From cd59ee66408a908f7ef94548814514f6bc9fc906 Mon Sep 17 00:00:00 2001 From: RishabhBhatnagar Date: Thu, 9 Jan 2020 20:39:55 +0530 Subject: Create Go Module - Unpack directory v0 to move all the content to the root directory. - ./v0/* converted to ./* - all the test cases were fixed to remove one directory less indexing for test files - add go.mod - go version 1.13 is used to have a relatively stable versioning system Signed-off-by: RishabhBhatnagar --- builder/build.go | 72 +++++ builder/build_test.go | 357 +++++++++++++++++++++++++ builder/builder2v1/build_creation_info.go | 59 ++++ builder/builder2v1/build_creation_info_test.go | 165 ++++++++++++ builder/builder2v1/build_file.go | 44 +++ builder/builder2v1/build_file_test.go | 59 ++++ builder/builder2v1/build_package.go | 59 ++++ builder/builder2v1/build_package_test.go | 146 ++++++++++ builder/builder2v1/build_relationship.go | 23 ++ builder/builder2v1/build_relationship_test.go | 31 +++ 10 files changed, 1015 insertions(+) create mode 100644 builder/build.go create mode 100644 builder/build_test.go create mode 100644 builder/builder2v1/build_creation_info.go create mode 100644 builder/builder2v1/build_creation_info_test.go create mode 100644 builder/builder2v1/build_file.go create mode 100644 builder/builder2v1/build_file_test.go create mode 100644 builder/builder2v1/build_package.go create mode 100644 builder/builder2v1/build_package_test.go create mode 100644 builder/builder2v1/build_relationship.go create mode 100644 builder/builder2v1/build_relationship_test.go (limited to 'builder') diff --git a/builder/build.go b/builder/build.go new file mode 100644 index 0000000..b5a5a55 --- /dev/null +++ b/builder/build.go @@ -0,0 +1,72 @@ +// Package builder is used to create tools-golang data structures for a given +// directory path's contents, with hashes, etc. filled in and with empty +// license data. +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package builder + +import ( + "github.com/spdx/tools-golang/builder/builder2v1" + "github.com/spdx/tools-golang/spdx" +) + +// Config2_1 is a collection of configuration settings for builder +// (for version 2.1 SPDX Documents). A few mandatory fields are set here +// so that they can be repeatedly reused in multiple calls to Build2_1. +type Config2_1 struct { + // NamespacePrefix should be a URI representing a prefix for the + // namespace with which the SPDX Document will be associated. + // It will be used in the DocumentNamespace field in the CreationInfo + // section, followed by the per-Document package name and a random UUID. + NamespacePrefix string + + // CreatorType should be one of "Person", "Organization" or "Tool". + // If not one of those strings, it will be interpreted as "Person". + CreatorType string + + // Creator will be filled in for the given CreatorType. + Creator string + + // PathsIgnored lists certain paths to be omitted from the built document. + // Each string should be a path, relative to the package's dirRoot, + // to a specific file or (for all files in a directory) ending in a slash. + // Prefix the string with "**" to omit all instances of that file / + // directory, regardless of where it is in the file tree. + PathsIgnored []string + + // TestValues is used to pass fixed values for testing purposes + // only, and should be set to nil for production use. It is only + // exported so that it will be accessible within builder2v1. + TestValues map[string]string +} + +// Build2_1 creates an SPDX Document (version 2.1), returning that document or +// error if any is encountered. Arguments: +// - packageName: name of package / directory +// - dirRoot: path to directory to be analyzed +// - config: Config object +func Build2_1(packageName string, dirRoot string, config *Config2_1) (*spdx.Document2_1, error) { + // build Package section first -- will include Files and make the + // package verification code available + pkg, err := builder2v1.BuildPackageSection2_1(packageName, dirRoot, config.PathsIgnored) + if err != nil { + return nil, err + } + + ci, err := builder2v1.BuildCreationInfoSection2_1(packageName, pkg.PackageVerificationCode, config.NamespacePrefix, config.CreatorType, config.Creator, config.TestValues) + if err != nil { + return nil, err + } + + rln, err := builder2v1.BuildRelationshipSection2_1(packageName) + if err != nil { + return nil, err + } + + doc := &spdx.Document2_1{ + CreationInfo: ci, + Packages: []*spdx.Package2_1{pkg}, + Relationships: []*spdx.Relationship2_1{rln}, + } + + return doc, nil +} diff --git a/builder/build_test.go b/builder/build_test.go new file mode 100644 index 0000000..48e5047 --- /dev/null +++ b/builder/build_test.go @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder + +import ( + "fmt" + "testing" +) + +// ===== Builder top-level Document test ===== +func TestBuild2_1CreatesDocument(t *testing.T) { + dirRoot := "../testdata/project1/" + + config := &Config2_1{ + NamespacePrefix: "https://github.com/swinslow/spdx-docs/spdx-go/testdata-", + CreatorType: "Person", + Creator: "John Doe", + TestValues: make(map[string]string), + } + config.TestValues["Created"] = "2018-10-19T04:38:00Z" + + wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + + doc, err := Build2_1("project1", dirRoot, config) + if err != nil { + t.Errorf("expected nil error, got %v", err) + } + if doc == nil { + t.Fatalf("expected non-nil Document, got nil") + } + + // check CI section + if doc.CreationInfo == nil { + t.Fatalf("expected non-nil CreationInfo section, got nil") + } + if doc.CreationInfo.SPDXVersion != "SPDX-2.1" { + t.Errorf("expected %s, got %s", "SPDX-2.1", doc.CreationInfo.SPDXVersion) + } + if doc.CreationInfo.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", doc.CreationInfo.DataLicense) + } + if doc.CreationInfo.SPDXIdentifier != "SPDXRef-DOCUMENT" { + t.Errorf("expected %s, got %s", "SPDXRef-DOCUMENT", doc.CreationInfo.SPDXIdentifier) + } + if doc.CreationInfo.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", doc.CreationInfo.DocumentName) + } + wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-project1-%s", wantVerificationCode) + if doc.CreationInfo.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, doc.CreationInfo.DocumentNamespace) + } + if len(doc.CreationInfo.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorPersons)) + } + if doc.CreationInfo.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", doc.CreationInfo.CreatorPersons[0]) + } + if len(doc.CreationInfo.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.CreationInfo.CreatorTools)) + } + if doc.CreationInfo.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", doc.CreationInfo.CreatorTools[0]) + } + if doc.CreationInfo.Created != "2018-10-19T04:38:00Z" { + t.Errorf("expected %s, got %s", "2018-10-19T04:38:00Z", doc.CreationInfo.Created) + } + + // check Package section + if doc.Packages == nil { + t.Fatalf("expected non-nil doc.Packages, got nil") + } + if len(doc.Packages) != 1 { + t.Fatalf("expected %d, got %d", 1, len(doc.Packages)) + } + pkg := doc.Packages[0] + if pkg.IsUnpackaged { + t.Errorf("expected %v, got %v", false, pkg.IsUnpackaged) + } + if pkg.PackageName != "project1" { + t.Errorf("expected %v, got %v", "project1", pkg.PackageName) + } + if pkg.PackageSPDXIdentifier != "SPDXRef-Package-project1" { + t.Errorf("expected %v, got %v", "SPDXRef-Package-project1", pkg.PackageSPDXIdentifier) + } + if pkg.PackageDownloadLocation != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation) + } + if pkg.FilesAnalyzed != true { + t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) + } + if pkg.PackageVerificationCode != wantVerificationCode { + t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) + } + if pkg.PackageLicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseConcluded) + } + if len(pkg.PackageLicenseInfoFromFiles) != 0 { + t.Errorf("expected %v, got %v", 0, len(pkg.PackageLicenseInfoFromFiles)) + } + if pkg.PackageLicenseDeclared != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseDeclared) + } + if pkg.PackageCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageCopyrightText) + } + + // check Files section + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + + // files should be in alphabetical order: + // emptyfile, file1, file3, folder/file4, lastfile + + // check emptyfile.testdata.txt + fileEmpty := pkg.Files[0] + if fileEmpty == nil { + t.Fatalf("expected non-nil file, got nil") + } + if fileEmpty.FileName != "/emptyfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/emptyfile.testdata.txt", fileEmpty.FileName) + } + if fileEmpty.FileSPDXIdentifier != "SPDXRef-File0" { + t.Errorf("expected %v, got %v", "SPDXRef-File0", fileEmpty.FileSPDXIdentifier) + } + if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + } + if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + } + if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + } + if fileEmpty.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) + } + if len(fileEmpty.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(fileEmpty.LicenseInfoInFile)) + } + if fileEmpty.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.FileCopyrightText) + } + + // check file1.testdata.txt + file1 := pkg.Files[1] + if file1 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file1.FileName != "/file1.testdata.txt" { + t.Errorf("expected %v, got %v", "/file1.testdata.txt", file1.FileName) + } + if file1.FileSPDXIdentifier != "SPDXRef-File1" { + t.Errorf("expected %v, got %v", "SPDXRef-File1", file1.FileSPDXIdentifier) + } + if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) + } + if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) + } + if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + } + if file1.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) + } + if len(file1.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file1.LicenseInfoInFile)) + } + if file1.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.FileCopyrightText) + } + + // check file3.testdata.txt + file3 := pkg.Files[2] + if file3 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file3.FileName != "/file3.testdata.txt" { + t.Errorf("expected %v, got %v", "/file3.testdata.txt", file3.FileName) + } + if file3.FileSPDXIdentifier != "SPDXRef-File2" { + t.Errorf("expected %v, got %v", "SPDXRef-File2", file3.FileSPDXIdentifier) + } + if file3.FileChecksumSHA1 != "a46114b70e163614f01c64adf44cdd438f158fce" { + t.Errorf("expected %v, got %v", "a46114b70e163614f01c64adf44cdd438f158fce", file3.FileChecksumSHA1) + } + if file3.FileChecksumSHA256 != "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4" { + t.Errorf("expected %v, got %v", "9fc181b9892720a15df1a1e561860318db40621bd4040ccdf18e110eb01d04b4", file3.FileChecksumSHA256) + } + if file3.FileChecksumMD5 != "3e02d3ab9c58eec6911dbba37570934f" { + t.Errorf("expected %v, got %v", "3e02d3ab9c58eec6911dbba37570934f", file3.FileChecksumMD5) + } + if file3.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.LicenseConcluded) + } + if len(file3.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file3.LicenseInfoInFile)) + } + if file3.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file3.FileCopyrightText) + } + + // check folder1/file4.testdata.txt + file4 := pkg.Files[3] + if file4 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file4.FileName != "/folder1/file4.testdata.txt" { + t.Errorf("expected %v, got %v", "folder1/file4.testdata.txt", file4.FileName) + } + if file4.FileSPDXIdentifier != "SPDXRef-File3" { + t.Errorf("expected %v, got %v", "SPDXRef-File3", file4.FileSPDXIdentifier) + } + if file4.FileChecksumSHA1 != "e623d7d7d782a7c8323c4d436acee4afab34320f" { + t.Errorf("expected %v, got %v", "e623d7d7d782a7c8323c4d436acee4afab34320f", file4.FileChecksumSHA1) + } + if file4.FileChecksumSHA256 != "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59" { + t.Errorf("expected %v, got %v", "574fa42c5e0806c0f8906a44884166540206f021527729407cd5326838629c59", file4.FileChecksumSHA256) + } + if file4.FileChecksumMD5 != "96e6a25d35df5b1c477710ef4d0c7210" { + t.Errorf("expected %v, got %v", "96e6a25d35df5b1c477710ef4d0c7210", file4.FileChecksumMD5) + } + if file4.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.LicenseConcluded) + } + if len(file4.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file4.LicenseInfoInFile)) + } + if file4.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file4.FileCopyrightText) + } + + // check lastfile.testdata.txt + lastfile := pkg.Files[4] + if lastfile == nil { + t.Fatalf("expected non-nil file, got nil") + } + if lastfile.FileName != "/lastfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/lastfile.testdata.txt", lastfile.FileName) + } + if lastfile.FileSPDXIdentifier != "SPDXRef-File4" { + t.Errorf("expected %v, got %v", "SPDXRef-File4", lastfile.FileSPDXIdentifier) + } + if lastfile.FileChecksumSHA1 != "26d6221d682d9ba59116f9753a701f34271c8ce1" { + t.Errorf("expected %v, got %v", "26d6221d682d9ba59116f9753a701f34271c8ce1", lastfile.FileChecksumSHA1) + } + if lastfile.FileChecksumSHA256 != "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805" { + t.Errorf("expected %v, got %v", "0a4bdaf990e9b330ff72022dd78110ae98b60e08337cf2105b89856373416805", lastfile.FileChecksumSHA256) + } + if lastfile.FileChecksumMD5 != "f60baa793870d9085461ad6bbab50b7f" { + t.Errorf("expected %v, got %v", "f60baa793870d9085461ad6bbab50b7f", lastfile.FileChecksumMD5) + } + if lastfile.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.LicenseConcluded) + } + if len(lastfile.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(lastfile.LicenseInfoInFile)) + } + if lastfile.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", lastfile.FileCopyrightText) + } + + // check Relationship section -- should be a relationship for doc DESCRIBES pkg + if doc.Relationships == nil { + t.Fatalf("expected non-nil Relationships section, got nil") + } + if len(doc.Relationships) == 0 { + t.Fatalf("expected %v, got %v", 0, len(doc.Relationships)) + } + rln := doc.Relationships[0] + if rln == nil { + t.Fatalf("expected non-nil Relationship, got nil") + } + if rln.RefA != "SPDXRef-DOCUMENT" { + t.Errorf("expected %v, got %v", "SPDXRef-DOCUMENT", rln.RefA) + } + if rln.RefB != "SPDXRef-Package-project1" { + t.Errorf("expected %v, got %v", "SPDXRef-Package-project1", rln.RefB) + } + if rln.Relationship != "DESCRIBES" { + t.Errorf("expected %v, got %v", "DESCRIBES", rln.Relationship) + } + + // and check that other sections are present, but empty + if doc.OtherLicenses != nil { + t.Fatalf("expected nil OtherLicenses section, got non-nil") + } + if doc.Annotations != nil { + t.Fatalf("expected nil Annotations section, got non-nil") + } + if doc.Reviews != nil { + t.Fatalf("expected nil Reviews section, got non-nil") + } + +} + +func TestBuild2_1CanIgnoreFiles(t *testing.T) { + dirRoot := "../testdata/project3/" + + config := &Config2_1{ + NamespacePrefix: "https://github.com/swinslow/spdx-docs/spdx-go/testdata-", + CreatorType: "Person", + Creator: "John Doe", + PathsIgnored: []string{ + "**/ignoredir/", + "/excludedir/", + "**/ignorefile.txt", + "/alsoEXCLUDEthis.txt", + }, + TestValues: make(map[string]string), + } + config.TestValues["Created"] = "2018-10-19T04:38:00Z" + + doc, err := Build2_1("project1", dirRoot, config) + if err != nil { + t.Errorf("expected nil error, got %v", err) + } + pkg := doc.Packages[0] + if len(pkg.Files) != 5 { + t.Fatalf("expected len %d, got %d", 5, len(pkg.Files)) + } + + want := "/dontscan.txt" + got := pkg.Files[0].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep/keep.txt" + got = pkg.Files[1].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep.txt" + got = pkg.Files[2].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/dontscan.txt" + got = pkg.Files[3].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/keep.txt" + got = pkg.Files[4].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } +} diff --git a/builder/builder2v1/build_creation_info.go b/builder/builder2v1/build_creation_info.go new file mode 100644 index 0000000..3a01528 --- /dev/null +++ b/builder/builder2v1/build_creation_info.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "fmt" + "time" + + "github.com/spdx/tools-golang/spdx" +) + +// BuildCreationInfoSection2_1 creates an SPDX Package (version 2.1), returning that +// package or error if any is encountered. Arguments: +// - packageName: name of package / directory +// - code: verification code from Package +// - namespacePrefix: prefix for DocumentNamespace (packageName and code will be added) +// - creatorType: one of Person, Organization or Tool +// - creator: creator string +// - testValues: for testing only; call with nil when using in production +func BuildCreationInfoSection2_1(packageName string, code string, namespacePrefix string, creatorType string, creator string, testValues map[string]string) (*spdx.CreationInfo2_1, error) { + // build creator slices + cPersons := []string{} + cOrganizations := []string{} + cTools := []string{} + // add builder as a tool + cTools = append(cTools, "github.com/spdx/tools-golang/builder") + + switch creatorType { + case "Person": + cPersons = append(cPersons, creator) + case "Organization": + cOrganizations = append(cOrganizations, creator) + case "Tool": + cTools = append(cTools, creator) + default: + cPersons = append(cPersons, creator) + } + + // use test Created time if passing test values + location, _ := time.LoadLocation("UTC") + locationTime := time.Now().In(location) + created := locationTime.Format("2006-01-02T15:04:05Z") + if testVal := testValues["Created"]; testVal != "" { + created = testVal + } + + ci := &spdx.CreationInfo2_1{ + SPDXVersion: "SPDX-2.1", + DataLicense: "CC0-1.0", + SPDXIdentifier: "SPDXRef-DOCUMENT", + DocumentName: packageName, + DocumentNamespace: fmt.Sprintf("%s%s-%s", namespacePrefix, packageName, code), + CreatorPersons: cPersons, + CreatorOrganizations: cOrganizations, + CreatorTools: cTools, + Created: created, + } + return ci, nil +} diff --git a/builder/builder2v1/build_creation_info_test.go b/builder/builder2v1/build_creation_info_test.go new file mode 100644 index 0000000..3cdfe83 --- /dev/null +++ b/builder/builder2v1/build_creation_info_test.go @@ -0,0 +1,165 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "fmt" + "testing" +) + +// ===== CreationInfo section builder tests ===== +func TestBuilder2_1CanBuildCreationInfoSection(t *testing.T) { + + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Organization" + creator := "Jane Doe LLC" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if ci.SPDXVersion != "SPDX-2.1" { + t.Errorf("expected %s, got %s", "SPDX-2.1", ci.SPDXVersion) + } + if ci.DataLicense != "CC0-1.0" { + t.Errorf("expected %s, got %s", "CC0-1.0", ci.DataLicense) + } + if ci.SPDXIdentifier != "SPDXRef-DOCUMENT" { + t.Errorf("expected %s, got %s", "SPDXRef-DOCUMENT", ci.SPDXIdentifier) + } + if ci.DocumentName != "project1" { + t.Errorf("expected %s, got %s", "project1", ci.DocumentName) + } + wantNamespace := fmt.Sprintf("https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-project1-%s", verificationCode) + if ci.DocumentNamespace != wantNamespace { + t.Errorf("expected %s, got %s", wantNamespace, ci.DocumentNamespace) + } + if len(ci.CreatorPersons) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) + } + if len(ci.CreatorOrganizations) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorOrganizations)) + } + if ci.CreatorOrganizations[0] != "Jane Doe LLC" { + t.Errorf("expected %s, got %s", "Jane Doe LLC", ci.CreatorOrganizations[0]) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } + if ci.Created != "2018-10-20T16:48:00Z" { + t.Errorf("expected %s, got %s", "2018-10-20T16:48:00Z", ci.Created) + } +} + +func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorPerson(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Person" + creator := "John Doe" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) + } + if ci.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } +} + +func TestBuilder2_1CanBuildCreationInfoSectionWithCreatorTool(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Tool" + creator := "some-other-tool-2.1" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorPersons)) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 2 { + t.Fatalf("expected %d, got %d", 2, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } + if ci.CreatorTools[1] != "some-other-tool-2.1" { + t.Errorf("expected %s, got %s", "some-other-tool-2.1", ci.CreatorTools[1]) + } +} + +func TestBuilder2_1CanBuildCreationInfoSectionWithInvalidPerson(t *testing.T) { + namespacePrefix := "https://github.com/swinslow/spdx-docs/spdx-go/testdata-whatever-" + creatorType := "Whatever" + creator := "John Doe" + testValues := make(map[string]string) + testValues["Created"] = "2018-10-20T16:48:00Z" + packageName := "project1" + verificationCode := "TESTCODE" + + ci, err := BuildCreationInfoSection2_1(packageName, verificationCode, namespacePrefix, creatorType, creator, testValues) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if ci == nil { + t.Fatalf("expected non-nil CreationInfo, got nil") + } + if len(ci.CreatorPersons) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorPersons)) + } + if ci.CreatorPersons[0] != "John Doe" { + t.Errorf("expected %s, got %s", "John Doe", ci.CreatorPersons[0]) + } + if len(ci.CreatorOrganizations) != 0 { + t.Fatalf("expected %d, got %d", 0, len(ci.CreatorOrganizations)) + } + if len(ci.CreatorTools) != 1 { + t.Fatalf("expected %d, got %d", 1, len(ci.CreatorTools)) + } + if ci.CreatorTools[0] != "github.com/spdx/tools-golang/builder" { + t.Errorf("expected %s, got %s", "github.com/spdx/tools-golang/builder", ci.CreatorTools[0]) + } +} diff --git a/builder/builder2v1/build_file.go b/builder/builder2v1/build_file.go new file mode 100644 index 0000000..c7cc6be --- /dev/null +++ b/builder/builder2v1/build_file.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "fmt" + "path/filepath" + + "github.com/spdx/tools-golang/spdx" + "github.com/spdx/tools-golang/utils" +) + +// BuildFileSection2_1 creates an SPDX File (version 2.1), returning that +// file or error if any is encountered. Arguments: +// - filePath: path to file, relative to prefix +// - prefix: relative directory for filePath +// - fileNumber: integer index (unique within package) to use in identifier +func BuildFileSection2_1(filePath string, prefix string, fileNumber int) (*spdx.File2_1, error) { + // build the full file path + p := filepath.Join(prefix, filePath) + + // make sure we can get the file and its hashes + ssha1, ssha256, smd5, err := utils.GetHashesForFilePath(p) + if err != nil { + return nil, err + } + + // build the identifier + i := fmt.Sprintf("SPDXRef-File%d", fileNumber) + + // now build the File section + f := &spdx.File2_1{ + FileName: filePath, + FileSPDXIdentifier: i, + FileChecksumSHA1: ssha1, + FileChecksumSHA256: ssha256, + FileChecksumMD5: smd5, + LicenseConcluded: "NOASSERTION", + LicenseInfoInFile: []string{}, + FileCopyrightText: "NOASSERTION", + } + + return f, nil +} diff --git a/builder/builder2v1/build_file_test.go b/builder/builder2v1/build_file_test.go new file mode 100644 index 0000000..66816ba --- /dev/null +++ b/builder/builder2v1/build_file_test.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "testing" +) + +// ===== File section builder tests ===== +func TestBuilder2_1CanBuildFileSection(t *testing.T) { + filePath := "/file1.testdata.txt" + prefix := "../../testdata/project1/" + fileNumber := 17 + + file1, err := BuildFileSection2_1(filePath, prefix, fileNumber) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if file1 == nil { + t.Fatalf("expected non-nil file, got nil") + } + if file1.FileName != "/file1.testdata.txt" { + t.Errorf("expected %v, got %v", "/file1.testdata.txt", file1.FileName) + } + if file1.FileSPDXIdentifier != "SPDXRef-File17" { + t.Errorf("expected %v, got %v", "SPDXRef-File17", file1.FileSPDXIdentifier) + } + if file1.FileChecksumSHA1 != "024f870eb6323f532515f7a09d5646a97083b819" { + t.Errorf("expected %v, got %v", "024f870eb6323f532515f7a09d5646a97083b819", file1.FileChecksumSHA1) + } + if file1.FileChecksumSHA256 != "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf" { + t.Errorf("expected %v, got %v", "b14e44284ca477b4c0db34b15ca4c454b2947cce7883e22321cf2984050e15bf", file1.FileChecksumSHA256) + } + if file1.FileChecksumMD5 != "37c8208479dfe42d2bb29debd6e32d4a" { + t.Errorf("expected %v, got %v", "37c8208479dfe42d2bb29debd6e32d4a", file1.FileChecksumMD5) + } + if file1.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.LicenseConcluded) + } + if len(file1.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(file1.LicenseInfoInFile)) + } + if file1.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", file1.FileCopyrightText) + } + +} + +func TestBuilder2_1BuildFileSectionFailsForInvalidFilePath(t *testing.T) { + filePath := "/file1.testdata.txt" + prefix := "oops/wrong/path" + fileNumber := 11 + + _, err := BuildFileSection2_1(filePath, prefix, fileNumber) + if err == nil { + t.Fatalf("expected non-nil error, got nil") + } +} diff --git a/builder/builder2v1/build_package.go b/builder/builder2v1/build_package.go new file mode 100644 index 0000000..d2f0ec9 --- /dev/null +++ b/builder/builder2v1/build_package.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "fmt" + + "github.com/spdx/tools-golang/spdx" + "github.com/spdx/tools-golang/utils" +) + +// BuildPackageSection2_1 creates an SPDX Package (version 2.1), returning +// that package or error if any is encountered. Arguments: +// - packageName: name of package / directory +// - dirRoot: path to directory to be analyzed +// - pathsIgnore: slice of strings for filepaths to ignore +func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []string) (*spdx.Package2_1, error) { + // build the file section first, so we'll have it available + // for calculating the package verification code + filepaths, err := utils.GetAllFilePaths(dirRoot, pathsIgnore) + if err != nil { + return nil, err + } + + files := []*spdx.File2_1{} + fileNumber := 0 + for _, fp := range filepaths { + newFile, err := BuildFileSection2_1(fp, dirRoot, fileNumber) + if err != nil { + return nil, err + } + files = append(files, newFile) + fileNumber++ + } + + // get the verification code + code, err := utils.GetVerificationCode2_1(files, "") + if err != nil { + return nil, err + } + + // now build the package section + pkg := &spdx.Package2_1{ + IsUnpackaged: false, + PackageName: packageName, + PackageSPDXIdentifier: fmt.Sprintf("SPDXRef-Package-%s", packageName), + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + PackageVerificationCode: code, + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseInfoFromFiles: []string{}, + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + Files: files, + } + + return pkg, nil +} diff --git a/builder/builder2v1/build_package_test.go b/builder/builder2v1/build_package_test.go new file mode 100644 index 0000000..68aa5b5 --- /dev/null +++ b/builder/builder2v1/build_package_test.go @@ -0,0 +1,146 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "testing" +) + +// ===== Package section builder tests ===== +func TestBuilder2_1CanBuildPackageSection(t *testing.T) { + packageName := "project1" + dirRoot := "../../testdata/project1/" + + wantVerificationCode := "fc9ac4a370af0a471c2e52af66d6b4cf4e2ba12b" + + pkg, err := BuildPackageSection2_1(packageName, dirRoot, nil) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if pkg == nil { + t.Fatalf("expected non-nil Package, got nil") + } + if pkg.IsUnpackaged { + t.Errorf("expected %v, got %v", false, pkg.IsUnpackaged) + } + if pkg.PackageName != "project1" { + t.Errorf("expected %v, got %v", "project1", pkg.PackageName) + } + if pkg.PackageSPDXIdentifier != "SPDXRef-Package-project1" { + t.Errorf("expected %v, got %v", "SPDXRef-Package-project1", pkg.PackageSPDXIdentifier) + } + if pkg.PackageDownloadLocation != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation) + } + if pkg.FilesAnalyzed != true { + t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed) + } + if pkg.IsFilesAnalyzedTagPresent != true { + t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent) + } + if pkg.PackageVerificationCode != wantVerificationCode { + t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode) + } + if pkg.PackageLicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseConcluded) + } + if len(pkg.PackageLicenseInfoFromFiles) != 0 { + t.Errorf("expected %v, got %v", 0, len(pkg.PackageLicenseInfoFromFiles)) + } + if pkg.PackageLicenseDeclared != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageLicenseDeclared) + } + if pkg.PackageCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageCopyrightText) + } + + // and make sure we got the right number of files, and check the first one + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + fileEmpty := pkg.Files[0] + if fileEmpty == nil { + t.Fatalf("expected non-nil file, got nil") + } + if fileEmpty.FileName != "/emptyfile.testdata.txt" { + t.Errorf("expected %v, got %v", "/emptyfile.testdata.txt", fileEmpty.FileName) + } + if fileEmpty.FileSPDXIdentifier != "SPDXRef-File0" { + t.Errorf("expected %v, got %v", "SPDXRef-File0", fileEmpty.FileSPDXIdentifier) + } + if fileEmpty.FileChecksumSHA1 != "da39a3ee5e6b4b0d3255bfef95601890afd80709" { + t.Errorf("expected %v, got %v", "da39a3ee5e6b4b0d3255bfef95601890afd80709", fileEmpty.FileChecksumSHA1) + } + if fileEmpty.FileChecksumSHA256 != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" { + t.Errorf("expected %v, got %v", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", fileEmpty.FileChecksumSHA256) + } + if fileEmpty.FileChecksumMD5 != "d41d8cd98f00b204e9800998ecf8427e" { + t.Errorf("expected %v, got %v", "d41d8cd98f00b204e9800998ecf8427e", fileEmpty.FileChecksumMD5) + } + if fileEmpty.LicenseConcluded != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.LicenseConcluded) + } + if len(fileEmpty.LicenseInfoInFile) != 0 { + t.Errorf("expected %v, got %v", 0, len(fileEmpty.LicenseInfoInFile)) + } + if fileEmpty.FileCopyrightText != "NOASSERTION" { + t.Errorf("expected %v, got %v", "NOASSERTION", fileEmpty.FileCopyrightText) + } +} + +func TestBuilder2_1CanIgnoreFiles(t *testing.T) { + packageName := "project3" + dirRoot := "../../testdata/project3/" + pathsIgnored := []string{ + "**/ignoredir/", + "/excludedir/", + "**/ignorefile.txt", + "/alsoEXCLUDEthis.txt", + } + pkg, err := BuildPackageSection2_1(packageName, dirRoot, pathsIgnored) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + // make sure we got the right files + if pkg.Files == nil { + t.Fatalf("expected non-nil pkg.Files, got nil") + } + if len(pkg.Files) != 5 { + t.Fatalf("expected %d, got %d", 5, len(pkg.Files)) + } + + want := "/dontscan.txt" + got := pkg.Files[0].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep/keep.txt" + got = pkg.Files[1].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/keep.txt" + got = pkg.Files[2].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/dontscan.txt" + got = pkg.Files[3].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } + + want = "/subdir/keep/keep.txt" + got = pkg.Files[4].FileName + if want != got { + t.Errorf("expected %v, got %v", want, got) + } +} diff --git a/builder/builder2v1/build_relationship.go b/builder/builder2v1/build_relationship.go new file mode 100644 index 0000000..2215581 --- /dev/null +++ b/builder/builder2v1/build_relationship.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +// BuildRelationshipSection2_1 creates an SPDX Relationship (version 2.1) +// solely for the document "DESCRIBES" package relationship, returning that +// relationship or error if any is encountered. Arguments: +// - packageName: name of package / directory +func BuildRelationshipSection2_1(packageName string) (*spdx.Relationship2_1, error) { + rln := &spdx.Relationship2_1{ + RefA: "SPDXRef-DOCUMENT", + RefB: fmt.Sprintf("SPDXRef-Package-%s", packageName), + Relationship: "DESCRIBES", + } + + return rln, nil +} diff --git a/builder/builder2v1/build_relationship_test.go b/builder/builder2v1/build_relationship_test.go new file mode 100644 index 0000000..c8a2dac --- /dev/null +++ b/builder/builder2v1/build_relationship_test.go @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package builder2v1 + +import ( + "testing" +) + +// ===== Relationship section builder tests ===== +func TestBuilder2_1CanBuildRelationshipSection(t *testing.T) { + packageName := "project17" + + rln, err := BuildRelationshipSection2_1(packageName) + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + + if rln == nil { + t.Fatalf("expected non-nil relationship, got nil") + } + if rln.RefA != "SPDXRef-DOCUMENT" { + t.Errorf("expected %v, got %v", "SPDXRef-DOCUMENT", rln.RefA) + } + if rln.RefB != "SPDXRef-Package-project17" { + t.Errorf("expected %v, got %v", "SPDXRef-Package-project17", rln.RefB) + } + if rln.Relationship != "DESCRIBES" { + t.Errorf("expected %v, got %v", "DESCRIBES", rln.Relationship) + } + +} -- cgit v1.2.3