From 2d6415b91b50e0ffef970413f8c8835c157d1a6e Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Thu, 8 Jul 2021 22:21:36 +0530 Subject: [PATCH 01/31] JSONsaver : lay down initia setup of jsonsaver Signed-off-by: Ujjwal Agarwal --- jsonsaver/jsonsaver.go | 18 ++++++ jsonsaver/saver2v2/save_creation_info.go | 74 +++++++++++++++++++++++ jsonsaver/saver2v2/save_document.go | 44 ++++++++++++++ jsonsaver/saver2v2/save_document_test.go | 70 +++++++++++++++++++++ jsonsaver/saver2v2/save_other_licenses.go | 0 5 files changed, 206 insertions(+) create mode 100644 jsonsaver/jsonsaver.go create mode 100644 jsonsaver/saver2v2/save_creation_info.go create mode 100644 jsonsaver/saver2v2/save_document.go create mode 100644 jsonsaver/saver2v2/save_document_test.go create mode 100644 jsonsaver/saver2v2/save_other_licenses.go diff --git a/jsonsaver/jsonsaver.go b/jsonsaver/jsonsaver.go new file mode 100644 index 00000000..ee14987b --- /dev/null +++ b/jsonsaver/jsonsaver.go @@ -0,0 +1,18 @@ +package jsonsaver + +import ( + "bytes" + "io" + + "github.com/spdx/tools-golang/jsonsaver/saver2v2" + "github.com/spdx/tools-golang/spdx" +) + +// Save2_2 takes an io.Writer and an SPDX Document (version 2.2), +// and writes it to the writer in json format. It returns error +// if any error is encountered. +func Save2_2(doc *spdx.Document2_2, w io.Writer) error { + var b []byte + buf := bytes.NewBuffer(b) + return saver2v2.RenderDocument2_2(doc, buf) +} diff --git a/jsonsaver/saver2v2/save_creation_info.go b/jsonsaver/saver2v2/save_creation_info.go new file mode 100644 index 00000000..e13684d9 --- /dev/null +++ b/jsonsaver/saver2v2/save_creation_info.go @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, buf *bytes.Buffer) error { + if ci.SPDXIdentifier != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "SPDXID", spdx.RenderElementID(ci.SPDXIdentifier)) + } + if ci.SPDXVersion != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "spdxVersion", ci.SPDXVersion) + } + if ci.CreatorComment != "" || ci.Created != "" || ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil || ci.LicenseListVersion != "" { + fmt.Fprintf(buf, "\"%s\": %s", "creationInfo", "{") + if ci.CreatorComment != "" { + commentjson, _ := json.Marshal(ci.CreatorComment) + fmt.Fprintf(buf, "\"%s\": %s,", "comment", commentjson) + } + if ci.Created != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "created", ci.Created) + } + if ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil { + var creators []string + for _, v := range ci.CreatorPersons { + creators = append(creators, fmt.Sprintf("Person: %s", v)) + } + for _, v := range ci.CreatorOrganizations { + creators = append(creators, fmt.Sprintf("Organization: %s", v)) + } + for _, v := range ci.CreatorTools { + creators = append(creators, fmt.Sprintf("Tool: %s", v)) + } + creatorsjson, _ := json.Marshal(creators) + fmt.Fprintf(buf, "\"%s\": %s ,", "creators", creatorsjson) + } + if ci.LicenseListVersion != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "licenseListVersion", ci.LicenseListVersion) + } + fmt.Fprintf(buf, "%s", "},") + } + if ci.DocumentName != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "name", ci.DocumentName) + } + if ci.DataLicense != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "dataLicense", ci.DataLicense) + } + if ci.DocumentComment != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "comment", ci.DocumentComment) + } + if ci.ExternalDocumentReferences != nil { + var refs []interface{} + for _, v := range ci.ExternalDocumentReferences { + aa := make(map[string]interface{}) + aa["externalDocumentId"] = v.DocumentRefID + aa["checksum"] = map[string]string{ + "algorithm": v.Alg, + "checksumValue": v.Checksum, + } + aa["spdxDocument"] = v.URI + refs = append(refs, aa) + } + refsjson, _ := json.Marshal(refs) + fmt.Fprintf(buf, "\"%s\": %s ,", "externalDocumentRefs", refsjson) + } + + return nil +} diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go new file mode 100644 index 00000000..d08ab236 --- /dev/null +++ b/jsonsaver/saver2v2/save_document.go @@ -0,0 +1,44 @@ +// Package saver2v2 contains functions to render and write a json +// formatted version of an in-memory SPDX document and its sections +// (version 2.2). +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + "log" + + "github.com/spdx/tools-golang/spdx" +) + +// RenderDocument2_2 is the main entry point to take an SPDX in-memory +// Document (version 2.2), and render it to the received *bytes.Buffer. +// It is only exported in order to be available to the jsonsaver package, +// and typically does not need to be called by client code. +func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { + + fmt.Fprintln(buf, "{") + // start to parse the creationInfo + if doc.CreationInfo == nil { + return fmt.Errorf("document had nil CreationInfo section") + } + renderCreationInfo2_2(doc.CreationInfo, buf) + + // parsing ends + buf.WriteRune('}') + // remove the pattern ",}" from the json + final := bytes.ReplaceAll(buf.Bytes(), []byte(",}"), []byte("}")) + // indent the json + var b []byte + newbuf := bytes.NewBuffer(b) + err := json.Indent(newbuf, final, "", "\t") + if err != nil { + return err + } + str := newbuf.String() + logger := log.Default() + logger.Fatal(str) + return nil +} diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go new file mode 100644 index 00000000..38a3b58b --- /dev/null +++ b/jsonsaver/saver2v2/save_document_test.go @@ -0,0 +1,70 @@ +// Package saver2v2 contains functions to render and write a json +// formatted version of an in-memory SPDX document and its sections +// (version 2.2). +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package saver2v2 + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func TestRenderDocument2_2(t *testing.T) { + + test1 := &spdx.Document2_2{ + CreationInfo: &spdx.CreationInfo2_2{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXIdentifier: spdx.ElementID("DOCUMENT"), + DocumentName: "tools-golang-0.0.1.abcdef", + DocumentNamespace: "https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever", + CreatorPersons: []string{ + "John Doe ()", + }, + CreatorOrganizations: []string{"ExampleCodeInspect"}, + CreatorTools: []string{"LicenseFind-1.0"}, + DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", + LicenseListVersion: "3.8", + CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + Created: "2018-10-10T06:20:00Z", + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ + "spdx-tool-1.2": { + DocumentRefID: "spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + } + var b []byte + + type args struct { + doc *spdx.Document2_2 + buf *bytes.Buffer + } + tests := []struct { + name string + args args + wantErr bool + }{ + // TODO: Add test cases. + { + name: "success test ", + args: args{ + doc: test1, + buf: bytes.NewBuffer(b), + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { + t.Errorf("RenderDocument2_2() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/jsonsaver/saver2v2/save_other_licenses.go b/jsonsaver/saver2v2/save_other_licenses.go new file mode 100644 index 00000000..e69de29b From 45a2a5263438127c11340e522aa76f0f0769dd99 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Thu, 8 Jul 2021 23:37:52 +0530 Subject: [PATCH 02/31] jsonSaver : saved other licenses to json - parsed other licenses from spdx.Doxument2_2 to json - tests pending Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 4 +++ jsonsaver/saver2v2/save_document_test.go | 25 ++++++++++++++++ jsonsaver/saver2v2/save_other_license.go | 35 +++++++++++++++++++++++ jsonsaver/saver2v2/save_other_licenses.go | 0 4 files changed, 64 insertions(+) create mode 100644 jsonsaver/saver2v2/save_other_license.go delete mode 100644 jsonsaver/saver2v2/save_other_licenses.go diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index d08ab236..80a24f8c 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -26,6 +26,10 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } renderCreationInfo2_2(doc.CreationInfo, buf) + if doc.OtherLicenses != nil { + renderOtherLicenses2_2(doc.OtherLicenses, buf) + } + // parsing ends buf.WriteRune('}') // remove the pattern ",}" from the json diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 38a3b58b..bda27f6f 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -38,6 +38,31 @@ func TestRenderDocument2_2(t *testing.T) { }, }, }, + OtherLicenses: []*spdx.OtherLicense2_2{ + { + ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp Date: Sat, 10 Jul 2021 02:45:14 +0530 Subject: [PATCH 03/31] Jsonsaver : Saved document annotations from struct to json - Saved annoations on the root document from struct to json - unit tests pending Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_annotations.go | 30 +++++++++++++++++ jsonsaver/saver2v2/save_document.go | 8 +++++ jsonsaver/saver2v2/save_document_test.go | 42 ++++++++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 jsonsaver/saver2v2/save_annotations.go diff --git a/jsonsaver/saver2v2/save_annotations.go b/jsonsaver/saver2v2/save_annotations.go new file mode 100644 index 00000000..48786f3f --- /dev/null +++ b/jsonsaver/saver2v2/save_annotations.go @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func renderAnnotations2_2(annotations []*spdx.Annotation2_2, buf *bytes.Buffer) error { + + var ann []interface{} + for _, v := range annotations { + annotation := make(map[string]interface{}) + annotation["annotationDate"] = v.AnnotationDate + annotation["annotationType"] = v.AnnotationType + annotation["annotator"] = fmt.Sprintf("%s: %s", v.AnnotatorType, v.Annotator) + if v.AnnotationComment != "" { + annotation["comment"] = v.AnnotationComment + } + ann = append(ann, annotation) + } + annotationjson, _ := json.Marshal(ann) + fmt.Fprintf(buf, "\"%s\": %s ,", "annotations", annotationjson) + + return nil +} diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 80a24f8c..9accf545 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -30,6 +30,14 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { renderOtherLicenses2_2(doc.OtherLicenses, buf) } + if doc.Annotations != nil { + renderAnnotations2_2(doc.Annotations, buf) + } + + if doc.CreationInfo.DocumentNamespace != "" { + fmt.Fprintf(buf, "\"%s\": \"%s\",", "documentNamespace", doc.CreationInfo.DocumentNamespace) + } + // parsing ends buf.WriteRune('}') // remove the pattern ",}" from the json diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index bda27f6f..772ba1ba 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -63,6 +63,48 @@ func TestRenderDocument2_2(t *testing.T) { LicenseIdentifier: "LicenseRef-1", }, }, + Annotations: []*spdx.Annotation2_2{ + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "File Commenter", + AnnotationComment: "File level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Package Commenter", + AnnotationComment: "Package level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-02-10T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Joe Reviewer", + AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2011-03-13T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Suzanne Reviewer", + AnnotationComment: "Another example reviewer.", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Jane Doe ()", + AnnotationComment: "Document level annotation", + }, + }, } var b []byte From 9d1037e9c48031f4d30fd00e760e49e16fc1794e Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sat, 10 Jul 2021 02:59:23 +0530 Subject: [PATCH 04/31] JsonSaver : saved document describes from spdx struct to json - Saved document describes from spdxStruct to json - unit tests pending from this section Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 9 + jsonsaver/saver2v2/save_document_test.go | 237 +++++++++++++++++++++++ 2 files changed, 246 insertions(+) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 9accf545..8702b490 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -11,6 +11,7 @@ import ( "log" "github.com/spdx/tools-golang/spdx" + "github.com/spdx/tools-golang/spdxlib" ) // RenderDocument2_2 is the main entry point to take an SPDX in-memory @@ -38,6 +39,14 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { fmt.Fprintf(buf, "\"%s\": \"%s\",", "documentNamespace", doc.CreationInfo.DocumentNamespace) } + describes, _ := spdxlib.GetDescribedPackageIDs2_2(doc) + var describesID []string + for _, v := range describes { + describesID = append(describesID, spdx.RenderElementID(v)) + } + describesjson, _ := json.Marshal(describesID) + fmt.Fprintf(buf, "\"%s\": %s,", "documentDescribes", describesjson) + // parsing ends buf.WriteRune('}') // remove the pattern ",}" from the json diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 772ba1ba..4d228d04 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -105,6 +105,243 @@ func TestRenderDocument2_2(t *testing.T) { AnnotationComment: "Document level annotation", }, }, + Relationships: []*spdx.Relationship2_2{ + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + RefB: spdx.DocElementID{DocumentRefID: "spdx-tool-1.2", ElementRefID: "ToolsElement"}, + Relationship: "COPY_OF", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + Relationship: "CONTAINS", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + Relationship: "DESCRIBES", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + Relationship: "DESCRIBES", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Saxon"}, + Relationship: "DYNAMIC_LINK", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, + Relationship: "CONTAINS", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "CommonsLangSrc"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "", SpecialID: "NOASSERTION"}, + Relationship: "GENERATED_FROM", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "JenaLib"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + Relationship: "CONTAINS", + }, + { + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "fromDoap-0"}, + Relationship: "GENERATED_FROM", + }, + }, + Packages: map[spdx.ElementID]*spdx.Package2_2{ + "Package": { + PackageSPDXIdentifier: "Package", + PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA256": { + Algorithm: "SHA256", + Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", + }, + "SHA1": { + Algorithm: "SHA1", + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + PackageCopyrightText: "Copyright 2008-2010 John Smith", + PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + PackageExternalReferences: []*spdx.PackageExternalReference2_2{ + { + RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + ExternalRefComment: "This is the external ref for Acme", + Category: "OTHER", + Locator: "acmecorp/acmenator/4.1.3-alpha", + }, + { + RefType: "http://spdx.org/rdf/references/cpe23Type", + Category: "SECURITY", + Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + }, + }, + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, + Files: map[spdx.ElementID]*spdx.File2_2{ + "DoapSource": { + FileSPDXIdentifier: "DoapSource", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", + }, + }, + Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ + "Snippet": { + SnippetSPDXIdentifier: "Snippet", + SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, + SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", + SnippetCopyrightText: "Copyright 2008-2010 John Smith", + SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", + SnippetLicenseConcluded: "GPL-2.0-only", + LicenseInfoInSnippet: []string{"GPL-2.0-only"}, + SnippetName: "from linux kernel", + SnippetByteRangeStart: 310, + SnippetByteRangeEnd: 420, + SnippetLineRangeStart: 5, + SnippetLineRangeEnd: 23, + }, + }, + FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", + FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, + FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, + FileName: "./src/org/spdx/parser/DOAPProject.java", + FileType: []string{"SOURCE"}, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + }, + "CommonsLangSrc": { + FileSPDXIdentifier: "CommonsLangSrc", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", + }, + }, + FileComment: "This file is used by Jena", + FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", + FileContributor: []string{"Apache Software Foundation"}, + FileName: "./lib-source/commons-lang3-3.1-sources.jar", + FileType: []string{"ARCHIVE"}, + LicenseConcluded: "Apache-2.0", + LicenseInfoInFile: []string{"Apache-2.0"}, + FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", + }, + "JenaLib": { + FileSPDXIdentifier: "JenaLib", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", + }, + }, + FileComment: "This file belongs to Jena", + FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + FileContributor: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, + FileDependencies: []string{"SPDXRef-CommonsLangSrc"}, + FileName: "./lib-source/jena-2.6.3-sources.jar", + FileType: []string{"ARCHIVE"}, + LicenseComments: "This license is used by Jena", + LicenseConcluded: "LicenseRef-1", + LicenseInfoInFile: []string{"LicenseRef-1"}, + }, + }, + PackageHomePage: "http://ftp.gnu.org/gnu/glibc", + PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", + PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", + PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", + PackageLicenseInfoFromFiles: []string{"GPL-2.0-only", "LicenseRef-2", "LicenseRef-1"}, + PackageName: "glibc", + PackageOriginatorOrganization: "ExampleCodeInspect (contact@example.com)", + PackageFileName: "glibc-2.11.1.tar.gz", + PackageVerificationCodeExcludedFile: "./package.spdx", + PackageVerificationCode: "d6a770ba38583ed4bb4525bd96e50461655d2758", + PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", + PackageSummary: "GNU C library.", + PackageSupplierPerson: "Jane Doe (jane.doe@example.com)", + PackageVersion: "2.11.1", + }, + "fromDoap-1": { + PackageSPDXIdentifier: "fromDoap-1", + PackageComment: "This package was converted from a DOAP Project by the same name", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://commons.apache.org/proper/commons-lang/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageName: "Apache Commons Lang", + }, + "fromDoap-0": { + PackageSPDXIdentifier: "fromDoap-0", + PackageComment: "This package was converted from a DOAP Project by the same name", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://www.openjena.org/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageName: "Jena", + }, + + "Saxon": { + PackageSPDXIdentifier: "Saxon", + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "85ed0817af83a24ad8da68c2b5094de69833983c", + }, + }, + PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", + PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://saxon.sourceforge.net/", + PackageLicenseComments: "Other versions available for a commercial license", + PackageLicenseConcluded: "MPL-1.0", + PackageLicenseDeclared: "MPL-1.0", + PackageName: "Saxon", + PackageFileName: "saxonB-8.8.zip", + PackageVersion: "8.8", + }, + }, + UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ + "File": { + FileSPDXIdentifier: "File", + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", + }, + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, + FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", + FileCopyrightText: "Copyright 2008-2010 John Smith", + FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, + FileName: "./package/foo.c", + FileType: []string{"SOURCE"}, + LicenseComments: "The concluded license was taken from the package level that the file was included in.", + LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", + LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, + FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + }, + }, } var b []byte From 9787338bad226aa230fc23a1354ef6de61d3679e Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sat, 10 Jul 2021 15:45:14 +0530 Subject: [PATCH 05/31] Jsonsaver : saved packages and relationships from spdx to json - saved packages from spdx struct to json - saved relationships froms spdx struct to json Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_annotations.go | 25 ++-- jsonsaver/saver2v2/save_document.go | 26 +++- jsonsaver/saver2v2/save_package.go | 145 +++++++++++++++++++++++ jsonsaver/saver2v2/save_relationships.go | 23 ++++ 4 files changed, 199 insertions(+), 20 deletions(-) create mode 100644 jsonsaver/saver2v2/save_package.go create mode 100644 jsonsaver/saver2v2/save_relationships.go diff --git a/jsonsaver/saver2v2/save_annotations.go b/jsonsaver/saver2v2/save_annotations.go index 48786f3f..0a69c2ca 100644 --- a/jsonsaver/saver2v2/save_annotations.go +++ b/jsonsaver/saver2v2/save_annotations.go @@ -3,28 +3,25 @@ package saver2v2 import ( - "bytes" - "encoding/json" "fmt" "github.com/spdx/tools-golang/spdx" ) -func renderAnnotations2_2(annotations []*spdx.Annotation2_2, buf *bytes.Buffer) error { +func renderAnnotations2_2(annotations []*spdx.Annotation2_2, eID spdx.DocElementID) ([]interface{}, error) { var ann []interface{} for _, v := range annotations { - annotation := make(map[string]interface{}) - annotation["annotationDate"] = v.AnnotationDate - annotation["annotationType"] = v.AnnotationType - annotation["annotator"] = fmt.Sprintf("%s: %s", v.AnnotatorType, v.Annotator) - if v.AnnotationComment != "" { - annotation["comment"] = v.AnnotationComment + if v.AnnotationSPDXIdentifier == eID { + annotation := make(map[string]interface{}) + annotation["annotationDate"] = v.AnnotationDate + annotation["annotationType"] = v.AnnotationType + annotation["annotator"] = fmt.Sprintf("%s: %s", v.AnnotatorType, v.Annotator) + if v.AnnotationComment != "" { + annotation["comment"] = v.AnnotationComment + } + ann = append(ann, annotation) } - ann = append(ann, annotation) } - annotationjson, _ := json.Marshal(ann) - fmt.Fprintf(buf, "\"%s\": %s ,", "annotations", annotationjson) - - return nil + return ann, nil } diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 8702b490..aba21011 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -32,7 +32,9 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } if doc.Annotations != nil { - renderAnnotations2_2(doc.Annotations, buf) + ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) + annotationjson, _ := json.Marshal(ann) + fmt.Fprintf(buf, "\"%s\": %s ,", "annotations", annotationjson) } if doc.CreationInfo.DocumentNamespace != "" { @@ -40,12 +42,24 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } describes, _ := spdxlib.GetDescribedPackageIDs2_2(doc) - var describesID []string - for _, v := range describes { - describesID = append(describesID, spdx.RenderElementID(v)) + if describes != nil { + var describesID []string + for _, v := range describes { + describesID = append(describesID, spdx.RenderElementID(v)) + } + describesjson, _ := json.Marshal(describesID) + fmt.Fprintf(buf, "\"%s\": %s,", "documentDescribes", describesjson) + } + + if doc.Packages != nil { + renderPackage2_2(doc, buf) + } + + if doc.Relationships != nil { + rels, _ := renderRelationships2_2(doc.Relationships) + relsjson, _ := json.Marshal(rels) + fmt.Fprintf(buf, "\"%s\": %s ,", "relationships", relsjson) } - describesjson, _ := json.Marshal(describesID) - fmt.Fprintf(buf, "\"%s\": %s,", "documentDescribes", describesjson) // parsing ends buf.WriteRune('}') diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go new file mode 100644 index 00000000..7d681ba3 --- /dev/null +++ b/jsonsaver/saver2v2/save_package.go @@ -0,0 +1,145 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func renderPackage2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { + + var packages []interface{} + for k, v := range doc.Packages { + pkg := make(map[string]interface{}) + pkg["SPDXID"] = spdx.RenderElementID(k) + ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.PackageSPDXIdentifier))) + if ann != nil { + pkg["annotations"] = ann + } + if v.PackageAttributionTexts != nil { + pkg["attributionTexts"] = v.PackageAttributionTexts + } + // parse package checksums + if v.PackageChecksums != nil { + var checksums []interface{} + for _, value := range v.PackageChecksums { + checksum := make(map[string]interface{}) + checksum["algorithm"] = value.Algorithm + checksum["checksumValue"] = value.Value + checksums = append(checksums, checksum) + } + pkg["checksums"] = checksums + } + if v.PackageCopyrightText != "" { + pkg["copyrightText"] = v.PackageCopyrightText + } + if v.PackageDescription != "" { + pkg["description"] = v.PackageDescription + } + if v.PackageDownloadLocation != "" { + pkg["downloadLocation"] = v.PackageDownloadLocation + } + + //parse document external refereneces + if v.PackageExternalReferences != nil { + var externalrefs []interface{} + for _, value := range v.PackageExternalReferences { + ref := make(map[string]interface{}) + ref["referenceCategory"] = value.Category + ref["referenceLocator"] = value.Locator + ref["referenceType"] = value.RefType + if value.ExternalRefComment != "" { + ref["comment"] = value.ExternalRefComment + } + externalrefs = append(externalrefs, ref) + } + pkg["externalRefs"] = externalrefs + } + + pkg["filesAnalyzed"] = v.FilesAnalyzed + + // parse package hass files + if v.Files != nil { + var fileIds []string + for k := range v.Files { + fileIds = append(fileIds, spdx.RenderElementID(k)) + } + pkg["hasFiles"] = fileIds + } + + if v.PackageHomePage != "" { + pkg["homepage"] = v.PackageHomePage + } + if v.PackageLicenseComments != "" { + pkg["licenseComments"] = v.PackageLicenseComments + } + if v.PackageLicenseConcluded != "" { + pkg["licenseConcluded"] = v.PackageLicenseConcluded + } + if v.PackageLicenseDeclared != "" { + pkg["licenseDeclared"] = v.PackageLicenseDeclared + } + if v.PackageLicenseInfoFromFiles != nil { + pkg["licenseInfoFromFiles"] = v.PackageLicenseInfoFromFiles + } + if v.PackageName != "" { + pkg["name"] = v.PackageName + } + if v.PackageSourceInfo != "" { + pkg["sourceInfo"] = v.PackageSourceInfo + } + if v.PackageSummary != "" { + pkg["summary"] = v.PackageSummary + } + if v.PackageVersion != "" { + pkg["versionInfo"] = v.PackageVersion + } + if v.PackageFileName != "" { + pkg["packageFileName"] = v.PackageFileName + } + + //parse package originator + var originator []string + if v.PackageOriginatorPerson != "" { + originator = append(originator, fmt.Sprintf("Person: %s", v.PackageOriginatorPerson)) + } + if v.PackageOriginatorOrganization != "" { + originator = append(originator, fmt.Sprintf("Organization: %s", v.PackageOriginatorOrganization)) + } + if v.PackageOriginatorNOASSERTION { + originator = append(originator, "NOASSERTION") + } + if originator != nil { + pkg["originator"] = originator + } + + //parse package verification code + if v.PackageVerificationCode != "" { + verification := make(map[string]interface{}) + verification["packageVerificationCodeExcludedFiles"] = []string{v.PackageVerificationCodeExcludedFile} + verification["packageVerificationCodeValue"] = v.PackageVerificationCode + pkg["packageVerificationCode"] = verification + } + + //parse package supplier + if v.PackageSupplierPerson != "" { + pkg["supplier"] = fmt.Sprintf("Person: %s", v.PackageSupplierPerson) + } + if v.PackageSupplierOrganization != "" { + pkg["supplier"] = fmt.Sprintf("Organization: %s", v.PackageSupplierOrganization) + } + if v.PackageSupplierNOASSERTION { + pkg["supplier"] = "NOASSERTION" + } + + packages = append(packages, pkg) + } + packagejson, _ := json.Marshal(packages) + fmt.Fprintf(buf, "\"%s\": %s ,", "packages", packagejson) + + return nil +} diff --git a/jsonsaver/saver2v2/save_relationships.go b/jsonsaver/saver2v2/save_relationships.go new file mode 100644 index 00000000..2eef8755 --- /dev/null +++ b/jsonsaver/saver2v2/save_relationships.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "github.com/spdx/tools-golang/spdx" +) + +func renderRelationships2_2(relationships []*spdx.Relationship2_2) ([]interface{}, error) { + + var rels []interface{} + for _, v := range relationships { + rel := make(map[string]interface{}) + rel["spdxElementId"] = spdx.RenderDocElementID(v.RefA) + rel["relatedSpdxElement"] = spdx.RenderDocElementID(v.RefB) + rel["relationshipType"] = v.Relationship + if v.RelationshipComment != "" { + rel["comment"] = v.RelationshipComment + } + rels = append(rels, rel) + } + return rels, nil +} From 9922fe77307e1709a8d9111fc85d8446a32a5240 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sun, 11 Jul 2021 00:03:21 +0530 Subject: [PATCH 06/31] Jsonsaver : save files from spdx strict to json - parsed files information from struct to json - unckaged files spdx map altered (find a fix around it ) Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 10 ++++ jsonsaver/saver2v2/save_files.go | 78 +++++++++++++++++++++++++++++ jsonsaver/saver2v2/save_package.go | 3 +- jsonsaver/saver2v2/save_snippets.go | 78 +++++++++++++++++++++++++++++ 4 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 jsonsaver/saver2v2/save_files.go create mode 100644 jsonsaver/saver2v2/save_snippets.go diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index aba21011..17465338 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -27,20 +27,24 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } renderCreationInfo2_2(doc.CreationInfo, buf) + // parse otherlicenses from sodx struct to json if doc.OtherLicenses != nil { renderOtherLicenses2_2(doc.OtherLicenses, buf) } + // parse document level annotations if doc.Annotations != nil { ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) annotationjson, _ := json.Marshal(ann) fmt.Fprintf(buf, "\"%s\": %s ,", "annotations", annotationjson) } + // parse document namespace if doc.CreationInfo.DocumentNamespace != "" { fmt.Fprintf(buf, "\"%s\": \"%s\",", "documentNamespace", doc.CreationInfo.DocumentNamespace) } + // parse document describes describes, _ := spdxlib.GetDescribedPackageIDs2_2(doc) if describes != nil { var describesID []string @@ -51,10 +55,16 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { fmt.Fprintf(buf, "\"%s\": %s,", "documentDescribes", describesjson) } + // parse packages from spdx to json if doc.Packages != nil { renderPackage2_2(doc, buf) } + // parse files from spdx to json + if doc.UnpackagedFiles != nil { + renderfiles2_2(doc, buf) + } + // parse relationships from spdx to json if doc.Relationships != nil { rels, _ := renderRelationships2_2(doc.Relationships) relsjson, _ := json.Marshal(rels) diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go new file mode 100644 index 00000000..50144866 --- /dev/null +++ b/jsonsaver/saver2v2/save_files.go @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func renderfiles2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { + + var files []interface{} + for k, v := range doc.UnpackagedFiles { + file := make(map[string]interface{}) + file["SPDXID"] = spdx.RenderElementID(k) + ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) + if ann != nil { + file["annotations"] = ann + } + if v.FileContributor != nil { + file["attributionTexts"] = v.FileContributor + } + if v.FileComment != "" { + file["comment"] = v.FileComment + } + + // parse package checksums + if v.FileChecksums != nil { + var checksums []interface{} + for _, value := range v.FileChecksums { + checksum := make(map[string]interface{}) + checksum["algorithm"] = value.Algorithm + checksum["checksumValue"] = value.Value + checksums = append(checksums, checksum) + } + file["checksums"] = checksums + } + if v.FileCopyrightText != "" { + file["copyrightText"] = v.FileCopyrightText + } + if v.FileName != "" { + file["fileName"] = v.FileName + } + if v.FileType != nil { + file["fileTypes"] = v.FileType + } + if v.LicenseComments != "" { + file["licenseComments"] = v.LicenseComments + } + if v.LicenseConcluded != "" { + file["licenseConcluded"] = v.LicenseConcluded + } + if v.LicenseInfoInFile != nil { + file["licenseInfoFromFiles"] = v.LicenseInfoInFile + } + if v.FileNotice != "" { + file["name"] = v.FileNotice + } + if v.FileContributor != nil { + file["fileContributors"] = v.FileContributor + } + if v.FileDependencies != nil { + file["fileDependencies"] = v.FileDependencies + } + if v.FileAttributionTexts != nil { + file["attributionTexts"] = v.FileAttributionTexts + } + + files = append(files, file) + } + filesjson, _ := json.Marshal(files) + fmt.Fprintf(buf, "\"%s\": %s ,", "files", filesjson) + + return nil +} diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index 7d681ba3..0d8a5010 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -65,7 +65,8 @@ func renderPackage2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { // parse package hass files if v.Files != nil { var fileIds []string - for k := range v.Files { + for k, v := range v.Files { + doc.UnpackagedFiles[k] = v fileIds = append(fileIds, spdx.RenderElementID(k)) } pkg["hasFiles"] = fileIds diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go new file mode 100644 index 00000000..fc011b1e --- /dev/null +++ b/jsonsaver/saver2v2/save_snippets.go @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func rendersnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { + + var snippets []interface{} + for k, v := range doc.UnpackagedFiles { + snippet := make(map[string]interface{}) + snippet["SPDXID"] = spdx.RenderElementID(k) + ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) + if ann != nil { + snippet["annotations"] = ann + } + if v.FileContributor != nil { + snippet["attributionTexts"] = v.FileContributor + } + if v.FileComment != "" { + snippet["comment"] = v.FileComment + } + + // parse package checksums + if v.FileChecksums != nil { + var checksums []interface{} + for _, value := range v.FileChecksums { + checksum := make(map[string]interface{}) + checksum["algorithm"] = value.Algorithm + checksum["checksumValue"] = value.Value + checksums = append(checksums, checksum) + } + snippet["checksums"] = checksums + } + if v.FileCopyrightText != "" { + snippet["copyrightText"] = v.FileCopyrightText + } + if v.FileName != "" { + snippet["fileName"] = v.FileName + } + if v.FileType != nil { + snippet["fileTypes"] = v.FileType + } + if v.LicenseComments != "" { + snippet["licenseComments"] = v.LicenseComments + } + if v.LicenseConcluded != "" { + snippet["licenseConcluded"] = v.LicenseConcluded + } + if v.LicenseInfoInFile != nil { + snippet["licenseInfoFromFiles"] = v.LicenseInfoInFile + } + if v.FileNotice != "" { + snippet["name"] = v.FileNotice + } + if v.FileContributor != nil { + snippet["fileContributors"] = v.FileContributor + } + if v.FileDependencies != nil { + snippet["fileDependencies"] = v.FileDependencies + } + if v.FileAttributionTexts != nil { + snippet["attributionTexts"] = v.FileAttributionTexts + } + + snippets = append(snippets, snippet) + } + snippetjson, _ := json.Marshal(snippets) + fmt.Fprintf(buf, "\"%s\": %s ,", "snippets", snippetjson) + + return nil +} From 91fb84978364dae5a355c11185dc5cecc0f3370a Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sun, 11 Jul 2021 02:51:01 +0530 Subject: [PATCH 07/31] jsonsaver : Save snippets from spdx struct to json - save snippets information from spdx struct to json - unit tests for render function pending Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 1 + jsonsaver/saver2v2/save_files.go | 2 +- jsonsaver/saver2v2/save_snippets.go | 107 ++++++++++++++-------------- 3 files changed, 54 insertions(+), 56 deletions(-) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 17465338..3519b529 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -62,6 +62,7 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { // parse files from spdx to json if doc.UnpackagedFiles != nil { renderfiles2_2(doc, buf) + renderSnippets2_2(doc, buf) } // parse relationships from spdx to json diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index 50144866..f28b2ea3 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -57,7 +57,7 @@ func renderfiles2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { file["licenseInfoFromFiles"] = v.LicenseInfoInFile } if v.FileNotice != "" { - file["name"] = v.FileNotice + file["noticeText"] = v.FileNotice } if v.FileContributor != nil { file["fileContributors"] = v.FileContributor diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index fc011b1e..294ada88 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -10,69 +10,66 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func rendersnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { +func renderSnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { var snippets []interface{} - for k, v := range doc.UnpackagedFiles { + for _, value := range doc.UnpackagedFiles { snippet := make(map[string]interface{}) - snippet["SPDXID"] = spdx.RenderElementID(k) - ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) - if ann != nil { - snippet["annotations"] = ann - } - if v.FileContributor != nil { - snippet["attributionTexts"] = v.FileContributor - } - if v.FileComment != "" { - snippet["comment"] = v.FileComment - } + for _, v := range value.Snippets { + snippet["SPDXID"] = spdx.RenderElementID(v.SnippetSPDXIdentifier) + if v.SnippetComment != "" { + snippet["comment"] = v.SnippetComment + } + if v.SnippetCopyrightText != "" { + snippet["copyrightText"] = v.SnippetCopyrightText + } + if v.SnippetLicenseComments != "" { + snippet["licenseComments"] = v.SnippetLicenseComments + } + if v.SnippetLicenseConcluded != "" { + snippet["licenseConcluded"] = v.SnippetLicenseConcluded + } + if v.LicenseInfoInSnippet != nil { + snippet["licenseInfoFromFiles"] = v.LicenseInfoInSnippet + } + if v.SnippetName != "" { + snippet["name"] = v.SnippetName + } + if v.SnippetName != "" { + snippet["snippetFromFile"] = spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier) + } + if v.SnippetAttributionTexts != nil { + snippet["attributionTexts"] = v.SnippetAttributionTexts + } - // parse package checksums - if v.FileChecksums != nil { - var checksums []interface{} - for _, value := range v.FileChecksums { - checksum := make(map[string]interface{}) - checksum["algorithm"] = value.Algorithm - checksum["checksumValue"] = value.Value - checksums = append(checksums, checksum) + // parse package checksums + var ranges []interface{} + byterange := map[string]interface{}{ + "endPointer": map[string]interface{}{ + "offset": v.SnippetByteRangeEnd, + "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), + }, + "startPointer": map[string]interface{}{ + "offset": v.SnippetByteRangeStart, + "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), + }, } - snippet["checksums"] = checksums - } - if v.FileCopyrightText != "" { - snippet["copyrightText"] = v.FileCopyrightText - } - if v.FileName != "" { - snippet["fileName"] = v.FileName - } - if v.FileType != nil { - snippet["fileTypes"] = v.FileType - } - if v.LicenseComments != "" { - snippet["licenseComments"] = v.LicenseComments - } - if v.LicenseConcluded != "" { - snippet["licenseConcluded"] = v.LicenseConcluded - } - if v.LicenseInfoInFile != nil { - snippet["licenseInfoFromFiles"] = v.LicenseInfoInFile - } - if v.FileNotice != "" { - snippet["name"] = v.FileNotice - } - if v.FileContributor != nil { - snippet["fileContributors"] = v.FileContributor - } - if v.FileDependencies != nil { - snippet["fileDependencies"] = v.FileDependencies - } - if v.FileAttributionTexts != nil { - snippet["attributionTexts"] = v.FileAttributionTexts + linerange := map[string]interface{}{ + "endPointer": map[string]interface{}{ + "lineNumber": v.SnippetLineRangeEnd, + "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), + }, + "startPointer": map[string]interface{}{ + "lineNumber": v.SnippetLineRangeStart, + "reference": spdx.RenderDocElementID(v.SnippetFromFileSPDXIdentifier), + }, + } + ranges = append(ranges, byterange, linerange) + snippet["ranges"] = ranges + snippets = append(snippets, snippet) } - - snippets = append(snippets, snippet) } snippetjson, _ := json.Marshal(snippets) fmt.Fprintf(buf, "\"%s\": %s ,", "snippets", snippetjson) - return nil } From 625fa97cb67e51433fdb1efde62e5075bb6b79c3 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sun, 11 Jul 2021 03:03:03 +0530 Subject: [PATCH 08/31] jsonsaver : Parse Reviews from spdx struct to json Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 15 ++++++++++----- jsonsaver/saver2v2/save_reviews.go | 29 +++++++++++++++++++++++++++++ jsonsaver/saver2v2/save_snippets.go | 2 +- 3 files changed, 40 insertions(+), 6 deletions(-) create mode 100644 jsonsaver/saver2v2/save_reviews.go diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 3519b529..afe52fe5 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -8,7 +8,6 @@ import ( "bytes" "encoding/json" "fmt" - "log" "github.com/spdx/tools-golang/spdx" "github.com/spdx/tools-golang/spdxlib" @@ -59,12 +58,18 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { if doc.Packages != nil { renderPackage2_2(doc, buf) } - // parse files from spdx to json + + // parse files and snippets from spdx to json if doc.UnpackagedFiles != nil { renderfiles2_2(doc, buf) renderSnippets2_2(doc, buf) } + // parse reviews from spdx to json + if doc.Reviews != nil { + renderReviews2_2(doc.Reviews, buf) + } + // parse relationships from spdx to json if doc.Relationships != nil { rels, _ := renderRelationships2_2(doc.Relationships) @@ -83,8 +88,8 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { if err != nil { return err } - str := newbuf.String() - logger := log.Default() - logger.Fatal(str) + // str := newbuf.String() + // logger := log.Default() + // logger.Fatal(str) return nil } diff --git a/jsonsaver/saver2v2/save_reviews.go b/jsonsaver/saver2v2/save_reviews.go new file mode 100644 index 00000000..8ec55410 --- /dev/null +++ b/jsonsaver/saver2v2/save_reviews.go @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "bytes" + "encoding/json" + "fmt" + + "github.com/spdx/tools-golang/spdx" +) + +func renderReviews2_2(reviews []*spdx.Review2_2, buf *bytes.Buffer) error { + + var review []interface{} + for _, v := range reviews { + rev := make(map[string]interface{}) + rev["reviewDate"] = v.ReviewDate + rev["reviewer"] = fmt.Sprintf("%s: %s", v.ReviewerType, v.Reviewer) + if v.ReviewComment != "" { + rev["comment"] = v.ReviewComment + } + review = append(review, rev) + } + reviewjson, _ := json.Marshal(review) + fmt.Fprintf(buf, "\"%s\": %s ,", "revieweds", reviewjson) + + return nil +} diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index 294ada88..dd8a4610 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -42,7 +42,7 @@ func renderSnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { snippet["attributionTexts"] = v.SnippetAttributionTexts } - // parse package checksums + // parse snippet ranges var ranges []interface{} byterange := map[string]interface{}{ "endPointer": map[string]interface{}{ From f14c07d34beced9d4a7b00d69fdb213d0bbe62d4 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Wed, 14 Jul 2021 23:25:27 +0530 Subject: [PATCH 09/31] JsonSaver : Write bytes to io.Writer while saving json - Write bytes from bytes.buffer to io.Writer while parsing json Signed-off-by: Ujjwal Agarwal --- jsonsaver/jsonsaver.go | 7 ++++++- jsonsaver/saver2v2/save_document.go | 14 ++++++-------- jsonsaver/saver2v2/save_document_test.go | 2 +- jsonsaver/saver2v2/save_relationships.go | 8 +++++++- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/jsonsaver/jsonsaver.go b/jsonsaver/jsonsaver.go index ee14987b..35898ad5 100644 --- a/jsonsaver/jsonsaver.go +++ b/jsonsaver/jsonsaver.go @@ -14,5 +14,10 @@ import ( func Save2_2(doc *spdx.Document2_2, w io.Writer) error { var b []byte buf := bytes.NewBuffer(b) - return saver2v2.RenderDocument2_2(doc, buf) + result, err := saver2v2.RenderDocument2_2(doc, buf) + if err != nil { + return err + } + w.Write(result.Bytes()) + return nil } diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index afe52fe5..fddd4acd 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -17,12 +17,12 @@ import ( // Document (version 2.2), and render it to the received *bytes.Buffer. // It is only exported in order to be available to the jsonsaver package, // and typically does not need to be called by client code. -func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { +func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) (*bytes.Buffer, error) { fmt.Fprintln(buf, "{") // start to parse the creationInfo if doc.CreationInfo == nil { - return fmt.Errorf("document had nil CreationInfo section") + return nil, fmt.Errorf("document had nil CreationInfo section") } renderCreationInfo2_2(doc.CreationInfo, buf) @@ -72,24 +72,22 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { // parse relationships from spdx to json if doc.Relationships != nil { - rels, _ := renderRelationships2_2(doc.Relationships) - relsjson, _ := json.Marshal(rels) - fmt.Fprintf(buf, "\"%s\": %s ,", "relationships", relsjson) + renderRelationships2_2(doc.Relationships, buf) } // parsing ends buf.WriteRune('}') // remove the pattern ",}" from the json final := bytes.ReplaceAll(buf.Bytes(), []byte(",}"), []byte("}")) - // indent the json + // indent the json properly var b []byte newbuf := bytes.NewBuffer(b) err := json.Indent(newbuf, final, "", "\t") if err != nil { - return err + return nil, err } // str := newbuf.String() // logger := log.Default() // logger.Fatal(str) - return nil + return newbuf, nil } diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 4d228d04..1075d757 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -366,7 +366,7 @@ func TestRenderDocument2_2(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { + if _, err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { t.Errorf("RenderDocument2_2() error = %v, wantErr %v", err, tt.wantErr) } }) diff --git a/jsonsaver/saver2v2/save_relationships.go b/jsonsaver/saver2v2/save_relationships.go index 2eef8755..742a181f 100644 --- a/jsonsaver/saver2v2/save_relationships.go +++ b/jsonsaver/saver2v2/save_relationships.go @@ -3,10 +3,14 @@ package saver2v2 import ( + "bytes" + "encoding/json" + "fmt" + "github.com/spdx/tools-golang/spdx" ) -func renderRelationships2_2(relationships []*spdx.Relationship2_2) ([]interface{}, error) { +func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Buffer) ([]interface{}, error) { var rels []interface{} for _, v := range relationships { @@ -19,5 +23,7 @@ func renderRelationships2_2(relationships []*spdx.Relationship2_2) ([]interface{ } rels = append(rels, rel) } + relsjson, _ := json.Marshal(rels) + fmt.Fprintf(buf, "\"%s\": %s ,", "relationships", relsjson) return rels, nil } From cab3ae19c4edf5da9e22d205107fda1dba32b27d Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Thu, 15 Jul 2021 10:45:59 +0530 Subject: [PATCH 10/31] Jsonsaver : Fix tag names fro reverse compatibility - Parse a jsonsaved file using jsonloader and fixx the bugs discovered Signed-off-by: Ujjwal Agarwal --- examples/8-jsonloader/result.txt | 346 +++++++++++++++++++ examples/9-jsonsaver/exampletvtojson.go | 68 ++++ examples/9-jsonsaver/sample.json | 417 +++++++++++++++++++++++ jsonloader/parser2v2/parse_snippets.go | 2 +- jsonsaver/saver2v2/save_creation_info.go | 2 +- jsonsaver/saver2v2/save_files.go | 2 +- jsonsaver/saver2v2/save_package.go | 10 +- jsonsaver/saver2v2/save_snippets.go | 2 +- 8 files changed, 838 insertions(+), 11 deletions(-) create mode 100644 examples/8-jsonloader/result.txt create mode 100644 examples/9-jsonsaver/exampletvtojson.go create mode 100644 examples/9-jsonsaver/sample.json diff --git a/examples/8-jsonloader/result.txt b/examples/8-jsonloader/result.txt new file mode 100644 index 00000000..7909ccf2 --- /dev/null +++ b/examples/8-jsonloader/result.txt @@ -0,0 +1,346 @@ +SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: SPDX-Tools-v2.0 +DocumentNamespace: http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 +ExternalDocumentRef: DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759 +LicenseListVersion: 3.9 +Creator: Person: Jane Doe +Creator: Organization: ExampleCodeInspect +Creator: Tool: LicenseFind-1.0 +Created: 2010-01-29T18:30:22Z +CreatorComment: This package has been shipped in source and binary form. +The binaries were created with gcc 4.5.1 and expect to link to +compatible system run time libraries. +DocumentComment: This document was created using SPDX 2.0 using licenses from the web site. + +##### Unpackaged files + +FileName: ./package/foo.c +SPDXID: SPDXRef-File +FileType: SOURCE +FileChecksum: SHA1: d6a770ba38583ed4bb4525bd96e50461655d2758 +FileChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +LicenseConcluded: (LGPL-2.0-only OR LicenseRef-2) +LicenseInfoInFile: GPL-2.0-only +LicenseInfoInFile: LicenseRef-2 +LicenseComments: The concluded license was taken from the package level that the file was included in. +FileCopyrightText: Copyright 2008-2010 John Smith +FileComment: The concluded license was taken from the package level that the file was included in. +This information was found in the COPYING.txt file in the xyz directory. +FileNotice: Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +FileContributor: The Regents of the University of California +FileContributor: Modified by Paul Mundt lethal@linux-sh.org +FileContributor: IBM Corporation +FileAttributionText: The Regents of the University of California +FileAttributionText: Modified by Paul Mundt lethal@linux-sh.org +FileAttributionText: IBM Corporation + +##### Package: glibc + +PackageName: glibc +SPDXID: SPDXRef-Package +PackageVersion: 2.11.1 +PackageFileName: glibc-2.11.1.tar.gz +PackageSupplier: Person: Jane Doe (jane.doe@example.com) +PackageOriginator: Organization: ExampleCodeInspect (contact@example.com) +PackageDownloadLocation: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz +FilesAnalyzed: true +PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx) +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd +PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 +PackageHomePage: http://ftp.gnu.org/gnu/glibc +PackageSourceInfo: uses glibc-2_11-branch from git://sourceware.org/git/glibc.git. +PackageLicenseConcluded: (LGPL-2.0-only OR LicenseRef-3) +PackageLicenseInfoFromFiles: GPL-2.0-only +PackageLicenseInfoFromFiles: LicenseRef-2 +PackageLicenseInfoFromFiles: LicenseRef-1 +PackageLicenseDeclared: (LGPL-2.0-only AND LicenseRef-3) +PackageLicenseComments: The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change. +PackageCopyrightText: Copyright 2008-2010 John Smith +PackageSummary: GNU C library. +PackageDescription: The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems. +ExternalRef: SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:* +ExternalRef: OTHER http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge acmecorp/acmenator/4.1.3-alpha +ExternalRefComment: This is the external ref for Acme +PackageAttributionText: The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually. + +FileName: ./lib-source/commons-lang3-3.1-sources.jar +SPDXID: SPDXRef-CommonsLangSrc +FileType: ARCHIVE +FileChecksum: SHA1: c2b4e1c67a2d28fced849ee1bb76e7391b93f125 +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright 2001-2011 The Apache Software Foundation +FileComment: This file is used by Jena +FileNotice: Apache Commons Lang +Copyright 2001-2011 The Apache Software Foundation + +This product includes software developed by +The Apache Software Foundation (http://www.apache.org/). + +This product includes software from the Spring Framework, +under the Apache License 2.0 (see: StringUtils.containsWhitespace()) +FileContributor: Apache Software Foundation +FileAttributionText: Apache Software Foundation + +FileName: ./src/org/spdx/parser/DOAPProject.java +SPDXID: SPDXRef-DoapSource +FileType: SOURCE +FileChecksum: SHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 +LicenseConcluded: Apache-2.0 +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: Copyright 2010, 2011 Source Auditor Inc. +FileContributor: Protecode Inc. +FileContributor: SPDX Technical Team Members +FileContributor: Open Logic Inc. +FileContributor: Source Auditor Inc. +FileContributor: Black Duck Software In.c +FileAttributionText: Protecode Inc. +FileAttributionText: SPDX Technical Team Members +FileAttributionText: Open Logic Inc. +FileAttributionText: Source Auditor Inc. +FileAttributionText: Black Duck Software In.c + +SnippetSPDXIdentifier: SPDXRef-Snippet +SnippetFromFileSPDXID: SPDXRef-DoapSource +SnippetByteRange: 310:420 +SnippetLineRange: 5:23 +SnippetLicenseConcluded: GPL-2.0-only +LicenseInfoInSnippet: GPL-2.0-only +SnippetLicenseComments: The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz. +SnippetCopyrightText: Copyright 2008-2010 John Smith +SnippetComment: This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0. +SnippetName: from linux kernel + +FileName: ./lib-source/jena-2.6.3-sources.jar +SPDXID: SPDXRef-JenaLib +FileType: ARCHIVE +FileChecksum: SHA1: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 +LicenseConcluded: LicenseRef-1 +LicenseInfoInFile: LicenseRef-1 +LicenseComments: This license is used by Jena +FileCopyrightText: (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP +FileComment: This file belongs to Jena +FileContributor: Apache Software Foundation +FileContributor: Hewlett Packard Inc. +FileAttributionText: Apache Software Foundation +FileAttributionText: Hewlett Packard Inc. + +##### Package: Saxon + +PackageName: Saxon +SPDXID: SPDXRef-Saxon +PackageVersion: 8.8 +PackageFileName: saxonB-8.8.zip +PackageDownloadLocation: https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download +FilesAnalyzed: false +PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c +PackageHomePage: http://saxon.sourceforge.net/ +PackageLicenseConcluded: MPL-1.0 +PackageLicenseDeclared: MPL-1.0 +PackageLicenseComments: Other versions available for a commercial license +PackageCopyrightText: Copyright Saxonica Ltd +PackageDescription: The Saxon package is a collection of tools for processing XML documents. + +##### Package: Jena + +PackageName: Jena +SPDXID: SPDXRef-fromDoap-0 +PackageVersion: 3.12.0 +PackageDownloadLocation: https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz +FilesAnalyzed: false +PackageHomePage: http://www.openjena.org/ +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:maven/org.apache.jena/apache-jena@3.12.0 + +##### Package: Apache Commons Lang + +PackageName: Apache Commons Lang +SPDXID: SPDXRef-fromDoap-1 +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageHomePage: http://commons.apache.org/proper/commons-lang/ +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION + +##### Other Licenses + +LicenseID: LicenseRef-1 +ExtractedText: /* + * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +LicenseID: LicenseRef-2 +ExtractedText: This package includes the GRDDL parser developed by Hewlett Packard under the following license: +� Copyright 2007 Hewlett-Packard Development Company, LP + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +LicenseID: LicenseRef-4 +ExtractedText: /* + * (c) Copyright 2009 University of Bristol + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +LicenseID: LicenseRef-Beerware-4.2 +ExtractedText: "THE BEER-WARE LICENSE" (Revision 42): +phk@FreeBSD.ORG wrote this file. As long as you retain this notice you +can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp + +LicenseID: LicenseRef-3 +ExtractedText: The CyberNeko Software License, Version 1.0 + + +(C) Copyright 2002-2005, Andy Clark. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. The end-user documentation included with the redistribution, + if any, must include the following acknowledgment: + "This product includes software developed by Andy Clark." + Alternately, this acknowledgment may appear in the software itself, + if and wherever such third-party acknowledgments normally appear. + +4. The names "CyberNeko" and "NekoHTML" must not be used to endorse + or promote products derived from this software without prior + written permission. For written permission, please contact + andyc@cyberneko.net. + +5. Products derived from this software may not be called "CyberNeko", + nor may "CyberNeko" appear in their name, without prior written + permission of the author. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +LicenseName: CyberNeko License +LicenseCrossReference: http://people.apache.org/~andyc/neko/LICENSE +LicenseCrossReference: http://justasample.url.com +LicenseComment: This is tye CyperNeko License + +##### Relationships + +Relationship: SPDXRef-DOCUMENT CONTAINS SPDXRef-Package +Relationship: SPDXRef-DOCUMENT COPY_OF DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package +Relationship: SPDXRef-Package CONTAINS SPDXRef-JenaLib +Relationship: SPDXRef-Package DYNAMIC_LINK SPDXRef-Saxon +Relationship: SPDXRef-CommonsLangSrc GENERATED_FROM NOASSERTION +Relationship: SPDXRef-JenaLib CONTAINS SPDXRef-Package +Relationship: SPDXRef-File GENERATED_FROM SPDXRef-fromDoap-0 + +##### Annotations + +Annotator: Person: File Commenter +AnnotationDate: 2011-01-29T18:30:22Z +AnnotationType: OTHER +SPDXREF: SPDXRef-File +AnnotationComment: File level annotation + +Annotator: Person: Package Commenter +AnnotationDate: 2011-01-29T18:30:22Z +AnnotationType: OTHER +SPDXREF: SPDXRef-Package +AnnotationComment: Package level annotation + +Annotator: Person: Jane Doe () +AnnotationDate: 2010-01-29T18:30:22Z +AnnotationType: OTHER +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: Document level annotation + +Annotator: Person: Joe Reviewer +AnnotationDate: 2010-02-10T00:00:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses + +Annotator: Person: Suzanne Reviewer +AnnotationDate: 2011-03-13T00:00:00Z +AnnotationType: REVIEW +SPDXREF: SPDXRef-DOCUMENT +AnnotationComment: Another example reviewer. + diff --git a/examples/9-jsonsaver/exampletvtojson.go b/examples/9-jsonsaver/exampletvtojson.go new file mode 100644 index 00000000..79816c18 --- /dev/null +++ b/examples/9-jsonsaver/exampletvtojson.go @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +// Example for: *tvloader*, *tvsaver* + +// This example demonstrates loading an SPDX tag-value file from disk into memory, +// and re-saving it to a different file on disk. + +package main + +import ( + "fmt" + "os" + + "github.com/spdx/tools-golang/jsonloader" + "github.com/spdx/tools-golang/jsonsaver" +) + +func main() { + + // check that we've received the right number of arguments + args := os.Args + if len(args) != 3 { + fmt.Printf("Usage: %v \n", args[0]) + fmt.Printf(" Load SPDX 2.2 tag-value file , and\n") + fmt.Printf(" save it out to .\n") + return + } + + // open the SPDX file + fileIn := args[1] + r, err := os.Open(fileIn) + if err != nil { + fmt.Printf("Error while opening %v for reading: %v", fileIn, err) + return + } + defer r.Close() + + // try to load the SPDX file's contents as a tag-value file, version 2.2 + doc, err := jsonloader.Load2_2(r) + if err != nil { + fmt.Printf("Error while parsing %v: %v", args[1], err) + return + } + + // if we got here, the file is now loaded into memory. + fmt.Printf("Successfully loaded %s\n", args[1]) + + // we can now save it back to disk, using tvsaver. + + // create a new file for writing + fileOut := args[2] + w, err := os.Create(fileOut) + if err != nil { + fmt.Printf("Error while opening %v for writing: %v", fileOut, err) + return + } + defer w.Close() + + // try to save the document to disk as an SPDX tag-value file, version 2.2 + err = jsonsaver.Save2_2(doc, w) + if err != nil { + fmt.Printf("Error while saving %v: %v", fileOut, err) + return + } + + // it worked + fmt.Printf("Successfully saved %s\n", fileOut) +} diff --git a/examples/9-jsonsaver/sample.json b/examples/9-jsonsaver/sample.json new file mode 100644 index 00000000..b02dc5b0 --- /dev/null +++ b/examples/9-jsonsaver/sample.json @@ -0,0 +1,417 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "spdxVersion": "SPDX-2.2", + "creationInfo": { + "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created": "2010-01-29T18:30:22Z", + "creators": [ + "Person: Jane Doe", + "Organization: ExampleCodeInspect", + "Tool: LicenseFind-1.0" + ], + "licenseListVersion": "3.9" + }, + "name": "SPDX-Tools-v2.0", + "dataLicense": "CC0-1.0", + "comment": "This document was created using SPDX 2.0 using licenses from the web site.", + "externalDocumentRefs": [ + { + "checksum": { + "algorithm": "SHA1", + "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759" + }, + "externalDocumentId": "DocumentRef-spdx-tool-1.2", + "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + } + ], + "hasExtractedLicensingInfos": [ + { + "extractedText": "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", + "licenseId": "LicenseRef-1" + }, + { + "extractedText": "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + "licenseId": "LicenseRef-2" + }, + { + "extractedText": "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", + "licenseId": "LicenseRef-4" + }, + { + "extractedText": "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp \u003c/\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", + "licenseId": "LicenseRef-Beerware-4.2" + }, + { + "comment": "This is tye CyperNeko License", + "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + "licenseId": "LicenseRef-3", + "name": "CyberNeko License", + "seeAlsos": [ + "http://people.apache.org/~andyc/neko/LICENSE", + "http://justasample.url.com" + ] + } + ], + "annotations": [ + { + "annotationDate": "2010-01-29T18:30:22Z", + "annotationType": "OTHER", + "annotator": "Person: Jane Doe ()", + "comment": "Document level annotation" + }, + { + "annotationDate": "2010-02-10T00:00:00Z", + "annotationType": "REVIEW", + "annotator": "Person: Joe Reviewer", + "comment": "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" + }, + { + "annotationDate": "2011-03-13T00:00:00Z", + "annotationType": "REVIEW", + "annotator": "Person: Suzanne Reviewer", + "comment": "Another example reviewer." + } + ], + "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "documentDescribes": [ + "SPDXRef-File", + "SPDXRef-Package" + ], + "packages": [ + { + "SPDXID": "SPDXRef-Package", + "annotations": [ + { + "annotationDate": "2011-01-29T18:30:22Z", + "annotationType": "OTHER", + "annotator": "Person: Package Commenter", + "comment": "Package level annotation" + } + ], + "attributionTexts": [ + "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + ], + "checksums": [ + { + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "algorithm": "SHA1", + "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "algorithm": "SHA256", + "checksumValue": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "copyrightText": "Copyright 2008-2010 John Smith", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "comment": "This is the external ref for Acme", + "referenceCategory": "OTHER", + "referenceLocator": "acmecorp/acmenator/4.1.3-alpha", + "referenceType": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" + } + ], + "filesAnalyzed": true, + "hasFiles": [ + "SPDXRef-DoapSource", + "SPDXRef-CommonsLangSrc", + "SPDXRef-JenaLib" + ], + "homepage": "http://ftp.gnu.org/gnu/glibc", + "licenseComments": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", + "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-3)", + "licenseDeclared": "(LGPL-2.0-only AND LicenseRef-3)", + "licenseInfoFromFiles": [ + "GPL-2.0-only", + "LicenseRef-2", + "LicenseRef-1" + ], + "name": "glibc", + "originator": "Organization: ExampleCodeInspect (contact@example.com)", + "packageFileName": "glibc-2.11.1.tar.gz", + "packageVerificationCode": { + "packageVerificationCodeExcludedFiles": [ + "./package.spdx" + ], + "packageVerificationCodeValue": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", + "summary": "GNU C library.", + "supplier": "Person: Jane Doe (jane.doe@example.com)", + "versionInfo": "2.11.1" + }, + { + "SPDXID": "SPDXRef-fromDoap-1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "homepage": "http://commons.apache.org/proper/commons-lang/", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "Apache Commons Lang" + }, + { + "SPDXID": "SPDXRef-fromDoap-0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", + "externalRefs": [ + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:maven/org.apache.jena/apache-jena@3.12.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "homepage": "http://www.openjena.org/", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "Jena", + "versionInfo": "3.12.0" + }, + { + "SPDXID": "SPDXRef-Saxon", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "copyrightText": "Copyright Saxonica Ltd", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "filesAnalyzed": false, + "homepage": "http://saxon.sourceforge.net/", + "licenseComments": "Other versions available for a commercial license", + "licenseConcluded": "MPL-1.0", + "licenseDeclared": "MPL-1.0", + "name": "Saxon", + "packageFileName": "saxonB-8.8.zip", + "versionInfo": "8.8" + } + ], + "files": [ + { + "SPDXID": "SPDXRef-DoapSource", + "attributionTexts": [ + "Protecode Inc.", + "SPDX Technical Team Members", + "Open Logic Inc.", + "Source Auditor Inc.", + "Black Duck Software In.c" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.", + "fileContributors": [ + "Protecode Inc.", + "SPDX Technical Team Members", + "Open Logic Inc.", + "Source Auditor Inc.", + "Black Duck Software In.c" + ], + "fileName": "./src/org/spdx/parser/DOAPProject.java", + "fileTypes": [ + "SOURCE" + ], + "licenseConcluded": "Apache-2.0", + "licenseInfoInFiles": [ + "Apache-2.0" + ] + }, + { + "SPDXID": "SPDXRef-CommonsLangSrc", + "attributionTexts": [ + "Apache Software Foundation" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "comment": "This file is used by Jena", + "copyrightText": "Copyright 2001-2011 The Apache Software Foundation", + "fileContributors": [ + "Apache Software Foundation" + ], + "fileName": "./lib-source/commons-lang3-3.1-sources.jar", + "fileTypes": [ + "ARCHIVE" + ], + "licenseConcluded": "Apache-2.0", + "licenseInfoInFiles": [ + "Apache-2.0" + ], + "noticeText": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + }, + { + "SPDXID": "SPDXRef-JenaLib", + "attributionTexts": [ + "Apache Software Foundation", + "Hewlett Packard Inc." + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "comment": "This file belongs to Jena", + "copyrightText": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "fileContributors": [ + "Apache Software Foundation", + "Hewlett Packard Inc." + ], + "fileName": "./lib-source/jena-2.6.3-sources.jar", + "fileTypes": [ + "ARCHIVE" + ], + "licenseComments": "This license is used by Jena", + "licenseConcluded": "LicenseRef-1", + "licenseInfoInFiles": [ + "LicenseRef-1" + ] + }, + { + "SPDXID": "SPDXRef-File", + "annotations": [ + { + "annotationDate": "2011-01-29T18:30:22Z", + "annotationType": "OTHER", + "annotator": "Person: File Commenter", + "comment": "File level annotation" + } + ], + "attributionTexts": [ + "The Regents of the University of California", + "Modified by Paul Mundt lethal@linux-sh.org", + "IBM Corporation" + ], + "checksums": [ + { + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "algorithm": "SHA1", + "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "comment": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", + "copyrightText": "Copyright 2008-2010 John Smith", + "fileContributors": [ + "The Regents of the University of California", + "Modified by Paul Mundt lethal@linux-sh.org", + "IBM Corporation" + ], + "fileName": "./package/foo.c", + "fileTypes": [ + "SOURCE" + ], + "licenseComments": "The concluded license was taken from the package level that the file was included in.", + "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", + "licenseInfoInFiles": [ + "GPL-2.0-only", + "LicenseRef-2" + ], + "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ], + "snippets": [ + { + "SPDXID": "SPDXRef-Snippet", + "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", + "copyrightText": "Copyright 2008-2010 John Smith", + "licenseComments": "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", + "licenseConcluded": "GPL-2.0-only", + "licenseInfoInSnippets": [ + "GPL-2.0-only" + ], + "name": "from linux kernel", + "ranges": [ + { + "endPointer": { + "offset": 420, + "reference": "SPDXRef-DoapSource" + }, + "startPointer": { + "offset": 310, + "reference": "SPDXRef-DoapSource" + } + }, + { + "endPointer": { + "lineNumber": 23, + "reference": "SPDXRef-DoapSource" + }, + "startPointer": { + "lineNumber": 5, + "reference": "SPDXRef-DoapSource" + } + } + ], + "snippetFromFile": "SPDXRef-DoapSource" + } + ], + "relationships": [ + { + "relatedSpdxElement": "SPDXRef-Package", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", + "relationshipType": "COPY_OF", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "SPDXRef-File", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "SPDXRef-Package", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "SPDXRef-JenaLib", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package" + }, + { + "relatedSpdxElement": "SPDXRef-Saxon", + "relationshipType": "DYNAMIC_LINK", + "spdxElementId": "SPDXRef-Package" + }, + { + "relatedSpdxElement": "NOASSERTION", + "relationshipType": "GENERATED_FROM", + "spdxElementId": "SPDXRef-CommonsLangSrc" + }, + { + "relatedSpdxElement": "SPDXRef-Package", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-JenaLib" + }, + { + "relatedSpdxElement": "SPDXRef-fromDoap-0", + "relationshipType": "GENERATED_FROM", + "spdxElementId": "SPDXRef-File" + } + ] +} \ No newline at end of file diff --git a/jsonloader/parser2v2/parse_snippets.go b/jsonloader/parser2v2/parse_snippets.go index 68a018a9..a49191d7 100644 --- a/jsonloader/parser2v2/parse_snippets.go +++ b/jsonloader/parser2v2/parse_snippets.go @@ -70,7 +70,7 @@ func (spec JSONSpdxDocument) parseJsonSnippets2_2(key string, value interface{}, } } default: - return fmt.Errorf("received unknown tag %v in files section", k) + return fmt.Errorf("received unknown tag %v in snippet section", k) } } fileID, err2 := extractDocElementID(snippetmap["snippetFromFile"].(string)) diff --git a/jsonsaver/saver2v2/save_creation_info.go b/jsonsaver/saver2v2/save_creation_info.go index e13684d9..60f4e953 100644 --- a/jsonsaver/saver2v2/save_creation_info.go +++ b/jsonsaver/saver2v2/save_creation_info.go @@ -58,7 +58,7 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, buf *bytes.Buffer) error { var refs []interface{} for _, v := range ci.ExternalDocumentReferences { aa := make(map[string]interface{}) - aa["externalDocumentId"] = v.DocumentRefID + aa["externalDocumentId"] = fmt.Sprintf("DocumentRef-%s", v.DocumentRefID) aa["checksum"] = map[string]string{ "algorithm": v.Alg, "checksumValue": v.Checksum, diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index f28b2ea3..741d4111 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -54,7 +54,7 @@ func renderfiles2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { file["licenseConcluded"] = v.LicenseConcluded } if v.LicenseInfoInFile != nil { - file["licenseInfoFromFiles"] = v.LicenseInfoInFile + file["licenseInfoInFiles"] = v.LicenseInfoInFile } if v.FileNotice != "" { file["noticeText"] = v.FileNotice diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index 0d8a5010..95d28339 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -104,18 +104,14 @@ func renderPackage2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } //parse package originator - var originator []string if v.PackageOriginatorPerson != "" { - originator = append(originator, fmt.Sprintf("Person: %s", v.PackageOriginatorPerson)) + pkg["originator"] = fmt.Sprintf("Person: %s", v.PackageOriginatorPerson) } if v.PackageOriginatorOrganization != "" { - originator = append(originator, fmt.Sprintf("Organization: %s", v.PackageOriginatorOrganization)) + pkg["originator"] = fmt.Sprintf("Organization: %s", v.PackageOriginatorOrganization) } if v.PackageOriginatorNOASSERTION { - originator = append(originator, "NOASSERTION") - } - if originator != nil { - pkg["originator"] = originator + pkg["originator"] = "NOASSERTION" } //parse package verification code diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index dd8a4610..c3826a0e 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -30,7 +30,7 @@ func renderSnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { snippet["licenseConcluded"] = v.SnippetLicenseConcluded } if v.LicenseInfoInSnippet != nil { - snippet["licenseInfoFromFiles"] = v.LicenseInfoInSnippet + snippet["licenseInfoInSnippets"] = v.LicenseInfoInSnippet } if v.SnippetName != "" { snippet["name"] = v.SnippetName From 40122298d1b7ac0da7408d429c1a3ee4b60f5aee Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Thu, 15 Jul 2021 10:52:17 +0530 Subject: [PATCH 11/31] Jsonparser : fix bug while parsiing creators - Don't remove () suffix while parsing creator person and organization Signed-off-by: Ujjwal Agarwal --- jsonloader/parser2v2/parse_creation_info.go | 4 ++-- jsonloader/parser2v2/parse_creation_info_test.go | 4 ++-- jsonloader/parser2v2/parser_test.go | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/jsonloader/parser2v2/parse_creation_info.go b/jsonloader/parser2v2/parse_creation_info.go index 074e25e1..9e818e83 100644 --- a/jsonloader/parser2v2/parse_creation_info.go +++ b/jsonloader/parser2v2/parse_creation_info.go @@ -79,9 +79,9 @@ func parseCreators(creators interface{}, ci *spdx.CreationInfo2_2) error { } switch subkey { case "Person": - ci.CreatorPersons = append(ci.CreatorPersons, strings.TrimSuffix(subvalue, " ()")) + ci.CreatorPersons = append(ci.CreatorPersons, subvalue) case "Organization": - ci.CreatorOrganizations = append(ci.CreatorOrganizations, strings.TrimSuffix(subvalue, " ()")) + ci.CreatorOrganizations = append(ci.CreatorOrganizations, subvalue) case "Tool": ci.CreatorTools = append(ci.CreatorTools, subvalue) default: diff --git a/jsonloader/parser2v2/parse_creation_info_test.go b/jsonloader/parser2v2/parse_creation_info_test.go index 525bb505..ae62cba1 100644 --- a/jsonloader/parser2v2/parse_creation_info_test.go +++ b/jsonloader/parser2v2/parse_creation_info_test.go @@ -115,8 +115,8 @@ func TestJSONSpdxDocument_parseJsonCreationInfo2_2(t *testing.T) { want: &spdx.CreationInfo2_2{ CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe"}, - CreatorOrganizations: []string{"ExampleCodeInspect"}, + CreatorPersons: []string{"Jane Doe ()"}, + CreatorOrganizations: []string{"ExampleCodeInspect ()"}, CreatorTools: []string{"LicenseFind-1.0"}, LicenseListVersion: "3.8", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, diff --git a/jsonloader/parser2v2/parser_test.go b/jsonloader/parser2v2/parser_test.go index d80e9d51..051ff99f 100644 --- a/jsonloader/parser2v2/parser_test.go +++ b/jsonloader/parser2v2/parser_test.go @@ -43,8 +43,8 @@ func TestLoad2_2(t *testing.T) { DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", LicenseListVersion: "3.8", Created: "2010-01-29T18:30:22Z", - CreatorPersons: []string{"Jane Doe"}, - CreatorOrganizations: []string{"ExampleCodeInspect"}, + CreatorPersons: []string{"Jane Doe ()"}, + CreatorOrganizations: []string{"ExampleCodeInspect ()"}, CreatorTools: []string{"LicenseFind-1.0"}, DocumentName: "SPDX-Tools-v2.0", DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", From 7aab8734626c946f235f9a511dac0c105913e431 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Thu, 15 Jul 2021 11:27:36 +0530 Subject: [PATCH 12/31] Jsonsaver : Fix return types of relationship parser Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 3 --- jsonsaver/saver2v2/save_relationships.go | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index fddd4acd..7ddb8175 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -86,8 +86,5 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) (*bytes.Buffer, if err != nil { return nil, err } - // str := newbuf.String() - // logger := log.Default() - // logger.Fatal(str) return newbuf, nil } diff --git a/jsonsaver/saver2v2/save_relationships.go b/jsonsaver/saver2v2/save_relationships.go index 742a181f..8bfe9d77 100644 --- a/jsonsaver/saver2v2/save_relationships.go +++ b/jsonsaver/saver2v2/save_relationships.go @@ -10,7 +10,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Buffer) ([]interface{}, error) { +func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Buffer) error { var rels []interface{} for _, v := range relationships { @@ -25,5 +25,5 @@ func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Bu } relsjson, _ := json.Marshal(rels) fmt.Fprintf(buf, "\"%s\": %s ,", "relationships", relsjson) - return rels, nil + return nil } From 08fb06ac7d48d46c23e6e0b20eb42be065395722 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 16 Jul 2021 18:45:04 +0530 Subject: [PATCH 13/31] Jsonsaver : Simplify json saving without maintaining the order - Unnecessary functioanlity of maintinging the order of properyies removed - usage of map[string]interafce{} introduced Signed-off-by: Ujjwal Agarwal --- examples/8-jsonloader/result.txt | 346 ------------------- examples/9-jsonsaver/exampletvtojson.go | 4 +- examples/9-jsonsaver/sample.json | 417 ----------------------- jsonsaver/jsonsaver.go | 4 +- jsonsaver/saver2v2/save_creation_info.go | 36 +- jsonsaver/saver2v2/save_document.go | 45 +-- jsonsaver/saver2v2/save_document_test.go | 2 +- jsonsaver/saver2v2/save_files.go | 9 +- jsonsaver/saver2v2/save_other_license.go | 9 +- jsonsaver/saver2v2/save_package.go | 7 +- jsonsaver/saver2v2/save_relationships.go | 9 +- jsonsaver/saver2v2/save_reviews.go | 8 +- jsonsaver/saver2v2/save_snippets.go | 9 +- 13 files changed, 51 insertions(+), 854 deletions(-) delete mode 100644 examples/8-jsonloader/result.txt delete mode 100644 examples/9-jsonsaver/sample.json diff --git a/examples/8-jsonloader/result.txt b/examples/8-jsonloader/result.txt deleted file mode 100644 index 7909ccf2..00000000 --- a/examples/8-jsonloader/result.txt +++ /dev/null @@ -1,346 +0,0 @@ -SPDXVersion: SPDX-2.2 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: SPDX-Tools-v2.0 -DocumentNamespace: http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301 -ExternalDocumentRef: DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759 -LicenseListVersion: 3.9 -Creator: Person: Jane Doe -Creator: Organization: ExampleCodeInspect -Creator: Tool: LicenseFind-1.0 -Created: 2010-01-29T18:30:22Z -CreatorComment: This package has been shipped in source and binary form. -The binaries were created with gcc 4.5.1 and expect to link to -compatible system run time libraries. -DocumentComment: This document was created using SPDX 2.0 using licenses from the web site. - -##### Unpackaged files - -FileName: ./package/foo.c -SPDXID: SPDXRef-File -FileType: SOURCE -FileChecksum: SHA1: d6a770ba38583ed4bb4525bd96e50461655d2758 -FileChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 -LicenseConcluded: (LGPL-2.0-only OR LicenseRef-2) -LicenseInfoInFile: GPL-2.0-only -LicenseInfoInFile: LicenseRef-2 -LicenseComments: The concluded license was taken from the package level that the file was included in. -FileCopyrightText: Copyright 2008-2010 John Smith -FileComment: The concluded license was taken from the package level that the file was included in. -This information was found in the COPYING.txt file in the xyz directory. -FileNotice: Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -FileContributor: The Regents of the University of California -FileContributor: Modified by Paul Mundt lethal@linux-sh.org -FileContributor: IBM Corporation -FileAttributionText: The Regents of the University of California -FileAttributionText: Modified by Paul Mundt lethal@linux-sh.org -FileAttributionText: IBM Corporation - -##### Package: glibc - -PackageName: glibc -SPDXID: SPDXRef-Package -PackageVersion: 2.11.1 -PackageFileName: glibc-2.11.1.tar.gz -PackageSupplier: Person: Jane Doe (jane.doe@example.com) -PackageOriginator: Organization: ExampleCodeInspect (contact@example.com) -PackageDownloadLocation: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz -FilesAnalyzed: true -PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx) -PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c -PackageChecksum: SHA256: 11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd -PackageChecksum: MD5: 624c1abb3664f4b35547e7c73864ad24 -PackageHomePage: http://ftp.gnu.org/gnu/glibc -PackageSourceInfo: uses glibc-2_11-branch from git://sourceware.org/git/glibc.git. -PackageLicenseConcluded: (LGPL-2.0-only OR LicenseRef-3) -PackageLicenseInfoFromFiles: GPL-2.0-only -PackageLicenseInfoFromFiles: LicenseRef-2 -PackageLicenseInfoFromFiles: LicenseRef-1 -PackageLicenseDeclared: (LGPL-2.0-only AND LicenseRef-3) -PackageLicenseComments: The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change. -PackageCopyrightText: Copyright 2008-2010 John Smith -PackageSummary: GNU C library. -PackageDescription: The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems. -ExternalRef: SECURITY cpe23Type cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:* -ExternalRef: OTHER http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge acmecorp/acmenator/4.1.3-alpha -ExternalRefComment: This is the external ref for Acme -PackageAttributionText: The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually. - -FileName: ./lib-source/commons-lang3-3.1-sources.jar -SPDXID: SPDXRef-CommonsLangSrc -FileType: ARCHIVE -FileChecksum: SHA1: c2b4e1c67a2d28fced849ee1bb76e7391b93f125 -LicenseConcluded: Apache-2.0 -LicenseInfoInFile: Apache-2.0 -FileCopyrightText: Copyright 2001-2011 The Apache Software Foundation -FileComment: This file is used by Jena -FileNotice: Apache Commons Lang -Copyright 2001-2011 The Apache Software Foundation - -This product includes software developed by -The Apache Software Foundation (http://www.apache.org/). - -This product includes software from the Spring Framework, -under the Apache License 2.0 (see: StringUtils.containsWhitespace()) -FileContributor: Apache Software Foundation -FileAttributionText: Apache Software Foundation - -FileName: ./src/org/spdx/parser/DOAPProject.java -SPDXID: SPDXRef-DoapSource -FileType: SOURCE -FileChecksum: SHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 -LicenseConcluded: Apache-2.0 -LicenseInfoInFile: Apache-2.0 -FileCopyrightText: Copyright 2010, 2011 Source Auditor Inc. -FileContributor: Protecode Inc. -FileContributor: SPDX Technical Team Members -FileContributor: Open Logic Inc. -FileContributor: Source Auditor Inc. -FileContributor: Black Duck Software In.c -FileAttributionText: Protecode Inc. -FileAttributionText: SPDX Technical Team Members -FileAttributionText: Open Logic Inc. -FileAttributionText: Source Auditor Inc. -FileAttributionText: Black Duck Software In.c - -SnippetSPDXIdentifier: SPDXRef-Snippet -SnippetFromFileSPDXID: SPDXRef-DoapSource -SnippetByteRange: 310:420 -SnippetLineRange: 5:23 -SnippetLicenseConcluded: GPL-2.0-only -LicenseInfoInSnippet: GPL-2.0-only -SnippetLicenseComments: The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz. -SnippetCopyrightText: Copyright 2008-2010 John Smith -SnippetComment: This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0. -SnippetName: from linux kernel - -FileName: ./lib-source/jena-2.6.3-sources.jar -SPDXID: SPDXRef-JenaLib -FileType: ARCHIVE -FileChecksum: SHA1: 3ab4e1c67a2d28fced849ee1bb76e7391b93f125 -LicenseConcluded: LicenseRef-1 -LicenseInfoInFile: LicenseRef-1 -LicenseComments: This license is used by Jena -FileCopyrightText: (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP -FileComment: This file belongs to Jena -FileContributor: Apache Software Foundation -FileContributor: Hewlett Packard Inc. -FileAttributionText: Apache Software Foundation -FileAttributionText: Hewlett Packard Inc. - -##### Package: Saxon - -PackageName: Saxon -SPDXID: SPDXRef-Saxon -PackageVersion: 8.8 -PackageFileName: saxonB-8.8.zip -PackageDownloadLocation: https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download -FilesAnalyzed: false -PackageChecksum: SHA1: 85ed0817af83a24ad8da68c2b5094de69833983c -PackageHomePage: http://saxon.sourceforge.net/ -PackageLicenseConcluded: MPL-1.0 -PackageLicenseDeclared: MPL-1.0 -PackageLicenseComments: Other versions available for a commercial license -PackageCopyrightText: Copyright Saxonica Ltd -PackageDescription: The Saxon package is a collection of tools for processing XML documents. - -##### Package: Jena - -PackageName: Jena -SPDXID: SPDXRef-fromDoap-0 -PackageVersion: 3.12.0 -PackageDownloadLocation: https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz -FilesAnalyzed: false -PackageHomePage: http://www.openjena.org/ -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE_MANAGER purl pkg:maven/org.apache.jena/apache-jena@3.12.0 - -##### Package: Apache Commons Lang - -PackageName: Apache Commons Lang -SPDXID: SPDXRef-fromDoap-1 -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageHomePage: http://commons.apache.org/proper/commons-lang/ -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION - -##### Other Licenses - -LicenseID: LicenseRef-1 -ExtractedText: /* - * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -LicenseID: LicenseRef-2 -ExtractedText: This package includes the GRDDL parser developed by Hewlett Packard under the following license: -� Copyright 2007 Hewlett-Packard Development Company, LP - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -LicenseID: LicenseRef-4 -ExtractedText: /* - * (c) Copyright 2009 University of Bristol - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -LicenseID: LicenseRef-Beerware-4.2 -ExtractedText: "THE BEER-WARE LICENSE" (Revision 42): -phk@FreeBSD.ORG wrote this file. As long as you retain this notice you -can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp - -LicenseID: LicenseRef-3 -ExtractedText: The CyberNeko Software License, Version 1.0 - - -(C) Copyright 2002-2005, Andy Clark. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - -3. The end-user documentation included with the redistribution, - if any, must include the following acknowledgment: - "This product includes software developed by Andy Clark." - Alternately, this acknowledgment may appear in the software itself, - if and wherever such third-party acknowledgments normally appear. - -4. The names "CyberNeko" and "NekoHTML" must not be used to endorse - or promote products derived from this software without prior - written permission. For written permission, please contact - andyc@cyberneko.net. - -5. Products derived from this software may not be called "CyberNeko", - nor may "CyberNeko" appear in their name, without prior written - permission of the author. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -LicenseName: CyberNeko License -LicenseCrossReference: http://people.apache.org/~andyc/neko/LICENSE -LicenseCrossReference: http://justasample.url.com -LicenseComment: This is tye CyperNeko License - -##### Relationships - -Relationship: SPDXRef-DOCUMENT CONTAINS SPDXRef-Package -Relationship: SPDXRef-DOCUMENT COPY_OF DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-File -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package -Relationship: SPDXRef-Package CONTAINS SPDXRef-JenaLib -Relationship: SPDXRef-Package DYNAMIC_LINK SPDXRef-Saxon -Relationship: SPDXRef-CommonsLangSrc GENERATED_FROM NOASSERTION -Relationship: SPDXRef-JenaLib CONTAINS SPDXRef-Package -Relationship: SPDXRef-File GENERATED_FROM SPDXRef-fromDoap-0 - -##### Annotations - -Annotator: Person: File Commenter -AnnotationDate: 2011-01-29T18:30:22Z -AnnotationType: OTHER -SPDXREF: SPDXRef-File -AnnotationComment: File level annotation - -Annotator: Person: Package Commenter -AnnotationDate: 2011-01-29T18:30:22Z -AnnotationType: OTHER -SPDXREF: SPDXRef-Package -AnnotationComment: Package level annotation - -Annotator: Person: Jane Doe () -AnnotationDate: 2010-01-29T18:30:22Z -AnnotationType: OTHER -SPDXREF: SPDXRef-DOCUMENT -AnnotationComment: Document level annotation - -Annotator: Person: Joe Reviewer -AnnotationDate: 2010-02-10T00:00:00Z -AnnotationType: REVIEW -SPDXREF: SPDXRef-DOCUMENT -AnnotationComment: This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses - -Annotator: Person: Suzanne Reviewer -AnnotationDate: 2011-03-13T00:00:00Z -AnnotationType: REVIEW -SPDXREF: SPDXRef-DOCUMENT -AnnotationComment: Another example reviewer. - diff --git a/examples/9-jsonsaver/exampletvtojson.go b/examples/9-jsonsaver/exampletvtojson.go index 79816c18..02501f33 100644 --- a/examples/9-jsonsaver/exampletvtojson.go +++ b/examples/9-jsonsaver/exampletvtojson.go @@ -11,8 +11,8 @@ import ( "fmt" "os" - "github.com/spdx/tools-golang/jsonloader" "github.com/spdx/tools-golang/jsonsaver" + "github.com/spdx/tools-golang/tvloader" ) func main() { @@ -36,7 +36,7 @@ func main() { defer r.Close() // try to load the SPDX file's contents as a tag-value file, version 2.2 - doc, err := jsonloader.Load2_2(r) + doc, err := tvloader.Load2_2(r) if err != nil { fmt.Printf("Error while parsing %v: %v", args[1], err) return diff --git a/examples/9-jsonsaver/sample.json b/examples/9-jsonsaver/sample.json deleted file mode 100644 index b02dc5b0..00000000 --- a/examples/9-jsonsaver/sample.json +++ /dev/null @@ -1,417 +0,0 @@ -{ - "SPDXID": "SPDXRef-DOCUMENT", - "spdxVersion": "SPDX-2.2", - "creationInfo": { - "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - "created": "2010-01-29T18:30:22Z", - "creators": [ - "Person: Jane Doe", - "Organization: ExampleCodeInspect", - "Tool: LicenseFind-1.0" - ], - "licenseListVersion": "3.9" - }, - "name": "SPDX-Tools-v2.0", - "dataLicense": "CC0-1.0", - "comment": "This document was created using SPDX 2.0 using licenses from the web site.", - "externalDocumentRefs": [ - { - "checksum": { - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759" - }, - "externalDocumentId": "DocumentRef-spdx-tool-1.2", - "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" - } - ], - "hasExtractedLicensingInfos": [ - { - "extractedText": "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId": "LicenseRef-1" - }, - { - "extractedText": "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId": "LicenseRef-2" - }, - { - "extractedText": "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", - "licenseId": "LicenseRef-4" - }, - { - "extractedText": "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp \u003c/\nLicenseName: Beer-Ware License (Version 42)\nLicenseCrossReference: http://people.freebsd.org/~phk/\nLicenseComment: \nThe beerware license has a couple of other standard variants.", - "licenseId": "LicenseRef-Beerware-4.2" - }, - { - "comment": "This is tye CyperNeko License", - "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", - "licenseId": "LicenseRef-3", - "name": "CyberNeko License", - "seeAlsos": [ - "http://people.apache.org/~andyc/neko/LICENSE", - "http://justasample.url.com" - ] - } - ], - "annotations": [ - { - "annotationDate": "2010-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: Jane Doe ()", - "comment": "Document level annotation" - }, - { - "annotationDate": "2010-02-10T00:00:00Z", - "annotationType": "REVIEW", - "annotator": "Person: Joe Reviewer", - "comment": "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses" - }, - { - "annotationDate": "2011-03-13T00:00:00Z", - "annotationType": "REVIEW", - "annotator": "Person: Suzanne Reviewer", - "comment": "Another example reviewer." - } - ], - "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", - "documentDescribes": [ - "SPDXRef-File", - "SPDXRef-Package" - ], - "packages": [ - { - "SPDXID": "SPDXRef-Package", - "annotations": [ - { - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: Package Commenter", - "comment": "Package level annotation" - } - ], - "attributionTexts": [ - "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." - ], - "checksums": [ - { - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24" - }, - { - "algorithm": "SHA1", - "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c" - }, - { - "algorithm": "SHA256", - "checksumValue": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" - } - ], - "copyrightText": "Copyright 2008-2010 John Smith", - "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", - "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", - "referenceType": "cpe23Type" - }, - { - "comment": "This is the external ref for Acme", - "referenceCategory": "OTHER", - "referenceLocator": "acmecorp/acmenator/4.1.3-alpha", - "referenceType": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge" - } - ], - "filesAnalyzed": true, - "hasFiles": [ - "SPDXRef-DoapSource", - "SPDXRef-CommonsLangSrc", - "SPDXRef-JenaLib" - ], - "homepage": "http://ftp.gnu.org/gnu/glibc", - "licenseComments": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-3)", - "licenseDeclared": "(LGPL-2.0-only AND LicenseRef-3)", - "licenseInfoFromFiles": [ - "GPL-2.0-only", - "LicenseRef-2", - "LicenseRef-1" - ], - "name": "glibc", - "originator": "Organization: ExampleCodeInspect (contact@example.com)", - "packageFileName": "glibc-2.11.1.tar.gz", - "packageVerificationCode": { - "packageVerificationCodeExcludedFiles": [ - "./package.spdx" - ], - "packageVerificationCodeValue": "d6a770ba38583ed4bb4525bd96e50461655d2758" - }, - "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", - "summary": "GNU C library.", - "supplier": "Person: Jane Doe (jane.doe@example.com)", - "versionInfo": "2.11.1" - }, - { - "SPDXID": "SPDXRef-fromDoap-1", - "copyrightText": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "homepage": "http://commons.apache.org/proper/commons-lang/", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "name": "Apache Commons Lang" - }, - { - "SPDXID": "SPDXRef-fromDoap-0", - "copyrightText": "NOASSERTION", - "downloadLocation": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", - "externalRefs": [ - { - "referenceCategory": "PACKAGE_MANAGER", - "referenceLocator": "pkg:maven/org.apache.jena/apache-jena@3.12.0", - "referenceType": "purl" - } - ], - "filesAnalyzed": false, - "homepage": "http://www.openjena.org/", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "name": "Jena", - "versionInfo": "3.12.0" - }, - { - "SPDXID": "SPDXRef-Saxon", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c" - } - ], - "copyrightText": "Copyright Saxonica Ltd", - "description": "The Saxon package is a collection of tools for processing XML documents.", - "downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - "filesAnalyzed": false, - "homepage": "http://saxon.sourceforge.net/", - "licenseComments": "Other versions available for a commercial license", - "licenseConcluded": "MPL-1.0", - "licenseDeclared": "MPL-1.0", - "name": "Saxon", - "packageFileName": "saxonB-8.8.zip", - "versionInfo": "8.8" - } - ], - "files": [ - { - "SPDXID": "SPDXRef-DoapSource", - "attributionTexts": [ - "Protecode Inc.", - "SPDX Technical Team Members", - "Open Logic Inc.", - "Source Auditor Inc.", - "Black Duck Software In.c" - ], - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" - } - ], - "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.", - "fileContributors": [ - "Protecode Inc.", - "SPDX Technical Team Members", - "Open Logic Inc.", - "Source Auditor Inc.", - "Black Duck Software In.c" - ], - "fileName": "./src/org/spdx/parser/DOAPProject.java", - "fileTypes": [ - "SOURCE" - ], - "licenseConcluded": "Apache-2.0", - "licenseInfoInFiles": [ - "Apache-2.0" - ] - }, - { - "SPDXID": "SPDXRef-CommonsLangSrc", - "attributionTexts": [ - "Apache Software Foundation" - ], - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" - } - ], - "comment": "This file is used by Jena", - "copyrightText": "Copyright 2001-2011 The Apache Software Foundation", - "fileContributors": [ - "Apache Software Foundation" - ], - "fileName": "./lib-source/commons-lang3-3.1-sources.jar", - "fileTypes": [ - "ARCHIVE" - ], - "licenseConcluded": "Apache-2.0", - "licenseInfoInFiles": [ - "Apache-2.0" - ], - "noticeText": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" - }, - { - "SPDXID": "SPDXRef-JenaLib", - "attributionTexts": [ - "Apache Software Foundation", - "Hewlett Packard Inc." - ], - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" - } - ], - "comment": "This file belongs to Jena", - "copyrightText": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", - "fileContributors": [ - "Apache Software Foundation", - "Hewlett Packard Inc." - ], - "fileName": "./lib-source/jena-2.6.3-sources.jar", - "fileTypes": [ - "ARCHIVE" - ], - "licenseComments": "This license is used by Jena", - "licenseConcluded": "LicenseRef-1", - "licenseInfoInFiles": [ - "LicenseRef-1" - ] - }, - { - "SPDXID": "SPDXRef-File", - "annotations": [ - { - "annotationDate": "2011-01-29T18:30:22Z", - "annotationType": "OTHER", - "annotator": "Person: File Commenter", - "comment": "File level annotation" - } - ], - "attributionTexts": [ - "The Regents of the University of California", - "Modified by Paul Mundt lethal@linux-sh.org", - "IBM Corporation" - ], - "checksums": [ - { - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24" - }, - { - "algorithm": "SHA1", - "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758" - } - ], - "comment": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", - "copyrightText": "Copyright 2008-2010 John Smith", - "fileContributors": [ - "The Regents of the University of California", - "Modified by Paul Mundt lethal@linux-sh.org", - "IBM Corporation" - ], - "fileName": "./package/foo.c", - "fileTypes": [ - "SOURCE" - ], - "licenseComments": "The concluded license was taken from the package level that the file was included in.", - "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", - "licenseInfoInFiles": [ - "GPL-2.0-only", - "LicenseRef-2" - ], - "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." - } - ], - "snippets": [ - { - "SPDXID": "SPDXRef-Snippet", - "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText": "Copyright 2008-2010 John Smith", - "licenseComments": "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", - "licenseConcluded": "GPL-2.0-only", - "licenseInfoInSnippets": [ - "GPL-2.0-only" - ], - "name": "from linux kernel", - "ranges": [ - { - "endPointer": { - "offset": 420, - "reference": "SPDXRef-DoapSource" - }, - "startPointer": { - "offset": 310, - "reference": "SPDXRef-DoapSource" - } - }, - { - "endPointer": { - "lineNumber": 23, - "reference": "SPDXRef-DoapSource" - }, - "startPointer": { - "lineNumber": 5, - "reference": "SPDXRef-DoapSource" - } - } - ], - "snippetFromFile": "SPDXRef-DoapSource" - } - ], - "relationships": [ - { - "relatedSpdxElement": "SPDXRef-Package", - "relationshipType": "CONTAINS", - "spdxElementId": "SPDXRef-DOCUMENT" - }, - { - "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", - "relationshipType": "COPY_OF", - "spdxElementId": "SPDXRef-DOCUMENT" - }, - { - "relatedSpdxElement": "SPDXRef-File", - "relationshipType": "DESCRIBES", - "spdxElementId": "SPDXRef-DOCUMENT" - }, - { - "relatedSpdxElement": "SPDXRef-Package", - "relationshipType": "DESCRIBES", - "spdxElementId": "SPDXRef-DOCUMENT" - }, - { - "relatedSpdxElement": "SPDXRef-JenaLib", - "relationshipType": "CONTAINS", - "spdxElementId": "SPDXRef-Package" - }, - { - "relatedSpdxElement": "SPDXRef-Saxon", - "relationshipType": "DYNAMIC_LINK", - "spdxElementId": "SPDXRef-Package" - }, - { - "relatedSpdxElement": "NOASSERTION", - "relationshipType": "GENERATED_FROM", - "spdxElementId": "SPDXRef-CommonsLangSrc" - }, - { - "relatedSpdxElement": "SPDXRef-Package", - "relationshipType": "CONTAINS", - "spdxElementId": "SPDXRef-JenaLib" - }, - { - "relatedSpdxElement": "SPDXRef-fromDoap-0", - "relationshipType": "GENERATED_FROM", - "spdxElementId": "SPDXRef-File" - } - ] -} \ No newline at end of file diff --git a/jsonsaver/jsonsaver.go b/jsonsaver/jsonsaver.go index 35898ad5..11ee58d7 100644 --- a/jsonsaver/jsonsaver.go +++ b/jsonsaver/jsonsaver.go @@ -14,10 +14,10 @@ import ( func Save2_2(doc *spdx.Document2_2, w io.Writer) error { var b []byte buf := bytes.NewBuffer(b) - result, err := saver2v2.RenderDocument2_2(doc, buf) + err := saver2v2.RenderDocument2_2(doc, buf) if err != nil { return err } - w.Write(result.Bytes()) + w.Write(buf.Bytes()) return nil } diff --git a/jsonsaver/saver2v2/save_creation_info.go b/jsonsaver/saver2v2/save_creation_info.go index 60f4e953..f3ef67e8 100644 --- a/jsonsaver/saver2v2/save_creation_info.go +++ b/jsonsaver/saver2v2/save_creation_info.go @@ -3,28 +3,26 @@ package saver2v2 import ( - "bytes" - "encoding/json" "fmt" "github.com/spdx/tools-golang/spdx" ) -func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, buf *bytes.Buffer) error { +func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, jsondocument map[string]interface{}) error { if ci.SPDXIdentifier != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "SPDXID", spdx.RenderElementID(ci.SPDXIdentifier)) + jsondocument["SPDXID"] = spdx.RenderElementID(ci.SPDXIdentifier) } if ci.SPDXVersion != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "spdxVersion", ci.SPDXVersion) + jsondocument["spdxVersion"] = ci.SPDXVersion } if ci.CreatorComment != "" || ci.Created != "" || ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil || ci.LicenseListVersion != "" { - fmt.Fprintf(buf, "\"%s\": %s", "creationInfo", "{") + creationInfo := make(map[string]interface{}) if ci.CreatorComment != "" { - commentjson, _ := json.Marshal(ci.CreatorComment) - fmt.Fprintf(buf, "\"%s\": %s,", "comment", commentjson) + creationInfo["comment"] = ci.CreatorComment } if ci.Created != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "created", ci.Created) + creationInfo["created"] = ci.Created + } if ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil { var creators []string @@ -37,23 +35,26 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, buf *bytes.Buffer) error { for _, v := range ci.CreatorTools { creators = append(creators, fmt.Sprintf("Tool: %s", v)) } - creatorsjson, _ := json.Marshal(creators) - fmt.Fprintf(buf, "\"%s\": %s ,", "creators", creatorsjson) + creationInfo["creators"] = creators } if ci.LicenseListVersion != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "licenseListVersion", ci.LicenseListVersion) + creationInfo["licenseListVersion"] = ci.LicenseListVersion } - fmt.Fprintf(buf, "%s", "},") + jsondocument["creationInfo"] = creationInfo } if ci.DocumentName != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "name", ci.DocumentName) + jsondocument["name"] = ci.DocumentName } if ci.DataLicense != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "dataLicense", ci.DataLicense) + jsondocument["dataLicense"] = ci.DataLicense } if ci.DocumentComment != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "comment", ci.DocumentComment) + jsondocument["comment"] = ci.DocumentComment + } + if ci.DocumentNamespace != "" { + jsondocument["documentNamespace"] = ci.DocumentNamespace } + if ci.ExternalDocumentReferences != nil { var refs []interface{} for _, v := range ci.ExternalDocumentReferences { @@ -66,8 +67,7 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, buf *bytes.Buffer) error { aa["spdxDocument"] = v.URI refs = append(refs, aa) } - refsjson, _ := json.Marshal(refs) - fmt.Fprintf(buf, "\"%s\": %s ,", "externalDocumentRefs", refsjson) + jsondocument["externalDocumentRefs"] = refs } return nil diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 7ddb8175..62df120b 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -17,30 +17,24 @@ import ( // Document (version 2.2), and render it to the received *bytes.Buffer. // It is only exported in order to be available to the jsonsaver package, // and typically does not need to be called by client code. -func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) (*bytes.Buffer, error) { +func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { - fmt.Fprintln(buf, "{") + jsondocument := make(map[string]interface{}) // start to parse the creationInfo if doc.CreationInfo == nil { - return nil, fmt.Errorf("document had nil CreationInfo section") + return fmt.Errorf("document had nil CreationInfo section") } - renderCreationInfo2_2(doc.CreationInfo, buf) + renderCreationInfo2_2(doc.CreationInfo, jsondocument) // parse otherlicenses from sodx struct to json if doc.OtherLicenses != nil { - renderOtherLicenses2_2(doc.OtherLicenses, buf) + renderOtherLicenses2_2(doc.OtherLicenses, jsondocument) } // parse document level annotations if doc.Annotations != nil { ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) - annotationjson, _ := json.Marshal(ann) - fmt.Fprintf(buf, "\"%s\": %s ,", "annotations", annotationjson) - } - - // parse document namespace - if doc.CreationInfo.DocumentNamespace != "" { - fmt.Fprintf(buf, "\"%s\": \"%s\",", "documentNamespace", doc.CreationInfo.DocumentNamespace) + jsondocument["annotations"] = ann } // parse document describes @@ -50,41 +44,34 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) (*bytes.Buffer, for _, v := range describes { describesID = append(describesID, spdx.RenderElementID(v)) } - describesjson, _ := json.Marshal(describesID) - fmt.Fprintf(buf, "\"%s\": %s,", "documentDescribes", describesjson) + jsondocument["documentDescribes"] = describesID } // parse packages from spdx to json if doc.Packages != nil { - renderPackage2_2(doc, buf) + renderPackage2_2(doc, jsondocument) } // parse files and snippets from spdx to json if doc.UnpackagedFiles != nil { - renderfiles2_2(doc, buf) - renderSnippets2_2(doc, buf) + renderfiles2_2(doc, jsondocument) + renderSnippets2_2(doc, jsondocument) } // parse reviews from spdx to json if doc.Reviews != nil { - renderReviews2_2(doc.Reviews, buf) + renderReviews2_2(doc.Reviews, jsondocument) } // parse relationships from spdx to json if doc.Relationships != nil { - renderRelationships2_2(doc.Relationships, buf) + renderRelationships2_2(doc.Relationships, jsondocument) } - // parsing ends - buf.WriteRune('}') - // remove the pattern ",}" from the json - final := bytes.ReplaceAll(buf.Bytes(), []byte(",}"), []byte("}")) - // indent the json properly - var b []byte - newbuf := bytes.NewBuffer(b) - err := json.Indent(newbuf, final, "", "\t") + jsonspec, err := json.MarshalIndent(jsondocument, "", "\t") if err != nil { - return nil, err + return err } - return newbuf, nil + buf.Write(jsonspec) + return nil } diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 1075d757..4d228d04 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -366,7 +366,7 @@ func TestRenderDocument2_2(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if _, err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { + if err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { t.Errorf("RenderDocument2_2() error = %v, wantErr %v", err, tt.wantErr) } }) diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index 741d4111..0661cb61 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -3,14 +3,10 @@ package saver2v2 import ( - "bytes" - "encoding/json" - "fmt" - "github.com/spdx/tools-golang/spdx" ) -func renderfiles2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { +func renderfiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { var files []interface{} for k, v := range doc.UnpackagedFiles { @@ -71,8 +67,7 @@ func renderfiles2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { files = append(files, file) } - filesjson, _ := json.Marshal(files) - fmt.Fprintf(buf, "\"%s\": %s ,", "files", filesjson) + jsondocument["files"] = files return nil } diff --git a/jsonsaver/saver2v2/save_other_license.go b/jsonsaver/saver2v2/save_other_license.go index ef8171ab..48aedbf3 100644 --- a/jsonsaver/saver2v2/save_other_license.go +++ b/jsonsaver/saver2v2/save_other_license.go @@ -3,14 +3,10 @@ package saver2v2 import ( - "bytes" - "encoding/json" - "fmt" - "github.com/spdx/tools-golang/spdx" ) -func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, buf *bytes.Buffer) error { +func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, jsondocument map[string]interface{}) error { var licenses []interface{} for _, v := range otherlicenses { @@ -28,8 +24,7 @@ func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, buf *bytes.Bu } licenses = append(licenses, lic) } - licensesjson, _ := json.Marshal(licenses) - fmt.Fprintf(buf, "\"%s\": %s ,", "hasExtractedLicensingInfos", licensesjson) + jsondocument["hasExtractedLicensingInfos"] = licenses return nil } diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index 95d28339..ea9d2d96 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -3,14 +3,12 @@ package saver2v2 import ( - "bytes" - "encoding/json" "fmt" "github.com/spdx/tools-golang/spdx" ) -func renderPackage2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { +func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { var packages []interface{} for k, v := range doc.Packages { @@ -135,8 +133,7 @@ func renderPackage2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { packages = append(packages, pkg) } - packagejson, _ := json.Marshal(packages) - fmt.Fprintf(buf, "\"%s\": %s ,", "packages", packagejson) + jsondocument["packages"] = packages return nil } diff --git a/jsonsaver/saver2v2/save_relationships.go b/jsonsaver/saver2v2/save_relationships.go index 8bfe9d77..2eb473de 100644 --- a/jsonsaver/saver2v2/save_relationships.go +++ b/jsonsaver/saver2v2/save_relationships.go @@ -3,14 +3,10 @@ package saver2v2 import ( - "bytes" - "encoding/json" - "fmt" - "github.com/spdx/tools-golang/spdx" ) -func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Buffer) error { +func renderRelationships2_2(relationships []*spdx.Relationship2_2, jsondocument map[string]interface{}) error { var rels []interface{} for _, v := range relationships { @@ -23,7 +19,6 @@ func renderRelationships2_2(relationships []*spdx.Relationship2_2, buf *bytes.Bu } rels = append(rels, rel) } - relsjson, _ := json.Marshal(rels) - fmt.Fprintf(buf, "\"%s\": %s ,", "relationships", relsjson) + jsondocument["relationships"] = rels return nil } diff --git a/jsonsaver/saver2v2/save_reviews.go b/jsonsaver/saver2v2/save_reviews.go index 8ec55410..59561a1e 100644 --- a/jsonsaver/saver2v2/save_reviews.go +++ b/jsonsaver/saver2v2/save_reviews.go @@ -3,14 +3,12 @@ package saver2v2 import ( - "bytes" - "encoding/json" "fmt" "github.com/spdx/tools-golang/spdx" ) -func renderReviews2_2(reviews []*spdx.Review2_2, buf *bytes.Buffer) error { +func renderReviews2_2(reviews []*spdx.Review2_2, jsondocument map[string]interface{}) error { var review []interface{} for _, v := range reviews { @@ -22,8 +20,6 @@ func renderReviews2_2(reviews []*spdx.Review2_2, buf *bytes.Buffer) error { } review = append(review, rev) } - reviewjson, _ := json.Marshal(review) - fmt.Fprintf(buf, "\"%s\": %s ,", "revieweds", reviewjson) - + jsondocument["revieweds"] = review return nil } diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index c3826a0e..856e57b3 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -3,14 +3,10 @@ package saver2v2 import ( - "bytes" - "encoding/json" - "fmt" - "github.com/spdx/tools-golang/spdx" ) -func renderSnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { +func renderSnippets2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { var snippets []interface{} for _, value := range doc.UnpackagedFiles { @@ -69,7 +65,6 @@ func renderSnippets2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { snippets = append(snippets, snippet) } } - snippetjson, _ := json.Marshal(snippets) - fmt.Fprintf(buf, "\"%s\": %s ,", "snippets", snippetjson) + jsondocument["snippets"] = snippets return nil } From 8d5f3f5865832e462838153fc7a384b9e327aa36 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 16 Jul 2021 18:51:51 +0530 Subject: [PATCH 14/31] Examples : Write desxription of jsonsaver in the Readme Signed-off-by: Ujjwal Agarwal --- examples/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/examples/README.md b/examples/README.md index 7cd80a06..5009adca 100644 --- a/examples/README.md +++ b/examples/README.md @@ -70,3 +70,11 @@ and then printing the corresponding spdx struct for the document. This example demonstrates loading an SPDX json from disk into memory and then re-saving it to a different file on disk in tag-value format. + +## 9-jsonsaver + +*jsonsaver*, *tvloader* + +This example demonstrates loading an SPDX tag-value from disk into memory +and then re-saving it to a different file on disk in json format. + From d47d0c27d7a16940dfd7cf1fc8224e3b5a73384e Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 16 Jul 2021 18:53:15 +0530 Subject: [PATCH 15/31] Examples : Write description of jsonsaver example in readme Signed-off-by: Ujjwal Agarwal --- examples/9-jsonsaver/exampletvtojson.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/9-jsonsaver/exampletvtojson.go b/examples/9-jsonsaver/exampletvtojson.go index 02501f33..2c6ec7ef 100644 --- a/examples/9-jsonsaver/exampletvtojson.go +++ b/examples/9-jsonsaver/exampletvtojson.go @@ -1,9 +1,9 @@ // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -// Example for: *tvloader*, *tvsaver* +// Example for: *tvloader*, *jsonsaver* // This example demonstrates loading an SPDX tag-value file from disk into memory, -// and re-saving it to a different file on disk. +// and re-saving it to a different json file on disk. package main @@ -45,7 +45,7 @@ func main() { // if we got here, the file is now loaded into memory. fmt.Printf("Successfully loaded %s\n", args[1]) - // we can now save it back to disk, using tvsaver. + // we can now save it back to disk, using jsonsaver. // create a new file for writing fileOut := args[2] @@ -56,7 +56,7 @@ func main() { } defer w.Close() - // try to save the document to disk as an SPDX tag-value file, version 2.2 + // try to save the document to disk as an SPDX json file, version 2.2 err = jsonsaver.Save2_2(doc, w) if err != nil { fmt.Printf("Error while saving %v: %v", fileOut, err) From f64669fffa704cecc75bc370844430b351af2f67 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 16 Jul 2021 22:14:31 +0530 Subject: [PATCH 16/31] Jsonsaver : minor fixes regarding code semantics Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 16 ++++++++-------- jsonsaver/saver2v2/save_files.go | 4 ++-- jsonsaver/saver2v2/save_package.go | 12 ++++++------ jsonsaver/saver2v2/save_snippets.go | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 62df120b..3fc37c78 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -26,18 +26,18 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } renderCreationInfo2_2(doc.CreationInfo, jsondocument) - // parse otherlicenses from sodx struct to json + // save otherlicenses from sodx struct to json if doc.OtherLicenses != nil { renderOtherLicenses2_2(doc.OtherLicenses, jsondocument) } - // parse document level annotations + // save document level annotations if doc.Annotations != nil { ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) jsondocument["annotations"] = ann } - // parse document describes + // save document describes describes, _ := spdxlib.GetDescribedPackageIDs2_2(doc) if describes != nil { var describesID []string @@ -47,23 +47,23 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { jsondocument["documentDescribes"] = describesID } - // parse packages from spdx to json + // save packages from spdx to json if doc.Packages != nil { renderPackage2_2(doc, jsondocument) } - // parse files and snippets from spdx to json + // save files and snippets from spdx to json if doc.UnpackagedFiles != nil { - renderfiles2_2(doc, jsondocument) + renderFiles2_2(doc, jsondocument) renderSnippets2_2(doc, jsondocument) } - // parse reviews from spdx to json + // save reviews from spdx to json if doc.Reviews != nil { renderReviews2_2(doc.Reviews, jsondocument) } - // parse relationships from spdx to json + // save relationships from spdx to json if doc.Relationships != nil { renderRelationships2_2(doc.Relationships, jsondocument) } diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index 0661cb61..15fd52fb 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -6,7 +6,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderfiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { +func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { var files []interface{} for k, v := range doc.UnpackagedFiles { @@ -23,7 +23,7 @@ func renderfiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) file["comment"] = v.FileComment } - // parse package checksums + // save package checksums if v.FileChecksums != nil { var checksums []interface{} for _, value := range v.FileChecksums { diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index ea9d2d96..790ad142 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -21,7 +21,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} if v.PackageAttributionTexts != nil { pkg["attributionTexts"] = v.PackageAttributionTexts } - // parse package checksums + // save package checksums if v.PackageChecksums != nil { var checksums []interface{} for _, value := range v.PackageChecksums { @@ -42,7 +42,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} pkg["downloadLocation"] = v.PackageDownloadLocation } - //parse document external refereneces + //save document external refereneces if v.PackageExternalReferences != nil { var externalrefs []interface{} for _, value := range v.PackageExternalReferences { @@ -60,7 +60,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} pkg["filesAnalyzed"] = v.FilesAnalyzed - // parse package hass files + // save package hass files if v.Files != nil { var fileIds []string for k, v := range v.Files { @@ -101,7 +101,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} pkg["packageFileName"] = v.PackageFileName } - //parse package originator + //save package originator if v.PackageOriginatorPerson != "" { pkg["originator"] = fmt.Sprintf("Person: %s", v.PackageOriginatorPerson) } @@ -112,7 +112,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} pkg["originator"] = "NOASSERTION" } - //parse package verification code + //save package verification code if v.PackageVerificationCode != "" { verification := make(map[string]interface{}) verification["packageVerificationCodeExcludedFiles"] = []string{v.PackageVerificationCodeExcludedFile} @@ -120,7 +120,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} pkg["packageVerificationCode"] = verification } - //parse package supplier + //save package supplier if v.PackageSupplierPerson != "" { pkg["supplier"] = fmt.Sprintf("Person: %s", v.PackageSupplierPerson) } diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index 856e57b3..c2b67042 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -38,7 +38,7 @@ func renderSnippets2_2(doc *spdx.Document2_2, jsondocument map[string]interface{ snippet["attributionTexts"] = v.SnippetAttributionTexts } - // parse snippet ranges + // save snippet ranges var ranges []interface{} byterange := map[string]interface{}{ "endPointer": map[string]interface{}{ From 7616a1ef6103ca0e82041768ba7bd5a976c5fe7d Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Tue, 20 Jul 2021 17:22:39 +0530 Subject: [PATCH 17/31] Jsonsaver : creation info unit tests written - Unit Tests fro creation info function Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_annotations_test.go | 95 +++++++++++++++++++ jsonsaver/saver2v2/save_creation_info.go | 9 +- jsonsaver/saver2v2/save_creation_info_test.go | 90 ++++++++++++++++++ 3 files changed, 190 insertions(+), 4 deletions(-) create mode 100644 jsonsaver/saver2v2/save_annotations_test.go create mode 100644 jsonsaver/saver2v2/save_creation_info_test.go diff --git a/jsonsaver/saver2v2/save_annotations_test.go b/jsonsaver/saver2v2/save_annotations_test.go new file mode 100644 index 00000000..5f1fdf24 --- /dev/null +++ b/jsonsaver/saver2v2/save_annotations_test.go @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "reflect" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func Test_renderAnnotations2_2(t *testing.T) { + type args struct { + annotations []*spdx.Annotation2_2 + eID spdx.DocElementID + } + tests := []struct { + name string + args args + want []interface{} + wantErr bool + }{ + // TODO: Add test cases. + { + name: "success", + args: args{ + annotations: []*spdx.Annotation2_2{ + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "File Commenter", + AnnotationComment: "File level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Package Commenter", + AnnotationComment: "Package level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-02-10T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Joe Reviewer", + AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2011-03-13T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Suzanne Reviewer", + AnnotationComment: "Another example reviewer.", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Jane Doe ()", + AnnotationComment: "Document level annotation", + }, + }, + eID: spdx.MakeDocElementID("", "File"), + }, + want: []interface{}{ + map[string]interface{}{ + "annotationDate": "2011-01-29T18:30:22Z", + "annotationType": "OTHER", + "annotator": "Person: File Commenter", + "comment": "File level annotation", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := renderAnnotations2_2(tt.args.annotations, tt.args.eID) + if (err != nil) != tt.wantErr { + t.Errorf("renderAnnotations2_2() error = %v, wantErr %v", err, tt.wantErr) + return + } + for k, v := range got { + if !reflect.DeepEqual(v, tt.want[k]) { + t.Errorf("renderAnnotations2_2() = %v, want %v", v, tt.want[k]) + } + } + }) + } +} diff --git a/jsonsaver/saver2v2/save_creation_info.go b/jsonsaver/saver2v2/save_creation_info.go index f3ef67e8..be7b82bc 100644 --- a/jsonsaver/saver2v2/save_creation_info.go +++ b/jsonsaver/saver2v2/save_creation_info.go @@ -26,15 +26,16 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, jsondocument map[string]int } if ci.CreatorPersons != nil || ci.CreatorOrganizations != nil || ci.CreatorTools != nil { var creators []string - for _, v := range ci.CreatorPersons { - creators = append(creators, fmt.Sprintf("Person: %s", v)) + for _, v := range ci.CreatorTools { + creators = append(creators, fmt.Sprintf("Tool: %s", v)) } for _, v := range ci.CreatorOrganizations { creators = append(creators, fmt.Sprintf("Organization: %s", v)) } - for _, v := range ci.CreatorTools { - creators = append(creators, fmt.Sprintf("Tool: %s", v)) + for _, v := range ci.CreatorPersons { + creators = append(creators, fmt.Sprintf("Person: %s", v)) } + creationInfo["creators"] = creators } if ci.LicenseListVersion != "" { diff --git a/jsonsaver/saver2v2/save_creation_info_test.go b/jsonsaver/saver2v2/save_creation_info_test.go new file mode 100644 index 00000000..592ee560 --- /dev/null +++ b/jsonsaver/saver2v2/save_creation_info_test.go @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "reflect" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func Test_renderCreationInfo2_2(t *testing.T) { + type args struct { + ci *spdx.CreationInfo2_2 + jsondocument map[string]interface{} + } + tests := []struct { + name string + args args + want map[string]interface{} + wantErr bool + }{ + // TODO: Add test cases. + { + name: "success", + args: args{ + ci: &spdx.CreationInfo2_2{ + DataLicense: "CC0-1.0", + SPDXVersion: "SPDX-2.2", + SPDXIdentifier: "DOCUMENT", + DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", + LicenseListVersion: "3.8", + Created: "2010-01-29T18:30:22Z", + CreatorPersons: []string{"Jane Doe ()"}, + CreatorOrganizations: []string{"ExampleCodeInspect ()"}, + CreatorTools: []string{"LicenseFind-1.0"}, + DocumentName: "SPDX-Tools-v2.0", + DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ + "spdx-tool-1.2": { + DocumentRefID: "spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + jsondocument: make(map[string]interface{}), + }, + want: map[string]interface{}{ + "dataLicense": "CC0-1.0", + "spdxVersion": "SPDX-2.2", + "SPDXID": "SPDXRef-DOCUMENT", + "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "name": "SPDX-Tools-v2.0", + "comment": "This document was created using SPDX 2.0 using licenses from the web site.", + "creationInfo": map[string]interface{}{ + "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created": "2010-01-29T18:30:22Z", + "creators": []string{"Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, + "licenseListVersion": "3.8", + }, + "externalDocumentRefs": []interface{}{ + map[string]interface{}{ + "externalDocumentId": "DocumentRef-spdx-tool-1.2", + "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + "checksum": map[string]string{ + "algorithm": "SHA1", + "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := renderCreationInfo2_2(tt.args.ci, tt.args.jsondocument); (err != nil) != tt.wantErr { + t.Errorf("renderCreationInfo2_2() error = %v, wantErr %v", err, tt.wantErr) + } + for k, v := range tt.want { + if !reflect.DeepEqual(tt.args.jsondocument[k], v) { + t.Errorf("Load2_2() = %v, want %v", tt.args.jsondocument[k], v) + } + } + }) + } +} From 8176ed5025d1fa591a8c26763ba645f3ba791696 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Wed, 21 Jul 2021 12:22:07 +0530 Subject: [PATCH 18/31] Jsonsaver : Write unit tests for all render functions - Write units tests for render functions for snippets ,packages , files , reviews , relationships ,annotations Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_files.go | 9 +- jsonsaver/saver2v2/save_files_test.go | 145 ++++++++++++ jsonsaver/saver2v2/save_other_license.go | 4 +- jsonsaver/saver2v2/save_other_license_test.go | 72 ++++++ jsonsaver/saver2v2/save_package.go | 4 +- jsonsaver/saver2v2/save_package_test.go | 221 ++++++++++++++++++ jsonsaver/saver2v2/save_relationships.go | 4 +- jsonsaver/saver2v2/save_relationships_test.go | 80 +++++++ jsonsaver/saver2v2/save_reviews.go | 4 +- jsonsaver/saver2v2/save_reviews_test.go | 61 +++++ jsonsaver/saver2v2/save_snippets.go | 4 +- jsonsaver/saver2v2/save_snippets_test.go | 115 +++++++++ 12 files changed, 707 insertions(+), 16 deletions(-) create mode 100644 jsonsaver/saver2v2/save_files_test.go create mode 100644 jsonsaver/saver2v2/save_other_license_test.go create mode 100644 jsonsaver/saver2v2/save_package_test.go create mode 100644 jsonsaver/saver2v2/save_relationships_test.go create mode 100644 jsonsaver/saver2v2/save_reviews_test.go create mode 100644 jsonsaver/saver2v2/save_snippets_test.go diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index 15fd52fb..386c5b80 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -6,7 +6,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) error { +func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { var files []interface{} for k, v := range doc.UnpackagedFiles { @@ -17,7 +17,7 @@ func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) file["annotations"] = ann } if v.FileContributor != nil { - file["attributionTexts"] = v.FileContributor + file["fileContributors"] = v.FileContributor } if v.FileComment != "" { file["comment"] = v.FileComment @@ -55,9 +55,6 @@ func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) if v.FileNotice != "" { file["noticeText"] = v.FileNotice } - if v.FileContributor != nil { - file["fileContributors"] = v.FileContributor - } if v.FileDependencies != nil { file["fileDependencies"] = v.FileDependencies } @@ -69,5 +66,5 @@ func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) } jsondocument["files"] = files - return nil + return files, nil } diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go new file mode 100644 index 00000000..b66bc946 --- /dev/null +++ b/jsonsaver/saver2v2/save_files_test.go @@ -0,0 +1,145 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "reflect" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func Test_renderFiles2_2(t *testing.T) { + type args struct { + doc *spdx.Document2_2 + jsondocument map[string]interface{} + } + tests := []struct { + name string + args args + want []interface{} + wantErr bool + }{ + // TODO: Add test cases. + { + name: "", + args: args{ + doc: &spdx.Document2_2{ + Annotations: []*spdx.Annotation2_2{ + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "File Commenter", + AnnotationComment: "File level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "Package"}, + AnnotationDate: "2011-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Package Commenter", + AnnotationComment: "Package level annotation", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-02-10T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Joe Reviewer", + AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2011-03-13T00:00:00Z", + AnnotationType: "REVIEW", + AnnotatorType: "Person", + Annotator: "Suzanne Reviewer", + AnnotationComment: "Another example reviewer.", + }, + { + AnnotationSPDXIdentifier: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + AnnotationDate: "2010-01-29T18:30:22Z", + AnnotationType: "OTHER", + AnnotatorType: "Person", + Annotator: "Jane Doe ()", + AnnotationComment: "Document level annotation", + }, + }, + UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ + "File": { + FileSPDXIdentifier: "File", + // FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + // "SHA1": { + // Algorithm: "SHA1", + // Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", + // }, + // "MD5": { + // Algorithm: "MD5", + // Value: "624c1abb3664f4b35547e7c73864ad24", + // }, + // }, + FileComment: "The concluded license was taken from the package level that the file was .", + FileCopyrightText: "Copyright 2008-2010 John Smith", + FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, + FileName: "./package/foo.c", + FileType: []string{"SOURCE"}, + LicenseComments: "The concluded license was taken from the package level that the file was included in.", + LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", + LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, + FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", + }, + }, + }, + jsondocument: make(map[string]interface{}), + }, + want: []interface{}{ + map[string]interface{}{ + "SPDXID": "SPDXRef-File", + "annotations": []interface{}{ + map[string]interface{}{ + "annotationDate": "2011-01-29T18:30:22Z", + "annotationType": "OTHER", + "annotator": "Person: File Commenter", + "comment": "File level annotation", + }, + }, + // "checksums": []interface{}{ + // map[string]interface{}{ + // "algorithm": "SHA1", + // "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", + // }, + // map[string]interface{}{ + // "algorithm": "MD5", + // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + // }, + // }, + "comment": "The concluded license was taken from the package level that the file was .", + "copyrightText": "Copyright 2008-2010 John Smith", + "fileContributors": []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, + "fileName": "./package/foo.c", + "fileTypes": []string{"SOURCE"}, + "licenseComments": "The concluded license was taken from the package level that the file was included in.", + "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", + "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, + "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := renderFiles2_2(tt.args.doc, tt.args.jsondocument) + if (err != nil) != tt.wantErr { + t.Errorf("renderFiles2_2() error = %v, wantErr %v", err, tt.wantErr) + } + for k, v := range got { + if !reflect.DeepEqual(v, tt.want[k]) { + t.Errorf("renderFiles2_2() error = %v, want %v", v, tt.want[k]) + } + } + + }) + } +} diff --git a/jsonsaver/saver2v2/save_other_license.go b/jsonsaver/saver2v2/save_other_license.go index 48aedbf3..8b962feb 100644 --- a/jsonsaver/saver2v2/save_other_license.go +++ b/jsonsaver/saver2v2/save_other_license.go @@ -6,7 +6,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, jsondocument map[string]interface{}) error { +func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, jsondocument map[string]interface{}) ([]interface{}, error) { var licenses []interface{} for _, v := range otherlicenses { @@ -26,5 +26,5 @@ func renderOtherLicenses2_2(otherlicenses []*spdx.OtherLicense2_2, jsondocument } jsondocument["hasExtractedLicensingInfos"] = licenses - return nil + return licenses, nil } diff --git a/jsonsaver/saver2v2/save_other_license_test.go b/jsonsaver/saver2v2/save_other_license_test.go new file mode 100644 index 00000000..312b6c91 --- /dev/null +++ b/jsonsaver/saver2v2/save_other_license_test.go @@ -0,0 +1,72 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package saver2v2 + +import ( + "reflect" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func Test_renderOtherLicenses2_2(t *testing.T) { + type args struct { + otherlicenses []*spdx.OtherLicense2_2 + jsondocument map[string]interface{} + } + tests := []struct { + name string + args args + want []interface{} + wantErr bool + }{ + // TODO: Add test cases. + { + name: "success", + args: args{ + otherlicenses: []*spdx.OtherLicense2_2{ + { + ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp Date: Wed, 21 Jul 2021 15:52:26 +0530 Subject: [PATCH 19/31] Jsonsaver : Fix checksum unit tests in case of files and packages - Checksums algorithm had to be parsed to string from spdx.ChecksumAlgorithm Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_files.go | 4 ++- jsonsaver/saver2v2/save_files_test.go | 40 ++++++++++++------------- jsonsaver/saver2v2/save_package.go | 2 +- jsonsaver/saver2v2/save_package_test.go | 24 +++++++-------- 4 files changed, 36 insertions(+), 34 deletions(-) diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index 386c5b80..9c2593a0 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -3,6 +3,8 @@ package saver2v2 import ( + "fmt" + "github.com/spdx/tools-golang/spdx" ) @@ -28,7 +30,7 @@ func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) var checksums []interface{} for _, value := range v.FileChecksums { checksum := make(map[string]interface{}) - checksum["algorithm"] = value.Algorithm + checksum["algorithm"] = fmt.Sprintf("%s", value.Algorithm) checksum["checksumValue"] = value.Value checksums = append(checksums, checksum) } diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go index b66bc946..d16e54d5 100644 --- a/jsonsaver/saver2v2/save_files_test.go +++ b/jsonsaver/saver2v2/save_files_test.go @@ -70,16 +70,16 @@ func Test_renderFiles2_2(t *testing.T) { UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{ "File": { FileSPDXIdentifier: "File", - // FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - // "SHA1": { - // Algorithm: "SHA1", - // Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", - // }, - // "MD5": { - // Algorithm: "MD5", - // Value: "624c1abb3664f4b35547e7c73864ad24", - // }, - // }, + FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "SHA1": { + Algorithm: "SHA1", + Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", + }, + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, FileComment: "The concluded license was taken from the package level that the file was .", FileCopyrightText: "Copyright 2008-2010 John Smith", FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, @@ -105,16 +105,16 @@ func Test_renderFiles2_2(t *testing.T) { "comment": "File level annotation", }, }, - // "checksums": []interface{}{ - // map[string]interface{}{ - // "algorithm": "SHA1", - // "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", - // }, - // map[string]interface{}{ - // "algorithm": "MD5", - // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - // }, - // }, + "checksums": []interface{}{ + map[string]interface{}{ + "algorithm": "SHA1", + "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", + }, + map[string]interface{}{ + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + }, + }, "comment": "The concluded license was taken from the package level that the file was .", "copyrightText": "Copyright 2008-2010 John Smith", "fileContributors": []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index 8ee95a8c..614c607f 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -26,7 +26,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} var checksums []interface{} for _, value := range v.PackageChecksums { checksum := make(map[string]interface{}) - checksum["algorithm"] = value.Algorithm + checksum["algorithm"] = fmt.Sprintf("%s", value.Algorithm) checksum["checksumValue"] = value.Value checksums = append(checksums, checksum) } diff --git a/jsonsaver/saver2v2/save_package_test.go b/jsonsaver/saver2v2/save_package_test.go index 5820a4bf..451fd8f5 100644 --- a/jsonsaver/saver2v2/save_package_test.go +++ b/jsonsaver/saver2v2/save_package_test.go @@ -47,12 +47,12 @@ func Test_renderPackage2_2(t *testing.T) { "Package": { PackageSPDXIdentifier: "Package", PackageAttributionTexts: []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - // PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ - // "MD5": { - // Algorithm: "MD5", - // Value: "624c1abb3664f4b35547e7c73864ad24", - // }, - // }, + PackageChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, + }, PackageCopyrightText: "Copyright 2008-2010 John Smith", PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", @@ -160,12 +160,12 @@ func Test_renderPackage2_2(t *testing.T) { }, }, "attributionTexts": []string{"The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."}, - // "checksums": []interface{}{ - // map[string]interface{}{ - // "algorithm": "MD5", - // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - // }, - // }, + "checksums": []interface{}{ + map[string]interface{}{ + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + }, + }, "copyrightText": "Copyright 2008-2010 John Smith", "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", From 81c96310467e79592b478d725b439b7cd429af17 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Wed, 21 Jul 2021 16:00:42 +0530 Subject: [PATCH 20/31] jsonsaver : increase test coverage - added test to renderfile function - added tests to renderrelationships function Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_files_test.go | 20 ++++++++++--------- jsonsaver/saver2v2/save_relationships_test.go | 8 +++++--- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go index d16e54d5..d7a07c16 100644 --- a/jsonsaver/saver2v2/save_files_test.go +++ b/jsonsaver/saver2v2/save_files_test.go @@ -80,15 +80,16 @@ func Test_renderFiles2_2(t *testing.T) { Value: "624c1abb3664f4b35547e7c73864ad24", }, }, - FileComment: "The concluded license was taken from the package level that the file was .", - FileCopyrightText: "Copyright 2008-2010 John Smith", - FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, - FileName: "./package/foo.c", - FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", - LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", - LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", + FileComment: "The concluded license was taken from the package level that the file was .", + FileCopyrightText: "Copyright 2008-2010 John Smith", + FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, + FileName: "./package/foo.c", + FileType: []string{"SOURCE"}, + LicenseComments: "The concluded license was taken from the package level that the file was included in.", + LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", + LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, + FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", + FileAttributionTexts: []string{"text1", "text2 "}, }, }, }, @@ -124,6 +125,7 @@ func Test_renderFiles2_2(t *testing.T) { "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", + "attributionTexts": []string{"text1", "text2 "}, }, }, }, diff --git a/jsonsaver/saver2v2/save_relationships_test.go b/jsonsaver/saver2v2/save_relationships_test.go index fabe67da..2b67143d 100644 --- a/jsonsaver/saver2v2/save_relationships_test.go +++ b/jsonsaver/saver2v2/save_relationships_test.go @@ -36,9 +36,10 @@ func Test_renderRelationships2_2(t *testing.T) { Relationship: "CONTAINS", }, { - RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, - RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, - Relationship: "DESCRIBES", + RefA: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + RefB: spdx.DocElementID{DocumentRefID: "", ElementRefID: "File"}, + Relationship: "DESCRIBES", + RelationshipComment: "This is a comment.", }, }, jsondocument: make(map[string]interface{}), @@ -58,6 +59,7 @@ func Test_renderRelationships2_2(t *testing.T) { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-File", "relationshipType": "DESCRIBES", + "comment": "This is a comment.", }, }, }, From 1896bb606d9e13a3bca061e993b1682752508d71 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Wed, 21 Jul 2021 16:10:47 +0530 Subject: [PATCH 21/31] Jsonsaver : increase test coverage Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_snippets_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jsonsaver/saver2v2/save_snippets_test.go b/jsonsaver/saver2v2/save_snippets_test.go index ed8ddba6..cd7df13b 100644 --- a/jsonsaver/saver2v2/save_snippets_test.go +++ b/jsonsaver/saver2v2/save_snippets_test.go @@ -48,6 +48,7 @@ func Test_renderSnippets2_2(t *testing.T) { SnippetByteRangeEnd: 420, SnippetLineRangeStart: 5, SnippetLineRangeEnd: 23, + SnippetAttributionTexts: []string{"text1", "text2 "}, }, }, FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", @@ -93,7 +94,8 @@ func Test_renderSnippets2_2(t *testing.T) { }, }, }, - "snippetFromFile": "SPDXRef-DoapSource", + "snippetFromFile": "SPDXRef-DoapSource", + "attributionTexts": []string{"text1", "text2 "}, }, }, }, From 2d2902a69f792fce08b6a4d98beacd7636f2685b Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Wed, 21 Jul 2021 17:45:02 +0530 Subject: [PATCH 22/31] Jsonsaver : add complete saver test Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document_test.go | 359 +++++++++++++---------- jsonsaver/saver2v2/save_files.go | 4 +- jsonsaver/saver2v2/save_package.go | 2 +- 3 files changed, 200 insertions(+), 165 deletions(-) diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 4d228d04..781b32bd 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -15,20 +15,18 @@ func TestRenderDocument2_2(t *testing.T) { test1 := &spdx.Document2_2{ CreationInfo: &spdx.CreationInfo2_2{ - SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", - SPDXIdentifier: spdx.ElementID("DOCUMENT"), - DocumentName: "tools-golang-0.0.1.abcdef", - DocumentNamespace: "https://github.com/spdx/spdx-docs/tools-golang/tools-golang-0.0.1.abcdef.whatever", - CreatorPersons: []string{ - "John Doe ()", - }, - CreatorOrganizations: []string{"ExampleCodeInspect"}, - CreatorTools: []string{"LicenseFind-1.0"}, + DataLicense: "CC0-1.0", + SPDXVersion: "SPDX-2.2", + SPDXIdentifier: "DOCUMENT", DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", LicenseListVersion: "3.8", + Created: "2010-01-29T18:30:22Z", + CreatorPersons: []string{"Jane Doe ()"}, + CreatorOrganizations: []string{"ExampleCodeInspect ()"}, + CreatorTools: []string{"LicenseFind-1.0"}, + DocumentName: "SPDX-Tools-v2.0", + DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", - Created: "2018-10-10T06:20:00Z", ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ "spdx-tool-1.2": { DocumentRefID: "spdx-tool-1.2", @@ -43,10 +41,6 @@ func TestRenderDocument2_2(t *testing.T) { ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp Date: Sat, 24 Jul 2021 18:48:08 +0530 Subject: [PATCH 23/31] Jsonsaver : add complete functionslity tests - Check whether an entire spdx document is saved correctly or not Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document_test.go | 40 +++++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 781b32bd..a890ffd1 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -6,6 +6,8 @@ package saver2v2 import ( "bytes" + "encoding/json" + "reflect" "testing" "github.com/spdx/tools-golang/spdx" @@ -184,15 +186,15 @@ func TestRenderDocument2_2(t *testing.T) { Value: "624c1abb3664f4b35547e7c73864ad24", }, }, - FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", + FileComment: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", FileCopyrightText: "Copyright 2008-2010 John Smith", FileContributor: []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, FileName: "./package/foo.c", FileType: []string{"SOURCE"}, - LicenseComments: "The concluded license was taken from the package level that the file was included in.", + LicenseComments: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", LicenseInfoInFile: []string{"GPL-2.0-only", "LicenseRef-2"}, - FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + FileNotice: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", }, }, } @@ -202,6 +204,7 @@ func TestRenderDocument2_2(t *testing.T) { "spdxVersion": "SPDX-2.2", "SPDXID": "SPDXRef-DOCUMENT", "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + "documentDescribes": []string{"SPDXRef-Package"}, "name": "SPDX-Tools-v2.0", "comment": "This document was created using SPDX 2.0 using licenses from the web site.", "creationInfo": map[string]interface{}{ @@ -241,6 +244,24 @@ func TestRenderDocument2_2(t *testing.T) { "comment": "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", }, }, + "relationships": []interface{}{ + map[string]interface{}{ + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement", + "relationshipType": "COPY_OF", + }, + map[string]interface{}{ + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Package", + "relationshipType": "CONTAINS", + }, + map[string]interface{}{ + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-File", + "relationshipType": "DESCRIBES", + "comment": "This is a comment.", + }, + }, "packages": []interface{}{ map[string]interface{}{ "SPDXID": "SPDXRef-Package", @@ -316,16 +337,15 @@ func TestRenderDocument2_2(t *testing.T) { "checksumValue": "624c1abb3664f4b35547e7c73864ad24", }, }, - "comment": "The concluded license was taken from the package level that the file was .", + "comment": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", "copyrightText": "Copyright 2008-2010 John Smith", "fileContributors": []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"}, "fileName": "./package/foo.c", "fileTypes": []string{"SOURCE"}, - "licenseComments": "The concluded license was taken from the package level that the file was included in.", + "licenseComments": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)", "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", - "attributionTexts": []string{"text1", "text2 "}, }, map[string]interface{}{ "SPDXID": "SPDXRef-DoapSource", @@ -375,8 +395,7 @@ func TestRenderDocument2_2(t *testing.T) { }, }, }, - "snippetFromFile": "SPDXRef-DoapSource", - "attributionTexts": []string{"text1", "text2 "}, + "snippetFromFile": "SPDXRef-DoapSource", }, }, } @@ -406,6 +425,11 @@ func TestRenderDocument2_2(t *testing.T) { if err := RenderDocument2_2(tt.args.doc, tt.args.buf); (err != nil) != tt.wantErr { t.Errorf("RenderDocument2_2() error = %v, wantErr %v", err, want) } + jsonspec, _ := json.MarshalIndent(want, "", "\t") + result := tt.args.buf.Bytes() + if !reflect.DeepEqual(jsonspec, result) { + t.Errorf("RenderDocument2_2() error = %v, wantErr %v", string(jsonspec), string(result)) + } }) } } From 81c7677913cec65e6f45f8def531783b3399b0bc Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sat, 24 Jul 2021 18:53:48 +0530 Subject: [PATCH 24/31] Jsonsaver : Package level tests added Signed-off-by: Ujjwal Agarwal --- jsonsaver/jsonsaver_test.go | 230 ++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100644 jsonsaver/jsonsaver_test.go diff --git a/jsonsaver/jsonsaver_test.go b/jsonsaver/jsonsaver_test.go new file mode 100644 index 00000000..2bff9585 --- /dev/null +++ b/jsonsaver/jsonsaver_test.go @@ -0,0 +1,230 @@ +package jsonsaver + +import ( + "bytes" + "testing" + + "github.com/spdx/tools-golang/spdx" +) + +func TestSave2_2(t *testing.T) { + type args struct { + doc *spdx.Document2_2 + } + test1 := &spdx.Document2_2{ + CreationInfo: &spdx.CreationInfo2_2{ + DataLicense: "CC0-1.0", + SPDXVersion: "SPDX-2.2", + SPDXIdentifier: "DOCUMENT", + DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", + LicenseListVersion: "3.8", + Created: "2010-01-29T18:30:22Z", + CreatorPersons: []string{"Jane Doe ()"}, + CreatorOrganizations: []string{"ExampleCodeInspect ()"}, + CreatorTools: []string{"LicenseFind-1.0"}, + DocumentName: "SPDX-Tools-v2.0", + DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", + CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ + "spdx-tool-1.2": { + DocumentRefID: "spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + OtherLicenses: []*spdx.OtherLicense2_2{ + { + ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp Date: Tue, 27 Jul 2021 19:42:54 +0530 Subject: [PATCH 25/31] JsonParser : increase test coverage of files, creationinfo and annotations Signed-off-by: Ujjwal Agarwal --- jsonloader/jsonloader_test.go | 11 +++- .../parser2v2/parse_annotations_test.go | 58 ++++++++++++++++-- .../parser2v2/parse_creation_info_test.go | 60 ++++++++++++++++++- jsonloader/parser2v2/parse_files_test.go | 16 ++--- jsonloader/parser2v2/parse_snippets_test.go | 2 + 5 files changed, 134 insertions(+), 13 deletions(-) diff --git a/jsonloader/jsonloader_test.go b/jsonloader/jsonloader_test.go index 2ce87502..e90a6a58 100644 --- a/jsonloader/jsonloader_test.go +++ b/jsonloader/jsonloader_test.go @@ -3,6 +3,7 @@ package jsonloader import ( + "bytes" "fmt" "io" "os" @@ -45,6 +46,14 @@ func TestLoad2_2(t *testing.T) { }, wantErr: false, }, + { + name: "fail - invalidjson ", + args: args{ + content: bytes.NewReader([]byte(`{"Hello":"HI",}`)), + }, + want: nil, + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -53,7 +62,7 @@ func TestLoad2_2(t *testing.T) { t.Errorf("Load2_2() error = %v, wantErr %v", err, tt.wantErr) return } - if !reflect.DeepEqual(got.CreationInfo, tt.want.CreationInfo) { + if !tt.wantErr && !reflect.DeepEqual(got.CreationInfo, tt.want.CreationInfo) { t.Errorf("Load2_2() = %v, want %v", got.CreationInfo, tt.want.CreationInfo) } }) diff --git a/jsonloader/parser2v2/parse_annotations_test.go b/jsonloader/parser2v2/parse_annotations_test.go index 6ef5693c..014c3dde 100644 --- a/jsonloader/parser2v2/parse_annotations_test.go +++ b/jsonloader/parser2v2/parse_annotations_test.go @@ -31,6 +31,26 @@ func TestJSONSpdxDocument_parseJsonAnnotations2_2(t *testing.T) { } ] } `) + data2 := []byte(`{ + "annotations" : [ { + "annotationDate" : "2010-02-10T00:00:00Z", + "annotationType" : "REVIEW", + "annotator" : "Person: Joe Reviewer", + "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + "Hello":"hellp" + }] +} +`) + data3 := []byte(`{ + "annotations" : [ { + "annotationDate" : "2010-02-10T00:00:00Z", + "annotationType" : "REVIEW", + "annotator" : "Fasle: Joe Reviewer", + "comment" : "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", + "Hello":"hellp" + }] +} +`) annotationstest1 := []*spdx.Annotation2_2{ { @@ -60,7 +80,12 @@ func TestJSONSpdxDocument_parseJsonAnnotations2_2(t *testing.T) { } var specs JSONSpdxDocument + var specs2 JSONSpdxDocument + var specs3 JSONSpdxDocument + json.Unmarshal(data, &specs) + json.Unmarshal(data2, &specs2) + json.Unmarshal(data3, &specs3) type args struct { key string @@ -88,16 +113,41 @@ func TestJSONSpdxDocument_parseJsonAnnotations2_2(t *testing.T) { want: annotationstest1, wantErr: false, }, + { + name: "failure test - invaid creator type", + spec: specs2, + args: args{ + key: "annotations", + value: specs2["annotations"], + doc: &spdxDocument2_2{}, + SPDXElementID: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + }, + want: nil, + wantErr: true, + }, + { + name: "failure test - invalid tag", + spec: specs3, + args: args{ + key: "annotations", + value: specs3["annotations"], + doc: &spdxDocument2_2{}, + SPDXElementID: spdx.DocElementID{DocumentRefID: "", ElementRefID: "DOCUMENT"}, + }, + want: nil, + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if err := tt.spec.parseJsonAnnotations2_2(tt.args.key, tt.args.value, tt.args.doc, tt.args.SPDXElementID); (err != nil) != tt.wantErr { t.Errorf("JSONSpdxDocument.parseJsonAnnotations2_2() error = %v, wantErr %v", err, tt.wantErr) } - - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.Annotations[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Annotations[i], tt.want[i]) + if !tt.wantErr { + for i := 0; i < len(tt.want); i++ { + if !reflect.DeepEqual(tt.args.doc.Annotations[i], tt.want[i]) { + t.Errorf("Load2_2() = %v, want %v", tt.args.doc.Annotations[i], tt.want[i]) + } } } diff --git a/jsonloader/parser2v2/parse_creation_info_test.go b/jsonloader/parser2v2/parse_creation_info_test.go index ae62cba1..280775ac 100644 --- a/jsonloader/parser2v2/parse_creation_info_test.go +++ b/jsonloader/parser2v2/parse_creation_info_test.go @@ -153,6 +153,64 @@ func TestJSONSpdxDocument_parseJsonCreationInfo2_2(t *testing.T) { }, wantErr: false, }, + { + name: "failure : Invalid tag ", + spec: specs, + args: args{ + key: "invalid", + value: "This document was created using SPDX 2.0 using licenses from the web site.", + doc: &spdxDocument2_2{}, + }, + want: &spdx.CreationInfo2_2{ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, + wantErr: true, + }, + { + name: "failure : DocRef missing in ExternalRefs", + spec: specs, + args: args{ + key: "externalDocumentRefs", + value: []map[string]interface{}{ + { + "externalDocumentId": "spdx-tool-1.2", + "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + "checksum": map[string]interface{}{ + "algorithm": "SHA1", + "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759", + }, + }, + }, + doc: &spdxDocument2_2{}, + }, + want: nil, + wantErr: true, + }, + { + name: "failure : invalid SPDXID", + spec: specs, + args: args{ + key: "SPDXID", + value: "DOCUMENT", + doc: &spdxDocument2_2{}, + }, + want: &spdx.CreationInfo2_2{ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}}, + wantErr: true, + }, + { + name: "failure - invalid creator type", + spec: specs, + args: args{ + key: "creationInfo", + value: map[string]interface{}{ + "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created": "2010-01-29T18:30:22Z", + "creators": []string{"Invalid: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()"}, + "licenseListVersion": "3.8", + }, + doc: &spdxDocument2_2{}, + }, + want: nil, + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -160,7 +218,7 @@ func TestJSONSpdxDocument_parseJsonCreationInfo2_2(t *testing.T) { if err := tt.spec.parseJsonCreationInfo2_2(tt.args.key, tt.args.value, tt.args.doc); (err != nil) != tt.wantErr { t.Errorf("JSONSpdxDocument.parseJsonCreationInfo2_2() error = %v, wantErr %v", err, tt.wantErr) } - if !reflect.DeepEqual(tt.args.doc.CreationInfo, tt.want) { + if !tt.wantErr && !reflect.DeepEqual(tt.args.doc.CreationInfo, tt.want) { t.Errorf("Load2_2() = %v, want %v", tt.args.doc.CreationInfo, tt.want) } diff --git a/jsonloader/parser2v2/parse_files_test.go b/jsonloader/parser2v2/parse_files_test.go index 196cb605..30f1bdc4 100644 --- a/jsonloader/parser2v2/parse_files_test.go +++ b/jsonloader/parser2v2/parse_files_test.go @@ -27,6 +27,7 @@ func TestJSONSpdxDocument_parseJsonFiles2_2(t *testing.T) { "fileName" : "./src/org/spdx/parser/DOAPProject.java", "fileTypes" : [ "SOURCE" ], "licenseConcluded" : "Apache-2.0", + "attributionTexts":["text1"], "licenseInfoInFiles" : [ "Apache-2.0" ] }, { "SPDXID" : "SPDXRef-CommonsLangSrc", @@ -97,13 +98,14 @@ func TestJSONSpdxDocument_parseJsonFiles2_2(t *testing.T) { Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", }, }, - FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", - FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - FileName: "./src/org/spdx/parser/DOAPProject.java", - FileType: []string{"SOURCE"}, - LicenseConcluded: "Apache-2.0", - LicenseInfoInFile: []string{"Apache-2.0"}, + FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", + FileContributor: []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, + FileDependencies: []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, + FileName: "./src/org/spdx/parser/DOAPProject.java", + FileType: []string{"SOURCE"}, + LicenseConcluded: "Apache-2.0", + FileAttributionTexts: []string{"text1"}, + LicenseInfoInFile: []string{"Apache-2.0"}, }, "CommonsLangSrc": { FileSPDXIdentifier: "CommonsLangSrc", diff --git a/jsonloader/parser2v2/parse_snippets_test.go b/jsonloader/parser2v2/parse_snippets_test.go index e72599e4..b25bee55 100644 --- a/jsonloader/parser2v2/parse_snippets_test.go +++ b/jsonloader/parser2v2/parse_snippets_test.go @@ -21,6 +21,7 @@ func TestJSONSpdxDocument_parseJsonSnippets2_2(t *testing.T) { "licenseComments" : "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", "licenseConcluded" : "GPL-2.0-only", "licenseInfoInSnippets" : [ "GPL-2.0-only" ], + "attributionTexts":["text1"], "name" : "from linux kernel", "ranges" : [ { "endPointer" : { @@ -52,6 +53,7 @@ func TestJSONSpdxDocument_parseJsonSnippets2_2(t *testing.T) { Snippets: map[spdx.ElementID]*spdx.Snippet2_2{ "Snippet": { SnippetSPDXIdentifier: "Snippet", + SnippetAttributionTexts: []string{"text1"}, SnippetFromFileSPDXIdentifier: spdx.DocElementID{ElementRefID: "DoapSource"}, SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", SnippetCopyrightText: "Copyright 2008-2010 John Smith", From 1bc87f7cbc680e409a1ec51fdfdd93b5d2b49701 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 6 Aug 2021 18:15:01 +0530 Subject: [PATCH 26/31] Examples : add example of jsonloader and remove existing conversion examples - bug fixes in json saver done as well - test covereage of jsonparser increased Signed-off-by: Ujjwal Agarwal --- examples/10-jsonloader/example_json_loader.go | 55 +++++++++++++++++++ .../examplejsontotv.go | 0 .../exampletvtojson.go | 0 examples/README.md | 10 +++- jsonsaver/jsonsaver_test.go | 4 -- jsonsaver/saver2v2/save_creation_info_test.go | 2 +- jsonsaver/saver2v2/save_document.go | 45 ++++++++++++--- jsonsaver/saver2v2/save_document_test.go | 16 +++--- jsonsaver/saver2v2/save_files_test.go | 16 +++--- 9 files changed, 117 insertions(+), 31 deletions(-) create mode 100644 examples/10-jsonloader/example_json_loader.go rename examples/{8-jsonloader => 8-jsontotv}/examplejsontotv.go (100%) rename examples/{9-jsonsaver => 9-tvtojson}/exampletvtojson.go (100%) diff --git a/examples/10-jsonloader/example_json_loader.go b/examples/10-jsonloader/example_json_loader.go new file mode 100644 index 00000000..96f47fd0 --- /dev/null +++ b/examples/10-jsonloader/example_json_loader.go @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +// Example for: *jsonparser2v2* + +// This example demonstrates loading an SPDX json from disk into memory, +// and then logging out some attributes to the console . + +package main + +import ( + "fmt" + "os" + "strings" + + "github.com/spdx/tools-golang/jsonloader" +) + +func main() { + + // check that we've received the right number of arguments + args := os.Args + if len(args) != 3 { + fmt.Printf("Usage: %v \n", args[0]) + fmt.Printf(" Load SPDX 2.2 tag-value file , and\n") + fmt.Printf(" save it out to .\n") + return + } + + // open the SPDX file + fileIn := args[1] + r, err := os.Open(fileIn) + if err != nil { + fmt.Printf("Error while opening %v for reading: %v", fileIn, err) + return + } + defer r.Close() + + // try to load the SPDX file's contents as a json file, version 2.2 + doc, err := jsonloader.Load2_2(r) + if err != nil { + fmt.Printf("Error while parsing %v: %v", args[1], err) + return + } + + // if we got here, the file is now loaded into memory. + fmt.Printf("Successfully loaded %s\n", args[1]) + + fmt.Println(strings.Repeat("=", 80)) + fmt.Println("Some Attributes of the Document:") + fmt.Printf("Document Name: %s\n", doc.CreationInfo.DocumentName) + fmt.Printf("DataLicense: %s\n", doc.CreationInfo.DataLicense) + fmt.Printf("Document NameSpace: %s\n", doc.CreationInfo.DocumentNamespace) + fmt.Printf("SPDX Document Version: %s\n", doc.CreationInfo.SPDXVersion) + fmt.Println(strings.Repeat("=", 80)) +} diff --git a/examples/8-jsonloader/examplejsontotv.go b/examples/8-jsontotv/examplejsontotv.go similarity index 100% rename from examples/8-jsonloader/examplejsontotv.go rename to examples/8-jsontotv/examplejsontotv.go diff --git a/examples/9-jsonsaver/exampletvtojson.go b/examples/9-tvtojson/exampletvtojson.go similarity index 100% rename from examples/9-jsonsaver/exampletvtojson.go rename to examples/9-tvtojson/exampletvtojson.go diff --git a/examples/README.md b/examples/README.md index 5009adca..bd4b3d3e 100644 --- a/examples/README.md +++ b/examples/README.md @@ -64,17 +64,23 @@ the same identifier in both documents. This example demonstrates loading an SPDX rdf file from disk into memory and then printing the corresponding spdx struct for the document. -## 8-jsonloader +## 8-jsontotv *jsonloader*, *tvsaver* This example demonstrates loading an SPDX json from disk into memory and then re-saving it to a different file on disk in tag-value format. -## 9-jsonsaver +## 9-tvtojson *jsonsaver*, *tvloader* This example demonstrates loading an SPDX tag-value from disk into memory and then re-saving it to a different file on disk in json format. +## 10-jsonloader + +*jsonloader* + +This example demonstrates loading an SPDX json from disk into memory +and then logging some of the attributes to the console. diff --git a/jsonsaver/jsonsaver_test.go b/jsonsaver/jsonsaver_test.go index 2bff9585..79926067 100644 --- a/jsonsaver/jsonsaver_test.go +++ b/jsonsaver/jsonsaver_test.go @@ -197,16 +197,13 @@ func TestSave2_2(t *testing.T) { tests := []struct { name string args args - wantW string wantErr bool }{ - // TODO: Add test cases. { name: "success", args: args{ doc: test1, }, - wantW: "", wantErr: false, }, { @@ -214,7 +211,6 @@ func TestSave2_2(t *testing.T) { args: args{ doc: &spdx.Document2_2{}, }, - wantW: "", wantErr: true, }, } diff --git a/jsonsaver/saver2v2/save_creation_info_test.go b/jsonsaver/saver2v2/save_creation_info_test.go index 592ee560..4498025e 100644 --- a/jsonsaver/saver2v2/save_creation_info_test.go +++ b/jsonsaver/saver2v2/save_creation_info_test.go @@ -82,7 +82,7 @@ func Test_renderCreationInfo2_2(t *testing.T) { } for k, v := range tt.want { if !reflect.DeepEqual(tt.args.jsondocument[k], v) { - t.Errorf("Load2_2() = %v, want %v", tt.args.jsondocument[k], v) + t.Errorf("renderCreationInfo2_2() = %v, want %v", tt.args.jsondocument[k], v) } } }) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 3fc37c78..2a0e6b79 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -24,17 +24,28 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { if doc.CreationInfo == nil { return fmt.Errorf("document had nil CreationInfo section") } - renderCreationInfo2_2(doc.CreationInfo, jsondocument) + err := renderCreationInfo2_2(doc.CreationInfo, jsondocument) + if err != nil { + return err + } // save otherlicenses from sodx struct to json if doc.OtherLicenses != nil { - renderOtherLicenses2_2(doc.OtherLicenses, jsondocument) + _, err = renderOtherLicenses2_2(doc.OtherLicenses, jsondocument) + if err != nil { + return err + } } // save document level annotations if doc.Annotations != nil { - ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) + ann, err := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(doc.CreationInfo.SPDXIdentifier))) + if err != nil { + return err + } + jsondocument["annotations"] = ann + } // save document describes @@ -49,23 +60,41 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { // save packages from spdx to json if doc.Packages != nil { - renderPackage2_2(doc, jsondocument) + _, err = renderPackage2_2(doc, jsondocument) + if err != nil { + return err + } } // save files and snippets from spdx to json if doc.UnpackagedFiles != nil { - renderFiles2_2(doc, jsondocument) - renderSnippets2_2(doc, jsondocument) + _, err = renderFiles2_2(doc, jsondocument) + if err != nil { + return err + } + _, err = renderSnippets2_2(doc, jsondocument) + if err != nil { + return err + } + } // save reviews from spdx to json if doc.Reviews != nil { - renderReviews2_2(doc.Reviews, jsondocument) + _, err = renderReviews2_2(doc.Reviews, jsondocument) + if err != nil { + return err + } + } // save relationships from spdx to json if doc.Relationships != nil { - renderRelationships2_2(doc.Relationships, jsondocument) + _, err = renderRelationships2_2(doc.Relationships, jsondocument) + if err != nil { + return err + } + } jsonspec, err := json.MarshalIndent(jsondocument, "", "\t") diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index a890ffd1..90d01f13 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -181,10 +181,10 @@ func TestRenderDocument2_2(t *testing.T) { Algorithm: "SHA1", Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, + // "MD5": { + // Algorithm: "MD5", + // Value: "624c1abb3664f4b35547e7c73864ad24", + // }, }, FileComment: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", FileCopyrightText: "Copyright 2008-2010 John Smith", @@ -332,10 +332,10 @@ func TestRenderDocument2_2(t *testing.T) { "algorithm": "SHA1", "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, + // map[string]interface{}{ + // "algorithm": "MD5", + // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + // }, }, "comment": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", "copyrightText": "Copyright 2008-2010 John Smith", diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go index d7a07c16..c2e61d8d 100644 --- a/jsonsaver/saver2v2/save_files_test.go +++ b/jsonsaver/saver2v2/save_files_test.go @@ -75,10 +75,10 @@ func Test_renderFiles2_2(t *testing.T) { Algorithm: "SHA1", Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - "MD5": { - Algorithm: "MD5", - Value: "624c1abb3664f4b35547e7c73864ad24", - }, + // "MD5": { + // Algorithm: "MD5", + // Value: "624c1abb3664f4b35547e7c73864ad24", + // }, }, FileComment: "The concluded license was taken from the package level that the file was .", FileCopyrightText: "Copyright 2008-2010 John Smith", @@ -111,10 +111,10 @@ func Test_renderFiles2_2(t *testing.T) { "algorithm": "SHA1", "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - map[string]interface{}{ - "algorithm": "MD5", - "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - }, + // map[string]interface{}{ + // "algorithm": "MD5", + // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + // }, }, "comment": "The concluded license was taken from the package level that the file was .", "copyrightText": "Copyright 2008-2010 John Smith", From dbd63eaf33ee90f85f7db67052dbfcad2447b5b3 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Tue, 10 Aug 2021 23:32:03 +0530 Subject: [PATCH 27/31] Jsonsaver : maintain order while converting maps to json arrays - bug fix : sort maos keys and then range over keys instead of maps - to maintain order while savings properties as maps Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document_test.go | 49 ++++++++++++------------ jsonsaver/saver2v2/save_files.go | 25 ++++++++++-- jsonsaver/saver2v2/save_files_test.go | 16 ++++---- jsonsaver/saver2v2/save_package.go | 24 ++++++++++-- 4 files changed, 76 insertions(+), 38 deletions(-) diff --git a/jsonsaver/saver2v2/save_document_test.go b/jsonsaver/saver2v2/save_document_test.go index 90d01f13..9651367a 100644 --- a/jsonsaver/saver2v2/save_document_test.go +++ b/jsonsaver/saver2v2/save_document_test.go @@ -177,14 +177,14 @@ func TestRenderDocument2_2(t *testing.T) { "File": { FileSPDXIdentifier: "File", FileChecksums: map[spdx.ChecksumAlgorithm]spdx.Checksum{ + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, "SHA1": { Algorithm: "SHA1", Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - // "MD5": { - // Algorithm: "MD5", - // Value: "624c1abb3664f4b35547e7c73864ad24", - // }, }, FileComment: "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", FileCopyrightText: "Copyright 2008-2010 John Smith", @@ -317,6 +317,22 @@ func TestRenderDocument2_2(t *testing.T) { }, }, "files": []interface{}{ + map[string]interface{}{ + "SPDXID": "SPDXRef-DoapSource", + "checksums": []interface{}{ + map[string]interface{}{ + "algorithm": "SHA1", + "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", + }, + }, + "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.", + "fileContributors": []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, + "fileDependencies": []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, + "fileName": "./src/org/spdx/parser/DOAPProject.java", + "fileTypes": []string{"SOURCE"}, + "licenseConcluded": "Apache-2.0", + "licenseInfoInFiles": []string{"Apache-2.0"}, + }, map[string]interface{}{ "SPDXID": "SPDXRef-File", "annotations": []interface{}{ @@ -328,14 +344,15 @@ func TestRenderDocument2_2(t *testing.T) { }, }, "checksums": []interface{}{ + map[string]interface{}{ + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + }, + map[string]interface{}{ "algorithm": "SHA1", "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - // map[string]interface{}{ - // "algorithm": "MD5", - // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - // }, }, "comment": "The concluded license was taken from the package level that the file was .\nThis information was found in the COPYING.txt file in the xyz directory.", "copyrightText": "Copyright 2008-2010 John Smith", @@ -347,22 +364,6 @@ func TestRenderDocument2_2(t *testing.T) { "licenseInfoInFiles": []string{"GPL-2.0-only", "LicenseRef-2"}, "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.", }, - map[string]interface{}{ - "SPDXID": "SPDXRef-DoapSource", - "checksums": []interface{}{ - map[string]interface{}{ - "algorithm": "SHA1", - "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", - }, - }, - "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.", - "fileContributors": []string{"Protecode Inc.", "SPDX Technical Team Members", "Open Logic Inc.", "Source Auditor Inc.", "Black Duck Software In.c"}, - "fileDependencies": []string{"SPDXRef-JenaLib", "SPDXRef-CommonsLangSrc"}, - "fileName": "./src/org/spdx/parser/DOAPProject.java", - "fileTypes": []string{"SOURCE"}, - "licenseConcluded": "Apache-2.0", - "licenseInfoInFiles": []string{"Apache-2.0"}, - }, }, "snippets": []interface{}{ map[string]interface{}{ diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index ca6d6b35..d866fd31 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -3,15 +3,25 @@ package saver2v2 import ( + "sort" + "github.com/spdx/tools-golang/spdx" ) func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { + var keys []string + for ke := range doc.UnpackagedFiles { + keys = append(keys, string(ke)) + } + sort.Strings(keys) + var files []interface{} - for k, v := range doc.UnpackagedFiles { + // for k, v := range doc.UnpackagedFiles { + for _, k := range keys { + v := doc.UnpackagedFiles[spdx.ElementID(k)] file := make(map[string]interface{}) - file["SPDXID"] = spdx.RenderElementID(k) + file["SPDXID"] = spdx.RenderElementID(spdx.ElementID(k)) ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) if ann != nil { file["annotations"] = ann @@ -26,7 +36,16 @@ func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) // save package checksums if v.FileChecksums != nil { var checksums []interface{} - for _, value := range v.FileChecksums { + + var algos []string + for alg := range v.FileChecksums { + algos = append(algos, string(alg)) + } + sort.Strings(algos) + + // for _, value := range v.FileChecksums { + for _, algo := range algos { + value := v.FileChecksums[spdx.ChecksumAlgorithm(algo)] checksum := make(map[string]interface{}) checksum["algorithm"] = string(value.Algorithm) checksum["checksumValue"] = value.Value diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go index c2e61d8d..fbc6ba1c 100644 --- a/jsonsaver/saver2v2/save_files_test.go +++ b/jsonsaver/saver2v2/save_files_test.go @@ -75,10 +75,10 @@ func Test_renderFiles2_2(t *testing.T) { Algorithm: "SHA1", Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - // "MD5": { - // Algorithm: "MD5", - // Value: "624c1abb3664f4b35547e7c73864ad24", - // }, + "MD5": { + Algorithm: "MD5", + Value: "624c1abb3664f4b35547e7c73864ad24", + }, }, FileComment: "The concluded license was taken from the package level that the file was .", FileCopyrightText: "Copyright 2008-2010 John Smith", @@ -107,14 +107,14 @@ func Test_renderFiles2_2(t *testing.T) { }, }, "checksums": []interface{}{ + map[string]interface{}{ + "algorithm": "MD5", + "checksumValue": "624c1abb3664f4b35547e7c73864ad24", + }, map[string]interface{}{ "algorithm": "SHA1", "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758", }, - // map[string]interface{}{ - // "algorithm": "MD5", - // "checksumValue": "624c1abb3664f4b35547e7c73864ad24", - // }, }, "comment": "The concluded license was taken from the package level that the file was .", "copyrightText": "Copyright 2008-2010 John Smith", diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index a402945d..ab96045b 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -4,6 +4,7 @@ package saver2v2 import ( "fmt" + "sort" "github.com/spdx/tools-golang/spdx" ) @@ -11,9 +12,18 @@ import ( func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { var packages []interface{} - for k, v := range doc.Packages { + + var keys []string + for ke := range doc.Packages { + keys = append(keys, string(ke)) + } + sort.Strings(keys) + + // for k, v := range doc.Packages { + for _, k := range keys { + v := doc.Packages[spdx.ElementID(k)] pkg := make(map[string]interface{}) - pkg["SPDXID"] = spdx.RenderElementID(k) + pkg["SPDXID"] = spdx.RenderElementID(spdx.ElementID(k)) ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.PackageSPDXIdentifier))) if ann != nil { pkg["annotations"] = ann @@ -24,7 +34,15 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} // save package checksums if v.PackageChecksums != nil { var checksums []interface{} - for _, value := range v.PackageChecksums { + + var algos []string + for alg := range v.PackageChecksums { + algos = append(algos, string(alg)) + } + sort.Strings(algos) + + for _, algo := range algos { + value := v.PackageChecksums[spdx.ChecksumAlgorithm(algo)] checksum := make(map[string]interface{}) checksum["algorithm"] = string(value.Algorithm) checksum["checksumValue"] = value.Value From f679856ddf17e0335474cf309d940a6517dda0aa Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 13 Aug 2021 20:18:54 +0530 Subject: [PATCH 28/31] JsonParser : JsonParser test coverage increased Signed-off-by: Ujjwal Agarwal --- jsonloader/parser2v2/parse_files_test.go | 12 +++---- jsonloader/parser2v2/parse_other_license.go | 2 +- .../parser2v2/parse_other_license_test.go | 31 ++++++++++++++++--- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/jsonloader/parser2v2/parse_files_test.go b/jsonloader/parser2v2/parse_files_test.go index 30f1bdc4..4d54fad5 100644 --- a/jsonloader/parser2v2/parse_files_test.go +++ b/jsonloader/parser2v2/parse_files_test.go @@ -197,13 +197,11 @@ func TestJSONSpdxDocument_parseJsonFiles2_2(t *testing.T) { t.Errorf("JSONSpdxDocument.parseJsonFiles2_2() error = %v, wantErr %v", err, tt.wantErr) } - // if !reflect.DeepEqual(tt.args.doc.UnpackagedFiles, tt.want) { - // t.Errorf("Load2_2() = %v, want %v", tt.args.doc.UnpackagedFiles, tt.want) - // } - - for k, v := range tt.want { - if !reflect.DeepEqual(tt.args.doc.UnpackagedFiles[k], v) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.UnpackagedFiles[k], v) + if !tt.wantErr { + for k, v := range tt.want { + if !reflect.DeepEqual(tt.args.doc.UnpackagedFiles[k], v) { + t.Errorf("Load2_2() = %v, want %v", tt.args.doc.UnpackagedFiles[k], v) + } } } diff --git a/jsonloader/parser2v2/parse_other_license.go b/jsonloader/parser2v2/parse_other_license.go index de9e8f24..997ad025 100644 --- a/jsonloader/parser2v2/parse_other_license.go +++ b/jsonloader/parser2v2/parse_other_license.go @@ -34,7 +34,7 @@ func (spec JSONSpdxDocument) parseJsonOtherLicenses2_2(key string, value interfa } } default: - return fmt.Errorf("received unknown tag %v in Annotation section", k) + return fmt.Errorf("received unknown tag %v in Licenses section", k) } } doc.OtherLicenses = append(doc.OtherLicenses, &license) diff --git a/jsonloader/parser2v2/parse_other_license_test.go b/jsonloader/parser2v2/parse_other_license_test.go index 0ccee1cc..41d8ede9 100644 --- a/jsonloader/parser2v2/parse_other_license_test.go +++ b/jsonloader/parser2v2/parse_other_license_test.go @@ -45,9 +45,20 @@ func TestJSONSpdxDocument_parseJsonOtherLicenses2_2(t *testing.T) { }, } + otherLicensestest2 := []byte(`{ + "hasExtractedLicensingInfos":[{ + "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp unknown tag", + spec: specs2, + args: args{ + key: "hasExtractedLicensingInfos", + value: specs2["hasExtractedLicensingInfos"], + doc: &spdxDocument2_2{}, + }, + want: nil, + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -79,12 +101,13 @@ func TestJSONSpdxDocument_parseJsonOtherLicenses2_2(t *testing.T) { t.Errorf("JSONSpdxDocument.parseJsonOtherLicenses2_2() error = %v, wantErr %v", err, tt.wantErr) } - for i := 0; i < len(tt.want); i++ { - if !reflect.DeepEqual(tt.args.doc.OtherLicenses[i], tt.want[i]) { - t.Errorf("Load2_2() = %v, want %v", tt.args.doc.OtherLicenses[i], tt.want[i]) + if !tt.wantErr { + for i := 0; i < len(tt.want); i++ { + if !reflect.DeepEqual(tt.args.doc.OtherLicenses[i], tt.want[i]) { + t.Errorf("Load2_2() = %v, want %v", tt.args.doc.OtherLicenses[i], tt.want[i]) + } } } - }) } } From 87a00cd722af26fc0bbd0bf12d2c95809b2844aa Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Fri, 13 Aug 2021 22:25:15 +0530 Subject: [PATCH 29/31] Jsonsaver : order maintained while parsing snippets Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_snippets.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index 184f5575..d9b3a37f 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -3,6 +3,8 @@ package saver2v2 import ( + "sort" + "github.com/spdx/tools-golang/spdx" ) @@ -11,7 +13,15 @@ func renderSnippets2_2(doc *spdx.Document2_2, jsondocument map[string]interface{ var snippets []interface{} for _, value := range doc.UnpackagedFiles { snippet := make(map[string]interface{}) - for _, v := range value.Snippets { + + var keys []string + for ke := range value.Snippets { + keys = append(keys, string(ke)) + } + sort.Strings(keys) + for _, k := range keys { + v := value.Snippets[spdx.ElementID(k)] + // for _, v := range value.Snippets { snippet["SPDXID"] = spdx.RenderElementID(v.SnippetSPDXIdentifier) if v.SnippetComment != "" { snippet["comment"] = v.SnippetComment From e26f08da56be2c1412cdd7e3027a74cb2bd1c047 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Sun, 15 Aug 2021 22:58:03 +0530 Subject: [PATCH 30/31] Jsonsaver : Create a temporary storage for files instead of modifying original document Signed-off-by: Ujjwal Agarwal --- jsonsaver/saver2v2/save_document.go | 14 +++++++++----- jsonsaver/saver2v2/save_files.go | 7 +++---- jsonsaver/saver2v2/save_files_test.go | 2 +- jsonsaver/saver2v2/save_package.go | 4 ++-- jsonsaver/saver2v2/save_package_test.go | 2 +- jsonsaver/saver2v2/save_snippets.go | 5 ++--- jsonsaver/saver2v2/save_snippets_test.go | 2 +- 7 files changed, 19 insertions(+), 17 deletions(-) diff --git a/jsonsaver/saver2v2/save_document.go b/jsonsaver/saver2v2/save_document.go index 2a0e6b79..43ea9072 100644 --- a/jsonsaver/saver2v2/save_document.go +++ b/jsonsaver/saver2v2/save_document.go @@ -57,22 +57,26 @@ func RenderDocument2_2(doc *spdx.Document2_2, buf *bytes.Buffer) error { } jsondocument["documentDescribes"] = describesID } - + allfiles := make(map[spdx.ElementID]*spdx.File2_2) // save packages from spdx to json if doc.Packages != nil { - _, err = renderPackage2_2(doc, jsondocument) + _, err = renderPackage2_2(doc, jsondocument, allfiles) if err != nil { return err } } + for k, v := range doc.UnpackagedFiles { + allfiles[k] = v + } + // save files and snippets from spdx to json - if doc.UnpackagedFiles != nil { - _, err = renderFiles2_2(doc, jsondocument) + if allfiles != nil { + _, err = renderFiles2_2(doc, jsondocument, allfiles) if err != nil { return err } - _, err = renderSnippets2_2(doc, jsondocument) + _, err = renderSnippets2_2(jsondocument, allfiles) if err != nil { return err } diff --git a/jsonsaver/saver2v2/save_files.go b/jsonsaver/saver2v2/save_files.go index d866fd31..29ea5767 100644 --- a/jsonsaver/saver2v2/save_files.go +++ b/jsonsaver/saver2v2/save_files.go @@ -8,18 +8,17 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { +func renderFiles2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { var keys []string - for ke := range doc.UnpackagedFiles { + for ke := range allfiles { keys = append(keys, string(ke)) } sort.Strings(keys) var files []interface{} - // for k, v := range doc.UnpackagedFiles { for _, k := range keys { - v := doc.UnpackagedFiles[spdx.ElementID(k)] + v := allfiles[spdx.ElementID(k)] file := make(map[string]interface{}) file["SPDXID"] = spdx.RenderElementID(spdx.ElementID(k)) ann, _ := renderAnnotations2_2(doc.Annotations, spdx.MakeDocElementID("", string(v.FileSPDXIdentifier))) diff --git a/jsonsaver/saver2v2/save_files_test.go b/jsonsaver/saver2v2/save_files_test.go index fbc6ba1c..baa6f452 100644 --- a/jsonsaver/saver2v2/save_files_test.go +++ b/jsonsaver/saver2v2/save_files_test.go @@ -132,7 +132,7 @@ func Test_renderFiles2_2(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := renderFiles2_2(tt.args.doc, tt.args.jsondocument) + got, err := renderFiles2_2(tt.args.doc, tt.args.jsondocument, tt.args.doc.UnpackagedFiles) if (err != nil) != tt.wantErr { t.Errorf("renderFiles2_2() error = %v, wantErr %v", err, tt.wantErr) } diff --git a/jsonsaver/saver2v2/save_package.go b/jsonsaver/saver2v2/save_package.go index ab96045b..042e5fbd 100644 --- a/jsonsaver/saver2v2/save_package.go +++ b/jsonsaver/saver2v2/save_package.go @@ -9,7 +9,7 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { +func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { var packages []interface{} @@ -82,7 +82,7 @@ func renderPackage2_2(doc *spdx.Document2_2, jsondocument map[string]interface{} if v.Files != nil { var fileIds []string for k, v := range v.Files { - doc.UnpackagedFiles[k] = v + allfiles[k] = v fileIds = append(fileIds, spdx.RenderElementID(k)) } pkg["hasFiles"] = fileIds diff --git a/jsonsaver/saver2v2/save_package_test.go b/jsonsaver/saver2v2/save_package_test.go index 451fd8f5..ad8c69a9 100644 --- a/jsonsaver/saver2v2/save_package_test.go +++ b/jsonsaver/saver2v2/save_package_test.go @@ -206,7 +206,7 @@ func Test_renderPackage2_2(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := renderPackage2_2(tt.args.doc, tt.args.jsondocument) + got, err := renderPackage2_2(tt.args.doc, tt.args.jsondocument, make(map[spdx.ElementID]*spdx.File2_2)) if (err != nil) != tt.wantErr { t.Errorf("renderPackage2_2() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/jsonsaver/saver2v2/save_snippets.go b/jsonsaver/saver2v2/save_snippets.go index d9b3a37f..6a4bdacc 100644 --- a/jsonsaver/saver2v2/save_snippets.go +++ b/jsonsaver/saver2v2/save_snippets.go @@ -8,10 +8,10 @@ import ( "github.com/spdx/tools-golang/spdx" ) -func renderSnippets2_2(doc *spdx.Document2_2, jsondocument map[string]interface{}) ([]interface{}, error) { +func renderSnippets2_2(jsondocument map[string]interface{}, allfiles map[spdx.ElementID]*spdx.File2_2) ([]interface{}, error) { var snippets []interface{} - for _, value := range doc.UnpackagedFiles { + for _, value := range allfiles { snippet := make(map[string]interface{}) var keys []string @@ -21,7 +21,6 @@ func renderSnippets2_2(doc *spdx.Document2_2, jsondocument map[string]interface{ sort.Strings(keys) for _, k := range keys { v := value.Snippets[spdx.ElementID(k)] - // for _, v := range value.Snippets { snippet["SPDXID"] = spdx.RenderElementID(v.SnippetSPDXIdentifier) if v.SnippetComment != "" { snippet["comment"] = v.SnippetComment diff --git a/jsonsaver/saver2v2/save_snippets_test.go b/jsonsaver/saver2v2/save_snippets_test.go index cd7df13b..b0d2bce7 100644 --- a/jsonsaver/saver2v2/save_snippets_test.go +++ b/jsonsaver/saver2v2/save_snippets_test.go @@ -102,7 +102,7 @@ func Test_renderSnippets2_2(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := renderSnippets2_2(tt.args.doc, tt.args.jsondocument) + got, err := renderSnippets2_2(tt.args.jsondocument, tt.args.doc.UnpackagedFiles) if (err != nil) != tt.wantErr { t.Errorf("renderSnippets2_2() error = %v, wantErr %v", err, tt.wantErr) return From 9afa5fe2d34ffb0dca6671e7087d17a554e68236 Mon Sep 17 00:00:00 2001 From: Ujjwal Agarwal Date: Mon, 16 Aug 2021 09:28:27 +0530 Subject: [PATCH 31/31] Docs : Add docs for jsonparser and jsonsaver Signed-off-by: Ujjwal Agarwal --- docs/jsonloader.md | 24 ++++++++++++++++++++++++ docs/jsonsaver.md | 28 ++++++++++++++++++++++++++++ jsonsaver/jsonsaver.go | 2 ++ jsonsaver/jsonsaver_test.go | 2 ++ 4 files changed, 56 insertions(+) create mode 100644 docs/jsonloader.md create mode 100644 docs/jsonsaver.md diff --git a/docs/jsonloader.md b/docs/jsonloader.md new file mode 100644 index 00000000..047c4b74 --- /dev/null +++ b/docs/jsonloader.md @@ -0,0 +1,24 @@ +SPDX-License-Identifier: CC-BY-4.0 + +## Working + +A UnmarshallJSON function on the spdx.Document2_2 struct is defined so that when the JSON is unmarshalled in it the function is called and we can implement the process in a custom way . Then a new map[string]interface{} is deifined which temporarily holds the unmarshalled json . The map is then parsed into the spdx.Document2_2 using functions defined for it’s different sections . + +JSON → map[string]interface{} → spdx.Document2_2 + +## Some Key Points + +- The packages have a property "hasFiles" defined in the schema which is an array of the SPDX Identifiers of the files of that pacakge . The parses first parses all the files into the Unpackaged files map of the document and then when it parses the packages , it removes the respective files from the unpackaged files map and places it inside the files map of that package . + +- The snippets have a property "snippetFromFile" which has the SPDX identiifer of the file to which the snippet is related . Thus the snippets require the files to be parsed before them . Then the snippets are parsed one by one and inserted into the respective files using this property . + + +The json file loader in `package jsonloader` makes the following assumptions: + + +### Order of appearance of the properties +* The parser does not make any pre-assumptions based on the order in which the properties appear . + + +### Annotations +* The json spdx schema does not define the SPDX Identifier property for the annotation object . The parser assumes the spdx Identifier of the parent property of the currently being parsed annotation array to be the SPDX Identifer for all the annotation objects of that array. \ No newline at end of file diff --git a/docs/jsonsaver.md b/docs/jsonsaver.md new file mode 100644 index 00000000..8531cd3e --- /dev/null +++ b/docs/jsonsaver.md @@ -0,0 +1,28 @@ +SPDX-License-Identifier: CC-BY-4.0 + +## Working + +The spdx document is converted to map[string]interface{} and then the entire map is converted to json using a single json Marshall function call . The saver uses a tempoarary storage to store all the files (Paackaged and Unpackaged) together in a single data structure in order to comply with the json schema defined by spdx . + +spdx.Document2_2 → map[string]interface{} → JSON + +## Some Key Points + +- The packages have a property "hasFiles" defined in the schema which is an array of the SPDX Identifiers of the files of that pacakge . The saver iterates through the files of a package and inserted all the SPDX Identifiers of the files in the "hasFiles" array . In addition it adds the file to a temporary storage map to store all the files of the entire document at a single place . + +- The files require the packages to be saved before them in order to ensure that the packaged files are added to the temporary storage before the files are saved . + +- The snippets are saved after the files and a property "snippetFromFile" identifies the file of the snippets. + +The json file loader in `package jsonsaver` makes the following assumptions: + + +### Order of appearance of the properties +* The saver does not make any pre-assumptions based on the order in which the properties are saved . + + +### Annotations +* The json spdx schema does not define the SPDX Identifier property for the annotation object . The saver inserts the annotation inside the element who spdx identifier mathches the annotation SPDX identifier . + +### Indentation +* The jsonsaver uses the marshall indent function with "" as he prefix and "\t" as the indent character , passed as funtion parameters . \ No newline at end of file diff --git a/jsonsaver/jsonsaver.go b/jsonsaver/jsonsaver.go index 11ee58d7..4748e16c 100644 --- a/jsonsaver/jsonsaver.go +++ b/jsonsaver/jsonsaver.go @@ -1,3 +1,5 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + package jsonsaver import ( diff --git a/jsonsaver/jsonsaver_test.go b/jsonsaver/jsonsaver_test.go index 79926067..3d5daa93 100644 --- a/jsonsaver/jsonsaver_test.go +++ b/jsonsaver/jsonsaver_test.go @@ -1,3 +1,5 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + package jsonsaver import (