @@ func Test_rdfParser2_2_getFileFromNode(t *testing.T) { } expectedChecksum := "0a3a0e1ab72b7c132f5021c538a7a3ea6d539bcd" - if file.FileChecksumSHA1 != expectedChecksum { - t.Errorf("expected %s, found %s", expectedChecksum, file.FileChecksumSHA1) + + for _, checksum := range file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != expectedChecksum { + t.Errorf("expected %s, found %s", expectedChecksum, checksum.Value) + } + } } expectedLicenseConcluded = "NOASSERTION" diff --git a/rdfloader/parser2v2/parse_package.go b/rdfloader/parser2v2/parse_package.go index dde6e70..02dd251 100644 --- a/rdfloader/parser2v2/parse_package.go +++ b/rdfloader/parser2v2/parse_package.go @@ -4,9 +4,10 @@ package parser2v2 import ( "fmt" + "strings" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" - "strings" ) func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (pkg *spdx.Package2_2, err error) { @@ -30,7 +31,7 @@ func (parser *rdfParser2_2) getPackageFromNode(packageNode *gordfParser.Node) (p parser.cache[packageNode.ID].Color = GREY // setting state color to black to indicate when we're done parsing this node. - defer func(){parser.cache[packageNode.ID].Color = BLACK}(); + defer func() { parser.cache[packageNode.ID].Color = BLACK }() // setting the SPDXIdentifier for the package. eId, err := ExtractElementID(getLastPartOfURI(packageNode.ID)) @@ -300,13 +301,16 @@ func (parser *rdfParser2_2) setPackageChecksum(pkg *spdx.Package2_2, node *gordf if err != nil { return fmt.Errorf("error getting checksum algorithm and value from %v", node) } + if pkg.PackageChecksums == nil { + pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2) + } switch checksumAlgorithm { - case "MD5": - pkg.PackageChecksumMD5 = checksumValue - case "SHA1": - pkg.PackageChecksumSHA1 = checksumValue - case "SHA256": - pkg.PackageChecksumSHA256 = checksumValue + case spdx.MD5: + pkg.PackageChecksums[spdx.MD5] = spdx.Checksum2_2{Algorithm: spdx.MD5, Value: checksumValue} + case spdx.SHA1: + pkg.PackageChecksums[spdx.SHA1] = spdx.Checksum2_2{Algorithm: spdx.SHA1, Value: checksumValue} + case spdx.SHA256: + pkg.PackageChecksums[spdx.SHA256] = spdx.Checksum2_2{Algorithm: spdx.SHA256, Value: checksumValue} default: return fmt.Errorf("unknown checksumAlgorithm %s while parsing a package", checksumAlgorithm) } diff --git a/rdfloader/parser2v2/parse_package_test.go b/rdfloader/parser2v2/parse_package_test.go index 2269826..9744760 100644 --- a/rdfloader/parser2v2/parse_package_test.go +++ b/rdfloader/parser2v2/parse_package_test.go @@ -3,10 +3,11 @@ package parser2v2 import ( - gordfParser "github.com/spdx/gordf/rdfloader/parser" - "github.com/spdx/tools-golang/spdx" "reflect" "testing" + + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/tools-golang/spdx" ) func Test_setPackageSupplier(t *testing.T) { @@ -584,7 +585,7 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { var parser *rdfParser2_2 var node *gordfParser.Node var pkg *spdx.Package2_2 - var gotChecksumValue, expectedChecksumValue string + var expectedChecksumValue string var err error // TestCase 1: invalid checksum algorithm @@ -629,9 +630,14 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumSHA1 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } // TestCase 3: valid checksum (sha256) @@ -648,9 +654,13 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumSHA256 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA256: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } // TestCase 4: valid checksum (md5) @@ -667,9 +677,13 @@ func Test_rdfParser2_2_setPackageChecksum(t *testing.T) { t.Errorf("unexpected error: %v", err) } expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - gotChecksumValue = pkg.PackageChecksumMD5 - if gotChecksumValue != expectedChecksumValue { - t.Errorf("expected: %v, got: %v", expectedChecksumValue, gotChecksumValue) + for _, checksum := range pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.MD5: + if checksum.Value != expectedChecksumValue { + t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) + } + } } } diff --git a/rdfloader/parser2v2/parser_test.go b/rdfloader/parser2v2/parser_test.go index be740c9..0d9c30d 100644 --- a/rdfloader/parser2v2/parser_test.go +++ b/rdfloader/parser2v2/parser_test.go @@ -132,7 +132,19 @@ func Test_rdfParser2_2_getSpdxDocNode(t *testing.T) { t.Errorf("expected and error due to more than one type triples for the SpdxDocument Node, got %v", err) } - // TestCase 2: two different spdx nodes found in a single document. + // TestCase 2: must be associated with exactly one rdf:type. + parser, _ = parserFromBodyContent(` + <spdx:SpdxDocument rdf:about="#SPDXRef-Document"/> + <spdx:Snippet rdf:about="#SPDXRef-Document"/> + <spdx:File rdf:about="#SPDXRef-DoapSource"/> + `) + _, err = parser.getSpdxDocNode() + t.Log(err) + if err == nil { + t.Errorf("rootNode must be associated with exactly one triple of predicate rdf:type, got %v", err) + } + + // TestCase 3: two different spdx nodes found in a single document. parser, _ = parserFromBodyContent(` <spdx:SpdxDocument rdf:about="#SPDXRef-Document-1"/> <spdx:SpdxDocument rdf:about="#SPDXRef-Document-2"/> @@ -142,14 +154,14 @@ func Test_rdfParser2_2_getSpdxDocNode(t *testing.T) { t.Errorf("expected and error due to more than one type SpdxDocument Node, got %v", err) } - // TestCase 3: no spdx document + // TestCase 4: no spdx document parser, _ = parserFromBodyContent(``) _, err = parser.getSpdxDocNode() if err == nil { t.Errorf("expected and error due to no SpdxDocument Node, got %v", err) } - // TestCase 4: valid spdxDocument node + // TestCase 5: valid spdxDocument node parser, _ = parserFromBodyContent(` <spdx:SpdxDocument rdf:about="#SPDXRef-Document-1"/> `) diff --git a/spdx/checksum.go b/spdx/checksum.go new file mode 100644 index 0000000..b689ff8 --- /dev/null +++ b/spdx/checksum.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// ChecksumAlgorithm2_2 represents the algorithm used to generate the file checksum in the Checksum2_2 struct. +type ChecksumAlgorithm2_2 string + +// The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum +const ( + SHA224 ChecksumAlgorithm2_2 = "SHA224" + SHA1 = "SHA1" + SHA256 = "SHA256" + SHA384 = "SHA384" + SHA512 = "SHA512" + MD2 = "MD2" + MD4 = "MD4" + MD5 = "MD5" + MD6 = "MD6" +) + +//Checksum2_2 struct Provide a unique identifier to match analysis information on each specific file in a package. +// The Algorithm field describes the ChecksumAlgorithm2_2 used and the Value represents the file checksum +type Checksum2_2 struct { + Algorithm ChecksumAlgorithm2_2 + Value string +} diff --git a/spdx/file.go b/spdx/file.go index bfd47b7..bb3bcdd 100644 --- a/spdx/file.go +++ b/spdx/file.go @@ -105,9 +105,11 @@ type File2_2 struct { // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: mandatory, one SHA1, others may be optionally provided - FileChecksumSHA1 string - FileChecksumSHA256 string - FileChecksumMD5 string + // FileChecksumSHA1 string + // FileChecksumSHA256 string + // FileChecksumMD5 string + + FileChecksums map[ChecksumAlgorithm2_2]Checksum2_2 // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one diff --git a/spdx/package.go b/spdx/package.go index 4af3903..9ad9317 100644 --- a/spdx/package.go +++ b/spdx/package.go @@ -192,9 +192,10 @@ type Package2_2 struct { // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 // Cardinality: optional, one or many - PackageChecksumSHA1 string - PackageChecksumSHA256 string - PackageChecksumMD5 string + // PackageChecksumSHA1 string + // PackageChecksumSHA256 string + // PackageChecksumMD5 string + PackageChecksums map[ChecksumAlgorithm2_2]Checksum2_2 // 3.11: Package Home Page // Cardinality: optional, one diff --git a/tvloader/parser2v2/parse_file.go b/tvloader/parser2v2/parse_file.go index c0e3c92..c0e3c26 100644 --- a/tvloader/parser2v2/parse_file.go +++ b/tvloader/parser2v2/parse_file.go @@ -58,13 +58,16 @@ func (parser *tvParser2_2) parsePairFromFile2_2(tag string, value string) error if err != nil { return err } + if parser.file.FileChecksums == nil { + parser.file.FileChecksums = map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{} + } switch subkey { - case "SHA1": - parser.file.FileChecksumSHA1 = subvalue - case "SHA256": - parser.file.FileChecksumSHA256 = subvalue - case "MD5": - parser.file.FileChecksumMD5 = subvalue + case spdx.SHA1: + parser.file.FileChecksums[spdx.SHA1] = spdx.Checksum2_2{Algorithm: spdx.SHA1, Value: subvalue} + case spdx.SHA256: + parser.file.FileChecksums[spdx.SHA256] = spdx.Checksum2_2{Algorithm: spdx.SHA256, Value: subvalue} + case spdx.MD5: + parser.file.FileChecksums[spdx.MD5] = spdx.Checksum2_2{Algorithm: spdx.MD5, Value: subvalue} default: return fmt.Errorf("got unknown checksum type %s", subkey) } diff --git a/tvloader/parser2v2/parse_file_test.go b/tvloader/parser2v2/parse_file_test.go index ffa7662..87283dc 100644 --- a/tvloader/parser2v2/parse_file_test.go +++ b/tvloader/parser2v2/parse_file_test.go @@ -443,16 +443,23 @@ func TestParser2_2CanParseFileTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.file.FileChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, parser.file.FileChecksumSHA1) - } - if parser.file.FileChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for FileChecksumSHA256, got %s", codeSha256, parser.file.FileChecksumSHA256) - } - if parser.file.FileChecksumMD5 != codeMd5 { - t.Errorf("expected %s for FileChecksumMD5, got %s", codeMd5, parser.file.FileChecksumMD5) - } + for _, checksum := range parser.file.FileChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeMd5, checksum.Value) + } + } + } // Concluded License err = parser.parsePairFromFile2_2("LicenseConcluded", "Apache-2.0 OR GPL-2.0-or-later") if err != nil { diff --git a/tvloader/parser2v2/parse_package.go b/tvloader/parser2v2/parse_package.go index ddc9cb0..32a6aca 100644 --- a/tvloader/parser2v2/parse_package.go +++ b/tvloader/parser2v2/parse_package.go @@ -100,16 +100,20 @@ func (parser *tvParser2_2) parsePairFromPackage2_2(tag string, value string) err if err != nil { return err } + if parser.pkg.PackageChecksums == nil { + parser.pkg.PackageChecksums = make(map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2, 9) + } switch subkey { - case "SHA1": - parser.pkg.PackageChecksumSHA1 = subvalue - case "SHA256": - parser.pkg.PackageChecksumSHA256 = subvalue - case "MD5": - parser.pkg.PackageChecksumMD5 = subvalue + case spdx.SHA1: + parser.pkg.PackageChecksums[spdx.SHA1] = spdx.Checksum2_2{Algorithm: spdx.SHA1, Value: subvalue} + case spdx.SHA256: + parser.pkg.PackageChecksums[spdx.SHA256] = spdx.Checksum2_2{Algorithm: spdx.SHA256, Value: subvalue} + case spdx.MD5: + parser.pkg.PackageChecksums[spdx.MD5] = spdx.Checksum2_2{Algorithm: spdx.MD5, Value: subvalue} default: return fmt.Errorf("got unknown checksum type %s", subkey) } + case "PackageHomePage": parser.pkg.PackageHomePage = value case "PackageSourceInfo": diff --git a/tvloader/parser2v2/parse_package_test.go b/tvloader/parser2v2/parse_package_test.go index 6f40170..38e7aba 100644 --- a/tvloader/parser2v2/parse_package_test.go +++ b/tvloader/parser2v2/parse_package_test.go @@ -353,14 +353,22 @@ func TestParser2_2CanParsePackageTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if parser.pkg.PackageChecksumSHA1 != codeSha1 { - t.Errorf("expected %s for PackageChecksumSHA1, got %s", codeSha1, parser.pkg.PackageChecksumSHA1) - } - if parser.pkg.PackageChecksumSHA256 != codeSha256 { - t.Errorf("expected %s for PackageChecksumSHA256, got %s", codeSha256, parser.pkg.PackageChecksumSHA256) - } - if parser.pkg.PackageChecksumMD5 != codeMd5 { - t.Errorf("expected %s for PackageChecksumMD5, got %s", codeMd5, parser.pkg.PackageChecksumMD5) + for _, checksum := range parser.pkg.PackageChecksums { + switch checksum.Algorithm { + case spdx.SHA1: + if checksum.Value != codeSha1 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha1, checksum.Value) + } + case spdx.SHA256: + if checksum.Value != codeSha256 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeSha256, checksum.Value) + } + case spdx.MD5: + if checksum.Value != codeMd5 { + t.Errorf("expected %s for FileChecksumSHA1, got %s", codeMd5, checksum.Value) + } + + } } // Package Home Page diff --git a/tvsaver/saver2v2/save_document_test.go b/tvsaver/saver2v2/save_document_test.go index d6d112b..3656504 100644 --- a/tvsaver/saver2v2/save_document_test.go +++ b/tvsaver/saver2v2/save_document_test.go @@ -29,19 +29,31 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + // FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + // FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } unFiles := map[spdx.ElementID]*spdx.File2_2{ @@ -71,8 +83,15 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f3 := &spdx.File2_2{ FileName: "/tmp/file-with-snippets.txt", FileSPDXIdentifier: spdx.ElementID("FileHasSnippets"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983e", - LicenseConcluded: "GPL-2.0-or-later AND WTFPL", + // FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983e", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983e", + }, + }, + + LicenseConcluded: "GPL-2.0-or-later AND WTFPL", LicenseInfoInFile: []string{ "Apache-2.0", "GPL-2.0-or-later", @@ -88,10 +107,17 @@ func TestSaver2_2DocumentSavesText(t *testing.T) { f4 := &spdx.File2_2{ FileName: "/tmp/another-file.txt", FileSPDXIdentifier: spdx.ElementID("FileAnother"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983f", - LicenseConcluded: "BSD-3-Clause", - LicenseInfoInFile: []string{"BSD-3-Clause"}, - FileCopyrightText: "Copyright (c) Jane Doe LLC", + // FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983f", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983f", + }, + }, + + LicenseConcluded: "BSD-3-Clause", + LicenseInfoInFile: []string{"BSD-3-Clause"}, + FileCopyrightText: "Copyright (c) Jane Doe LLC", } pkgWith := &spdx.Package2_2{ diff --git a/tvsaver/saver2v2/save_file.go b/tvsaver/saver2v2/save_file.go index 8edacfc..e8c1d4d 100644 --- a/tvsaver/saver2v2/save_file.go +++ b/tvsaver/saver2v2/save_file.go @@ -20,15 +20,20 @@ func renderFile2_2(f *spdx.File2_2, w io.Writer) error { for _, s := range f.FileType { fmt.Fprintf(w, "FileType: %s\n", s) } - if f.FileChecksumSHA1 != "" { - fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksumSHA1) + + if f.FileChecksums[spdx.SHA1].Value != "" { + fmt.Fprintf(w, "FileChecksum: SHA1: %s\n", f.FileChecksums[spdx.SHA1].Value) + } - if f.FileChecksumSHA256 != "" { - fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksumSHA256) + if f.FileChecksums[spdx.SHA256].Value != "" { + fmt.Fprintf(w, "FileChecksum: SHA256: %s\n", f.FileChecksums[spdx.SHA256].Value) + } - if f.FileChecksumMD5 != "" { - fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksumMD5) + if f.FileChecksums[spdx.MD5].Value != "" { + fmt.Fprintf(w, "FileChecksum: MD5: %s\n", f.FileChecksums[spdx.MD5].Value) + } + if f.LicenseConcluded != "" { fmt.Fprintf(w, "LicenseConcluded: %s\n", f.LicenseConcluded) } diff --git a/tvsaver/saver2v2/save_file_test.go b/tvsaver/saver2v2/save_file_test.go index 1fd4fca..0ee8374 100644 --- a/tvsaver/saver2v2/save_file_test.go +++ b/tvsaver/saver2v2/save_file_test.go @@ -18,10 +18,22 @@ func TestSaver2_2FileSavesText(t *testing.T) { "TEXT", "DOCUMENTATION", }, - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - FileChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - FileChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum2_2{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum2_2{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", "Apache-1.1", @@ -133,8 +145,14 @@ func TestSaver2_2FileSavesSnippetsAlso(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, @@ -182,8 +200,14 @@ func TestSaver2_2FileOmitsOptionalFieldsIfEmpty(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, @@ -218,8 +242,14 @@ func TestSaver2_2FileWrapsCopyrightMultiLine(t *testing.T) { f := &spdx.File2_2{ FileName: "/tmp/whatever.txt", FileSPDXIdentifier: spdx.ElementID("File123"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + + LicenseConcluded: "Apache-2.0", LicenseInfoInFile: []string{ "Apache-2.0", }, diff --git a/tvsaver/saver2v2/save_package.go b/tvsaver/saver2v2/save_package.go index 3a413cb..3fb9d7a 100644 --- a/tvsaver/saver2v2/save_package.go +++ b/tvsaver/saver2v2/save_package.go @@ -58,15 +58,20 @@ func renderPackage2_2(pkg *spdx.Package2_2, w io.Writer) error { fmt.Fprintf(w, "PackageVerificationCode: %s (excludes %s)\n", pkg.PackageVerificationCode, pkg.PackageVerificationCodeExcludedFile) } } - if pkg.PackageChecksumSHA1 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksumSHA1) + + if pkg.PackageChecksums[spdx.SHA1].Value != "" { + fmt.Fprintf(w, "PackageChecksum: SHA1: %s\n", pkg.PackageChecksums[spdx.SHA1].Value) + } - if pkg.PackageChecksumSHA256 != "" { - fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksumSHA256) + if pkg.PackageChecksums[spdx.SHA256].Value != "" { + fmt.Fprintf(w, "PackageChecksum: SHA256: %s\n", pkg.PackageChecksums[spdx.SHA256].Value) + } - if pkg.PackageChecksumMD5 != "" { - fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksumMD5) + if pkg.PackageChecksums[spdx.MD5].Value != "" { + fmt.Fprintf(w, "PackageChecksum: MD5: %s\n", pkg.PackageChecksums[spdx.MD5].Value) + } + if pkg.PackageHomePage != "" { fmt.Fprintf(w, "PackageHomePage: %s\n", pkg.PackageHomePage) } diff --git a/tvsaver/saver2v2/save_package_test.go b/tvsaver/saver2v2/save_package_test.go index 466ff7f..8a10d02 100644 --- a/tvsaver/saver2v2/save_package_test.go +++ b/tvsaver/saver2v2/save_package_test.go @@ -59,12 +59,24 @@ func TestSaver2_2PackageSavesTextCombo1(t *testing.T) { IsFilesAnalyzedTagPresent: true, PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", PackageVerificationCodeExcludedFile: "p1-0.1.0.spdx", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum2_2{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum2_2{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -150,12 +162,23 @@ func TestSaver2_2PackageSavesTextCombo2(t *testing.T) { FilesAnalyzed: true, IsFilesAnalyzedTagPresent: false, PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", - PackageHomePage: "http://example.com/p1", - PackageSourceInfo: "this is a source comment", - PackageLicenseConcluded: "GPL-2.0-or-later", + PackageChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum2_2{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum2_2{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", + PackageSourceInfo: "this is a source comment", + PackageLicenseConcluded: "GPL-2.0-or-later", PackageLicenseInfoFromFiles: []string{ "Apache-1.1", "Apache-2.0", @@ -232,9 +255,21 @@ func TestSaver2_2PackageSavesTextCombo3(t *testing.T) { // NOTE that verification code MUST be omitted from output // since FilesAnalyzed is false PackageVerificationCode: "0123456789abcdef0123456789abcdef01234567", - PackageChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - PackageChecksumSHA256: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", - PackageChecksumMD5: "624c1abb3664f4b35547e7c73864ad24", + PackageChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + spdx.SHA256: spdx.Checksum2_2{ + Algorithm: spdx.SHA256, + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + spdx.MD5: spdx.Checksum2_2{ + Algorithm: spdx.MD5, + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageHomePage: "http://example.com/p1", PackageSourceInfo: "this is a source comment", PackageLicenseConcluded: "GPL-2.0-or-later", @@ -351,19 +386,31 @@ func TestSaver2_2PackageSavesFilesIfPresent(t *testing.T) { f1 := &spdx.File2_2{ FileName: "/tmp/whatever1.txt", FileSPDXIdentifier: spdx.ElementID("File1231"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983c", - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, - FileCopyrightText: "Copyright (c) Jane Doe", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright (c) Jane Doe", } f2 := &spdx.File2_2{ FileName: "/tmp/whatever2.txt", FileSPDXIdentifier: spdx.ElementID("File1232"), - FileChecksumSHA1: "85ed0817af83a24ad8da68c2b5094de69833983d", - LicenseConcluded: "MIT", - LicenseInfoInFile: []string{"MIT"}, - FileCopyrightText: "Copyright (c) John Doe", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "85ed0817af83a24ad8da68c2b5094de69833983d", + }, + }, + + LicenseConcluded: "MIT", + LicenseInfoInFile: []string{"MIT"}, + FileCopyrightText: "Copyright (c) John Doe", } pkg := &spdx.Package2_2{ diff --git a/utils/verification.go b/utils/verification.go index 2d55e16..7c53841 100644 --- a/utils/verification.go +++ b/utils/verification.go @@ -53,7 +53,7 @@ func GetVerificationCode2_2(files map[spdx.ElementID]*spdx.File2_2, excludeFile return "", fmt.Errorf("got nil file for identifier %v", i) } if f.FileName != excludeFile { - shas = append(shas, f.FileChecksumSHA1) + shas = append(shas, f.FileChecksums[spdx.SHA1].Value) } } diff --git a/utils/verification_test.go b/utils/verification_test.go index 7f95d3c..10177bd 100644 --- a/utils/verification_test.go +++ b/utils/verification_test.go @@ -120,27 +120,52 @@ func TestPackage2_2CanGetVerificationCode(t *testing.T) { "File0": &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File1": &spdx.File2_2{ FileName: "file1.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File2": &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File3": &spdx.File2_2{ FileName: "file5.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, "File4": &spdx.File2_2{ FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, }, } @@ -161,27 +186,52 @@ func TestPackage2_2CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { spdx.ElementID("File0"): &spdx.File2_2{ FileName: "file1.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File1"): &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File1", - FileChecksumSHA1: "3333333333bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File2"): &spdx.File2_2{ FileName: "thisfile.spdx", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, }, spdx.ElementID("File3"): &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File3", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File4"): &spdx.File2_2{ FileName: "file4.txt", FileSPDXIdentifier: "File4", - FileChecksumSHA1: "2222222222bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, } @@ -202,13 +252,23 @@ func TestPackage2_2GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { spdx.ElementID("File0"): &spdx.File2_2{ FileName: "file2.txt", FileSPDXIdentifier: "File0", - FileChecksumSHA1: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, }, spdx.ElementID("File1"): nil, spdx.ElementID("File2"): &spdx.File2_2{ FileName: "file3.txt", FileSPDXIdentifier: "File2", - FileChecksumSHA1: "8888888888bbbbbbbbbbccccccccccdddddddddd", + FileChecksums: map[spdx.ChecksumAlgorithm2_2]spdx.Checksum2_2{ + spdx.SHA1: spdx.Checksum2_2{ + Algorithm: spdx.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, }, } |