From 4926dd7501ce63e37a7e19cb2bf943932a7c5efd Mon Sep 17 00:00:00 2001
From: "jiyeong.seok" <jiyeong.seok@lge.com>
Date: Tue, 8 Oct 2024 10:52:54 +0900
Subject: [PATCH] Fix the spdx bug

Signed-off-by: jiyeong.seok <jiyeong.seok@lge.com>
---
 src/fosslight_util/oss_item.py   | 17 +++++++++++++++++
 src/fosslight_util/write_spdx.py |  9 +++++++++
 2 files changed, 26 insertions(+)

diff --git a/src/fosslight_util/oss_item.py b/src/fosslight_util/oss_item.py
index c95ce90..c31eab7 100644
--- a/src/fosslight_util/oss_item.py
+++ b/src/fosslight_util/oss_item.py
@@ -5,6 +5,7 @@
 
 import logging
 import os
+import hashlib
 from fosslight_util.constant import LOGGER_NAME, FOSSLIGHT_SCANNER
 from fosslight_util.cover import CoverItem
 from typing import List, Dict
@@ -171,6 +172,22 @@ def get_print_json(self):
         return items
 
 
+def get_checksum_sha1(source_name_or_path) -> str:
+    checksum = CHECKSUM_NULL
+    try:
+        checksum = str(hashlib.sha1(source_name_or_path.encode()).hexdigest())
+    except Exception:
+        try:
+            f = open(source_name_or_path, "rb")
+            byte = f.read()
+            checksum = str(hashlib.sha1(byte).hexdigest())
+            f.close()
+        except Exception as ex:
+            _logger.info(f"(Error) Get_checksum: {ex}")
+
+    return checksum
+
+
 def invalid(cmd):
     _logger.info('[{}] is invalid'.format(cmd))
 
diff --git a/src/fosslight_util/write_spdx.py b/src/fosslight_util/write_spdx.py
index fed9137..faf9683 100644
--- a/src/fosslight_util/write_spdx.py
+++ b/src/fosslight_util/write_spdx.py
@@ -12,6 +12,7 @@
 from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
 from fosslight_util.constant import (LOGGER_NAME, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SCANNER,
                                      FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE)
+from fosslight_util.oss_item import CHECKSUM_NULL, get_checksum_sha1
 import traceback
 
 logger = logging.getLogger(LOGGER_NAME)
@@ -85,6 +86,14 @@ def write_spdx(output_file_without_ext, output_extension, scan_item, spdx_versio
                 for file_item in file_items:
                     file = ''  # file의 license, copyright은 oss item에서 append
                     if scanner_name in [FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE]:
+                        if file_item.exclude:
+                            continue
+                        if file_item.checksum == CHECKSUM_NULL:
+                            if os.path.exists(file_item.source_name_or_path):
+                                file_item.checksum = get_checksum_sha1(file_item.source_name_or_path)
+                            if file_item.checksum == CHECKSUM_NULL:
+                                logger.info(f'Failed to get checksum, Skip: {file_item.source_name_or_path}')
+                                continue
                         file_id += 1
                         file = File(name=file_item.source_name_or_path,
                                     spdx_id=f'SPDXRef-File{file_id}',