From 21596cee2da3190a4b3b769b602bc01755154aa6 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar Date: Wed, 11 Nov 2020 20:41:50 +0530 Subject: [PATCH 1/5] Update gordf Module Path - changed gordf library path from github.com/RishabhBhatnagar/gordf to github.com/spdx/gordf Signed-off-by: Rishabh Bhatnagar --- rdfloader/parser2v2/constants.go | 2 +- rdfloader/parser2v2/license_utils.go | 2 +- rdfloader/parser2v2/parse_annotation.go | 2 +- rdfloader/parser2v2/parse_creation_info.go | 2 +- rdfloader/parser2v2/parse_file.go | 2 +- rdfloader/parser2v2/parse_file_test.go | 6 +++--- rdfloader/parser2v2/parse_license.go | 4 ++-- rdfloader/parser2v2/parse_license_test.go | 2 +- rdfloader/parser2v2/parse_other_license_info.go | 4 ++-- rdfloader/parser2v2/parse_other_license_info_test.go | 2 +- rdfloader/parser2v2/parse_package.go | 2 +- rdfloader/parser2v2/parse_package_test.go | 2 +- rdfloader/parser2v2/parse_relationship.go | 4 ++-- rdfloader/parser2v2/parse_relationship_test.go | 2 +- rdfloader/parser2v2/parse_review.go | 2 +- rdfloader/parser2v2/parse_snippet_info.go | 4 ++-- rdfloader/parser2v2/parse_snippet_info_test.go | 2 +- rdfloader/parser2v2/parse_spdx_document.go | 2 +- rdfloader/parser2v2/parse_spdx_document_test.go | 2 +- rdfloader/parser2v2/parser.go | 4 ++-- rdfloader/parser2v2/types.go | 2 +- rdfloader/parser2v2/utils.go | 6 +++--- rdfloader/parser2v2/utils_test.go | 2 +- rdfloader/rdfloader.go | 2 +- 24 files changed, 33 insertions(+), 33 deletions(-) diff --git a/rdfloader/parser2v2/constants.go b/rdfloader/parser2v2/constants.go index 063f2b8f..5df1f16b 100644 --- a/rdfloader/parser2v2/constants.go +++ b/rdfloader/parser2v2/constants.go @@ -1,6 +1,6 @@ package parser2v2 -import "github.com/RishabhBhatnagar/gordf/rdfloader/parser" +import "github.com/spdx/gordf/rdfloader/parser" var ( // NAMESPACES diff --git a/rdfloader/parser2v2/license_utils.go b/rdfloader/parser2v2/license_utils.go index 2641b279..1777d982 100644 --- a/rdfloader/parser2v2/license_utils.go +++ b/rdfloader/parser2v2/license_utils.go @@ -2,7 +2,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "strings" ) diff --git a/rdfloader/parser2v2/parse_annotation.go b/rdfloader/parser2v2/parse_annotation.go index 01a6b663..92a56100 100644 --- a/rdfloader/parser2v2/parse_annotation.go +++ b/rdfloader/parser2v2/parse_annotation.go @@ -5,7 +5,7 @@ package parser2v2 import ( "errors" "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/parse_creation_info.go b/rdfloader/parser2v2/parse_creation_info.go index 63efd005..45c39b10 100644 --- a/rdfloader/parser2v2/parse_creation_info.go +++ b/rdfloader/parser2v2/parse_creation_info.go @@ -4,7 +4,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/parse_file.go b/rdfloader/parser2v2/parse_file.go index 267df7e0..6a37cccd 100644 --- a/rdfloader/parser2v2/parse_file.go +++ b/rdfloader/parser2v2/parse_file.go @@ -4,7 +4,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" "strings" ) diff --git a/rdfloader/parser2v2/parse_file_test.go b/rdfloader/parser2v2/parse_file_test.go index 0d7022aa..ae1522fb 100644 --- a/rdfloader/parser2v2/parse_file_test.go +++ b/rdfloader/parser2v2/parse_file_test.go @@ -2,9 +2,9 @@ package parser2v2 import ( "bufio" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - rdfloader2 "github.com/RishabhBhatnagar/gordf/rdfloader/xmlreader" - gordfWriter "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + rdfloader2 "github.com/spdx/gordf/rdfloader/xmlreader" + gordfWriter "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" "strings" "testing" diff --git a/rdfloader/parser2v2/parse_license.go b/rdfloader/parser2v2/parse_license.go index 97ebc76c..643543d9 100644 --- a/rdfloader/parser2v2/parse_license.go +++ b/rdfloader/parser2v2/parse_license.go @@ -4,8 +4,8 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/gordf/rdfwriter" "strings" ) diff --git a/rdfloader/parser2v2/parse_license_test.go b/rdfloader/parser2v2/parse_license_test.go index 5a8efbbc..d6dde8a3 100644 --- a/rdfloader/parser2v2/parse_license_test.go +++ b/rdfloader/parser2v2/parse_license_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "reflect" "sort" "testing" diff --git a/rdfloader/parser2v2/parse_other_license_info.go b/rdfloader/parser2v2/parse_other_license_info.go index 506a6db5..e7d1367a 100644 --- a/rdfloader/parser2v2/parse_other_license_info.go +++ b/rdfloader/parser2v2/parse_other_license_info.go @@ -4,8 +4,8 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/parse_other_license_info_test.go b/rdfloader/parser2v2/parse_other_license_info_test.go index 286438e6..848731ed 100644 --- a/rdfloader/parser2v2/parse_other_license_info_test.go +++ b/rdfloader/parser2v2/parse_other_license_info_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "reflect" "testing" ) diff --git a/rdfloader/parser2v2/parse_package.go b/rdfloader/parser2v2/parse_package.go index 9cff68c4..20047a61 100644 --- a/rdfloader/parser2v2/parse_package.go +++ b/rdfloader/parser2v2/parse_package.go @@ -4,7 +4,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" "strings" ) diff --git a/rdfloader/parser2v2/parse_package_test.go b/rdfloader/parser2v2/parse_package_test.go index bc16ea9b..3313ccce 100644 --- a/rdfloader/parser2v2/parse_package_test.go +++ b/rdfloader/parser2v2/parse_package_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" "reflect" "testing" diff --git a/rdfloader/parser2v2/parse_relationship.go b/rdfloader/parser2v2/parse_relationship.go index b2ccf2f0..0009abf2 100644 --- a/rdfloader/parser2v2/parse_relationship.go +++ b/rdfloader/parser2v2/parse_relationship.go @@ -4,8 +4,8 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" "strings" ) diff --git a/rdfloader/parser2v2/parse_relationship_test.go b/rdfloader/parser2v2/parse_relationship_test.go index da500e11..89ae58d2 100644 --- a/rdfloader/parser2v2/parse_relationship_test.go +++ b/rdfloader/parser2v2/parse_relationship_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - "github.com/RishabhBhatnagar/gordf/rdfwriter" + "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" "reflect" "testing" diff --git a/rdfloader/parser2v2/parse_review.go b/rdfloader/parser2v2/parse_review.go index a58a6834..437042d5 100644 --- a/rdfloader/parser2v2/parse_review.go +++ b/rdfloader/parser2v2/parse_review.go @@ -4,7 +4,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/parse_snippet_info.go b/rdfloader/parser2v2/parse_snippet_info.go index 25096cbc..d56cd7b2 100644 --- a/rdfloader/parser2v2/parse_snippet_info.go +++ b/rdfloader/parser2v2/parse_snippet_info.go @@ -4,8 +4,8 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" "strconv" ) diff --git a/rdfloader/parser2v2/parse_snippet_info_test.go b/rdfloader/parser2v2/parse_snippet_info_test.go index 71edd101..17d7af30 100644 --- a/rdfloader/parser2v2/parse_snippet_info_test.go +++ b/rdfloader/parser2v2/parse_snippet_info_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" "testing" ) diff --git a/rdfloader/parser2v2/parse_spdx_document.go b/rdfloader/parser2v2/parse_spdx_document.go index 8ce7ded5..c6b9b198 100644 --- a/rdfloader/parser2v2/parse_spdx_document.go +++ b/rdfloader/parser2v2/parse_spdx_document.go @@ -4,7 +4,7 @@ package parser2v2 import ( "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/parse_spdx_document_test.go b/rdfloader/parser2v2/parse_spdx_document_test.go index 7372ef08..0228b9e9 100644 --- a/rdfloader/parser2v2/parse_spdx_document_test.go +++ b/rdfloader/parser2v2/parse_spdx_document_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "testing" ) diff --git a/rdfloader/parser2v2/parser.go b/rdfloader/parser2v2/parser.go index 34f5b3a3..3b0fac90 100644 --- a/rdfloader/parser2v2/parser.go +++ b/rdfloader/parser2v2/parser.go @@ -5,8 +5,8 @@ package parser2v2 import ( "errors" "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - gordfWriter "github.com/RishabhBhatnagar/gordf/rdfwriter" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + gordfWriter "github.com/spdx/gordf/rdfwriter" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/types.go b/rdfloader/parser2v2/types.go index eb3b31dc..6667f609 100644 --- a/rdfloader/parser2v2/types.go +++ b/rdfloader/parser2v2/types.go @@ -3,7 +3,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" ) diff --git a/rdfloader/parser2v2/utils.go b/rdfloader/parser2v2/utils.go index 4ec8426e..e2320b87 100644 --- a/rdfloader/parser2v2/utils.go +++ b/rdfloader/parser2v2/utils.go @@ -3,9 +3,9 @@ package parser2v2 import ( "errors" "fmt" - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" - "github.com/RishabhBhatnagar/gordf/rdfwriter" - urilib "github.com/RishabhBhatnagar/gordf/uri" + gordfParser "github.com/spdx/gordf/rdfloader/parser" + "github.com/spdx/gordf/rdfwriter" + urilib "github.com/spdx/gordf/uri" "github.com/spdx/tools-golang/spdx" "strings" ) diff --git a/rdfloader/parser2v2/utils_test.go b/rdfloader/parser2v2/utils_test.go index 10120601..3d7c2be3 100644 --- a/rdfloader/parser2v2/utils_test.go +++ b/rdfloader/parser2v2/utils_test.go @@ -1,7 +1,7 @@ package parser2v2 import ( - gordfParser "github.com/RishabhBhatnagar/gordf/rdfloader/parser" + gordfParser "github.com/spdx/gordf/rdfloader/parser" "github.com/spdx/tools-golang/spdx" "reflect" "testing" diff --git a/rdfloader/rdfloader.go b/rdfloader/rdfloader.go index 26a0f010..db6084ab 100644 --- a/rdfloader/rdfloader.go +++ b/rdfloader/rdfloader.go @@ -1,7 +1,7 @@ package rdfloader import ( - "github.com/RishabhBhatnagar/gordf/rdfloader" + "github.com/spdx/gordf/rdfloader" "github.com/spdx/tools-golang/rdfloader/parser2v2" "github.com/spdx/tools-golang/spdx" "io" From 76cc89f86a8c8ea61136836bed7291dfea6c7bd2 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Sun, 8 Nov 2020 15:47:20 -0500 Subject: [PATCH 2/5] Expand external document ref data structure Signed-off-by: Steve Winslow --- spdx/creation_info.go | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/spdx/creation_info.go b/spdx/creation_info.go index d256a42e..a2b82b0b 100644 --- a/spdx/creation_info.go +++ b/spdx/creation_info.go @@ -28,7 +28,7 @@ type CreationInfo2_1 struct { // 2.6: External Document References // Cardinality: optional, one or many - ExternalDocumentReferences []string + ExternalDocumentReferences map[string]ExternalDocumentRef2_1 // 2.7: License List Version // Cardinality: optional, one @@ -54,6 +54,25 @@ type CreationInfo2_1 struct { DocumentComment string } +// ExternalDocumentRef2_1 is a reference to an external SPDX document +// as defined in section 2.6 for version 2.1 of the spec. +type ExternalDocumentRef2_1 struct { + + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string + + // URI is the URI defined for the external document + URI string + + // Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256" + Alg string + + // Checksum is the actual hash data + Checksum string +} + // CreationInfo2_2 is a Document Creation Information section of an // SPDX Document for version 2.2 of the spec. type CreationInfo2_2 struct { @@ -80,7 +99,7 @@ type CreationInfo2_2 struct { // 2.6: External Document References // Cardinality: optional, one or many - ExternalDocumentReferences []string + ExternalDocumentReferences map[string]ExternalDocumentRef2_2 // 2.7: License List Version // Cardinality: optional, one @@ -105,3 +124,22 @@ type CreationInfo2_2 struct { // Cardinality: optional, one DocumentComment string } + +// ExternalDocumentRef2_2 is a reference to an external SPDX document +// as defined in section 2.6 for version 2.2 of the spec. +type ExternalDocumentRef2_2 struct { + + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string + + // URI is the URI defined for the external document + URI string + + // Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256" + Alg string + + // Checksum is the actual hash data + Checksum string +} From b98a1d216d85dbd7258026c3a4a14e91ffdc1950 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Sun, 8 Nov 2020 15:47:38 -0500 Subject: [PATCH 3/5] Fix parsing for expanded external document refs Signed-off-by: Steve Winslow --- tvloader/parser2v1/parse_creation_info.go | 71 +++++++++++- .../parser2v1/parse_creation_info_test.go | 104 +++++++++++++++++- tvloader/parser2v2/parse_creation_info.go | 71 +++++++++++- .../parser2v2/parse_creation_info_test.go | 104 +++++++++++++++++- 4 files changed, 336 insertions(+), 14 deletions(-) diff --git a/tvloader/parser2v1/parse_creation_info.go b/tvloader/parser2v1/parse_creation_info.go index b02b5c0f..44d1dfc5 100644 --- a/tvloader/parser2v1/parse_creation_info.go +++ b/tvloader/parser2v1/parse_creation_info.go @@ -4,6 +4,7 @@ package parser2v1 import ( "fmt" + "strings" "github.com/spdx/tools-golang/spdx" ) @@ -16,7 +17,9 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string // create an SPDX Creation Info data struct if we don't have one already if parser.doc.CreationInfo == nil { - parser.doc.CreationInfo = &spdx.CreationInfo2_1{} + parser.doc.CreationInfo = &spdx.CreationInfo2_1{ + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_1{}, + } } ci := parser.doc.CreationInfo @@ -32,7 +35,17 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string case "DocumentNamespace": ci.DocumentNamespace = value case "ExternalDocumentRef": - ci.ExternalDocumentReferences = append(ci.ExternalDocumentReferences, value) + documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) + if err != nil { + return err + } + edr := spdx.ExternalDocumentRef2_1{ + DocumentRefID: documentRefID, + URI: uri, + Alg: alg, + Checksum: checksum, + } + ci.ExternalDocumentReferences[documentRefID] = edr case "LicenseListVersion": ci.LicenseListVersion = value case "Creator": @@ -105,3 +118,57 @@ func (parser *tvParser2_1) parsePairFromCreationInfo2_1(tag string, value string return nil } + +// ===== Helper functions ===== + +func extractExternalDocumentReference(value string) (string, string, string, string, error) { + sp := strings.Split(value, " ") + // remove any that are just whitespace + keepSp := []string{} + for _, s := range sp { + ss := strings.TrimSpace(s) + if ss != "" { + keepSp = append(keepSp, ss) + } + } + + var documentRefID, uri, alg, checksum string + + // now, should have 4 items (or 3, if Alg and Checksum were joined) + // and should be able to map them + if len(keepSp) == 4 { + documentRefID = keepSp[0] + uri = keepSp[1] + alg = keepSp[2] + // check that colon is present for alg, and remove it + if !strings.HasSuffix(alg, ":") { + return "", "", "", "", fmt.Errorf("algorithm does not end with colon") + } + alg = strings.TrimSuffix(alg, ":") + checksum = keepSp[3] + } else if len(keepSp) == 3 { + documentRefID = keepSp[0] + uri = keepSp[1] + // split on colon into alg and checksum + parts := strings.SplitN(keepSp[2], ":", 2) + if len(parts) != 2 { + return "", "", "", "", fmt.Errorf("missing colon separator between algorithm and checksum") + } + alg = parts[0] + checksum = parts[1] + } else { + return "", "", "", "", fmt.Errorf("expected 4 elements, got %d", len(keepSp)) + } + + // additionally, we should be able to parse the first element as a + // DocumentRef- ID string, and we should remove that prefix + if !strings.HasPrefix(documentRefID, "DocumentRef-") { + return "", "", "", "", fmt.Errorf("expected first element to have DocumentRef- prefix") + } + documentRefID = strings.TrimPrefix(documentRefID, "DocumentRef-") + if documentRefID == "" { + return "", "", "", "", fmt.Errorf("document identifier has nothing after prefix") + } + + return documentRefID, uri, alg, checksum, nil +} diff --git a/tvloader/parser2v1/parse_creation_info_test.go b/tvloader/parser2v1/parse_creation_info_test.go index f21cfd15..c8741def 100644 --- a/tvloader/parser2v1/parse_creation_info_test.go +++ b/tvloader/parser2v1/parse_creation_info_test.go @@ -242,7 +242,19 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { // External Document Reference refs := []string{ "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759", - "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2760", + "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2760", + } + wantRef0 := spdx.ExternalDocumentRef2_1{ + DocumentRefID: "spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", + } + wantRef1 := spdx.ExternalDocumentRef2_1{ + DocumentRefID: "xyz-2.1.2", + URI: "http://example.com/xyz-2.1.2", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2760", } err = parser.parsePairFromCreationInfo2_1("ExternalDocumentRef", refs[0]) if err != nil { @@ -252,10 +264,22 @@ func TestParser2_1CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 || - parser.doc.CreationInfo.ExternalDocumentReferences[0] != refs[0] || - parser.doc.CreationInfo.ExternalDocumentReferences[1] != refs[1] { - t.Errorf("got %v for ExternalDocumentReferences", parser.doc.CreationInfo.ExternalDocumentReferences) + if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 { + t.Errorf("got %d ExternalDocumentReferences, expected %d", len(parser.doc.CreationInfo.ExternalDocumentReferences), 2) + } + gotRef0 := parser.doc.CreationInfo.ExternalDocumentReferences["spdx-tool-1.2"] + if gotRef0.DocumentRefID != wantRef0.DocumentRefID || + gotRef0.URI != wantRef0.URI || + gotRef0.Alg != wantRef0.Alg || + gotRef0.Checksum != wantRef0.Checksum { + t.Errorf("got %#v for ExternalDocumentReferences[0], wanted %#v", gotRef0, wantRef0) + } + gotRef1 := parser.doc.CreationInfo.ExternalDocumentReferences["xyz-2.1.2"] + if gotRef1.DocumentRefID != wantRef1.DocumentRefID || + gotRef1.URI != wantRef1.URI || + gotRef1.Alg != wantRef1.Alg || + gotRef1.Checksum != wantRef1.Checksum { + t.Errorf("got %#v for ExternalDocumentReferences[1], wanted %#v", gotRef1, wantRef1) } // License List Version @@ -429,3 +453,73 @@ func TestParser2_1CICreatesAnnotation(t *testing.T) { t.Errorf("pointer to new Annotation doesn't match idx 0 for doc.Annotations[]") } } + +// ===== Helper function tests ===== + +func TestCanExtractExternalDocumentReference(t *testing.T) { + refstring := "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759" + wantDocumentRefID := "spdx-tool-1.2" + wantURI := "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + wantAlg := "SHA1" + wantChecksum := "d6a770ba38583ed4bb4525bd96e50461655d2759" + + gotDocumentRefID, gotURI, gotAlg, gotChecksum, err := extractExternalDocumentReference(refstring) + if err != nil { + t.Errorf("got non-nil error: %v", err) + } + if wantDocumentRefID != gotDocumentRefID { + t.Errorf("wanted document ref ID %s, got %s", wantDocumentRefID, gotDocumentRefID) + } + if wantURI != gotURI { + t.Errorf("wanted URI %s, got %s", wantURI, gotURI) + } + if wantAlg != gotAlg { + t.Errorf("wanted alg %s, got %s", wantAlg, gotAlg) + } + if wantChecksum != gotChecksum { + t.Errorf("wanted checksum %s, got %s", wantChecksum, gotChecksum) + } +} + +func TestCanExtractExternalDocumentReferenceWithExtraWhitespace(t *testing.T) { + refstring := " DocumentRef-spdx-tool-1.2 \t http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 \t SHA1: \t d6a770ba38583ed4bb4525bd96e50461655d2759" + wantDocumentRefID := "spdx-tool-1.2" + wantURI := "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + wantAlg := "SHA1" + wantChecksum := "d6a770ba38583ed4bb4525bd96e50461655d2759" + + gotDocumentRefID, gotURI, gotAlg, gotChecksum, err := extractExternalDocumentReference(refstring) + if err != nil { + t.Errorf("got non-nil error: %v", err) + } + if wantDocumentRefID != gotDocumentRefID { + t.Errorf("wanted document ref ID %s, got %s", wantDocumentRefID, gotDocumentRefID) + } + if wantURI != gotURI { + t.Errorf("wanted URI %s, got %s", wantURI, gotURI) + } + if wantAlg != gotAlg { + t.Errorf("wanted alg %s, got %s", wantAlg, gotAlg) + } + if wantChecksum != gotChecksum { + t.Errorf("wanted checksum %s, got %s", wantChecksum, gotChecksum) + } +} + +func TestFailsExternalDocumentReferenceWithInvalidFormats(t *testing.T) { + invalidRefs := []string{ + "whoops", + "DocumentRef-", + "DocumentRef- ", + "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 d6a770ba38583ed4bb4525bd96e50461655d2759", + "DocumentRef-spdx-tool-1.2", + "spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759", + } + for _, refstring := range invalidRefs { + _, _, _, _, err := extractExternalDocumentReference(refstring) + if err == nil { + t.Errorf("expected non-nil error for %s, got nil", refstring) + } + } +} diff --git a/tvloader/parser2v2/parse_creation_info.go b/tvloader/parser2v2/parse_creation_info.go index 9c844045..e017c69a 100644 --- a/tvloader/parser2v2/parse_creation_info.go +++ b/tvloader/parser2v2/parse_creation_info.go @@ -4,6 +4,7 @@ package parser2v2 import ( "fmt" + "strings" "github.com/spdx/tools-golang/spdx" ) @@ -16,7 +17,9 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string // create an SPDX Creation Info data struct if we don't have one already if parser.doc.CreationInfo == nil { - parser.doc.CreationInfo = &spdx.CreationInfo2_2{} + parser.doc.CreationInfo = &spdx.CreationInfo2_2{ + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, + } } ci := parser.doc.CreationInfo @@ -32,7 +35,17 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string case "DocumentNamespace": ci.DocumentNamespace = value case "ExternalDocumentRef": - ci.ExternalDocumentReferences = append(ci.ExternalDocumentReferences, value) + documentRefID, uri, alg, checksum, err := extractExternalDocumentReference(value) + if err != nil { + return err + } + edr := spdx.ExternalDocumentRef2_2{ + DocumentRefID: documentRefID, + URI: uri, + Alg: alg, + Checksum: checksum, + } + ci.ExternalDocumentReferences[documentRefID] = edr case "LicenseListVersion": ci.LicenseListVersion = value case "Creator": @@ -105,3 +118,57 @@ func (parser *tvParser2_2) parsePairFromCreationInfo2_2(tag string, value string return nil } + +// ===== Helper functions ===== + +func extractExternalDocumentReference(value string) (string, string, string, string, error) { + sp := strings.Split(value, " ") + // remove any that are just whitespace + keepSp := []string{} + for _, s := range sp { + ss := strings.TrimSpace(s) + if ss != "" { + keepSp = append(keepSp, ss) + } + } + + var documentRefID, uri, alg, checksum string + + // now, should have 4 items (or 3, if Alg and Checksum were joined) + // and should be able to map them + if len(keepSp) == 4 { + documentRefID = keepSp[0] + uri = keepSp[1] + alg = keepSp[2] + // check that colon is present for alg, and remove it + if !strings.HasSuffix(alg, ":") { + return "", "", "", "", fmt.Errorf("algorithm does not end with colon") + } + alg = strings.TrimSuffix(alg, ":") + checksum = keepSp[3] + } else if len(keepSp) == 3 { + documentRefID = keepSp[0] + uri = keepSp[1] + // split on colon into alg and checksum + parts := strings.SplitN(keepSp[2], ":", 2) + if len(parts) != 2 { + return "", "", "", "", fmt.Errorf("missing colon separator between algorithm and checksum") + } + alg = parts[0] + checksum = parts[1] + } else { + return "", "", "", "", fmt.Errorf("expected 4 elements, got %d", len(keepSp)) + } + + // additionally, we should be able to parse the first element as a + // DocumentRef- ID string, and we should remove that prefix + if !strings.HasPrefix(documentRefID, "DocumentRef-") { + return "", "", "", "", fmt.Errorf("expected first element to have DocumentRef- prefix") + } + documentRefID = strings.TrimPrefix(documentRefID, "DocumentRef-") + if documentRefID == "" { + return "", "", "", "", fmt.Errorf("document identifier has nothing after prefix") + } + + return documentRefID, uri, alg, checksum, nil +} diff --git a/tvloader/parser2v2/parse_creation_info_test.go b/tvloader/parser2v2/parse_creation_info_test.go index 0be6110a..da298540 100644 --- a/tvloader/parser2v2/parse_creation_info_test.go +++ b/tvloader/parser2v2/parse_creation_info_test.go @@ -242,7 +242,19 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { // External Document Reference refs := []string{ "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759", - "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2760", + "DocumentRef-xyz-2.1.2 http://example.com/xyz-2.1.2 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2760", + } + wantRef0 := spdx.ExternalDocumentRef2_2{ + DocumentRefID: "spdx-tool-1.2", + URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2759", + } + wantRef1 := spdx.ExternalDocumentRef2_2{ + DocumentRefID: "xyz-2.1.2", + URI: "http://example.com/xyz-2.1.2", + Alg: "SHA1", + Checksum: "d6a770ba38583ed4bb4525bd96e50461655d2760", } err = parser.parsePairFromCreationInfo2_2("ExternalDocumentRef", refs[0]) if err != nil { @@ -252,10 +264,22 @@ func TestParser2_2CanParseCreationInfoTags(t *testing.T) { if err != nil { t.Errorf("expected nil error, got %v", err) } - if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 || - parser.doc.CreationInfo.ExternalDocumentReferences[0] != refs[0] || - parser.doc.CreationInfo.ExternalDocumentReferences[1] != refs[1] { - t.Errorf("got %v for ExternalDocumentReferences", parser.doc.CreationInfo.ExternalDocumentReferences) + if len(parser.doc.CreationInfo.ExternalDocumentReferences) != 2 { + t.Errorf("got %d ExternalDocumentReferences, expected %d", len(parser.doc.CreationInfo.ExternalDocumentReferences), 2) + } + gotRef0 := parser.doc.CreationInfo.ExternalDocumentReferences["spdx-tool-1.2"] + if gotRef0.DocumentRefID != wantRef0.DocumentRefID || + gotRef0.URI != wantRef0.URI || + gotRef0.Alg != wantRef0.Alg || + gotRef0.Checksum != wantRef0.Checksum { + t.Errorf("got %#v for ExternalDocumentReferences[0], wanted %#v", gotRef0, wantRef0) + } + gotRef1 := parser.doc.CreationInfo.ExternalDocumentReferences["xyz-2.1.2"] + if gotRef1.DocumentRefID != wantRef1.DocumentRefID || + gotRef1.URI != wantRef1.URI || + gotRef1.Alg != wantRef1.Alg || + gotRef1.Checksum != wantRef1.Checksum { + t.Errorf("got %#v for ExternalDocumentReferences[1], wanted %#v", gotRef1, wantRef1) } // License List Version @@ -429,3 +453,73 @@ func TestParser2_2CICreatesAnnotation(t *testing.T) { t.Errorf("pointer to new Annotation doesn't match idx 0 for doc.Annotations[]") } } + +// ===== Helper function tests ===== + +func TestCanExtractExternalDocumentReference(t *testing.T) { + refstring := "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759" + wantDocumentRefID := "spdx-tool-1.2" + wantURI := "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + wantAlg := "SHA1" + wantChecksum := "d6a770ba38583ed4bb4525bd96e50461655d2759" + + gotDocumentRefID, gotURI, gotAlg, gotChecksum, err := extractExternalDocumentReference(refstring) + if err != nil { + t.Errorf("got non-nil error: %v", err) + } + if wantDocumentRefID != gotDocumentRefID { + t.Errorf("wanted document ref ID %s, got %s", wantDocumentRefID, gotDocumentRefID) + } + if wantURI != gotURI { + t.Errorf("wanted URI %s, got %s", wantURI, gotURI) + } + if wantAlg != gotAlg { + t.Errorf("wanted alg %s, got %s", wantAlg, gotAlg) + } + if wantChecksum != gotChecksum { + t.Errorf("wanted checksum %s, got %s", wantChecksum, gotChecksum) + } +} + +func TestCanExtractExternalDocumentReferenceWithExtraWhitespace(t *testing.T) { + refstring := " DocumentRef-spdx-tool-1.2 \t http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 \t SHA1: \t d6a770ba38583ed4bb4525bd96e50461655d2759" + wantDocumentRefID := "spdx-tool-1.2" + wantURI := "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + wantAlg := "SHA1" + wantChecksum := "d6a770ba38583ed4bb4525bd96e50461655d2759" + + gotDocumentRefID, gotURI, gotAlg, gotChecksum, err := extractExternalDocumentReference(refstring) + if err != nil { + t.Errorf("got non-nil error: %v", err) + } + if wantDocumentRefID != gotDocumentRefID { + t.Errorf("wanted document ref ID %s, got %s", wantDocumentRefID, gotDocumentRefID) + } + if wantURI != gotURI { + t.Errorf("wanted URI %s, got %s", wantURI, gotURI) + } + if wantAlg != gotAlg { + t.Errorf("wanted alg %s, got %s", wantAlg, gotAlg) + } + if wantChecksum != gotChecksum { + t.Errorf("wanted checksum %s, got %s", wantChecksum, gotChecksum) + } +} + +func TestFailsExternalDocumentReferenceWithInvalidFormats(t *testing.T) { + invalidRefs := []string{ + "whoops", + "DocumentRef-", + "DocumentRef- ", + "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", + "DocumentRef-spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 d6a770ba38583ed4bb4525bd96e50461655d2759", + "DocumentRef-spdx-tool-1.2", + "spdx-tool-1.2 http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1:d6a770ba38583ed4bb4525bd96e50461655d2759", + } + for _, refstring := range invalidRefs { + _, _, _, _, err := extractExternalDocumentReference(refstring) + if err == nil { + t.Errorf("expected non-nil error for %s, got nil", refstring) + } + } +} From 5896dbaf2a29bc6279df83a9f48e66bfea600448 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Sun, 8 Nov 2020 16:06:08 -0500 Subject: [PATCH 4/5] Fix saving for expanded external document refs Signed-off-by: Steve Winslow --- tvsaver/saver2v1/save_creation_info.go | 13 +++++++++++-- tvsaver/saver2v1/save_creation_info_test.go | 16 +++++++++++++--- tvsaver/saver2v2/save_creation_info.go | 13 +++++++++++-- tvsaver/saver2v2/save_creation_info_test.go | 16 +++++++++++++--- 4 files changed, 48 insertions(+), 10 deletions(-) diff --git a/tvsaver/saver2v1/save_creation_info.go b/tvsaver/saver2v1/save_creation_info.go index 17e14c9e..6ea60860 100644 --- a/tvsaver/saver2v1/save_creation_info.go +++ b/tvsaver/saver2v1/save_creation_info.go @@ -5,6 +5,7 @@ package saver2v1 import ( "fmt" "io" + "sort" "github.com/spdx/tools-golang/spdx" ) @@ -25,8 +26,16 @@ func renderCreationInfo2_1(ci *spdx.CreationInfo2_1, w io.Writer) error { if ci.DocumentNamespace != "" { fmt.Fprintf(w, "DocumentNamespace: %s\n", ci.DocumentNamespace) } - for _, s := range ci.ExternalDocumentReferences { - fmt.Fprintf(w, "ExternalDocumentRef: %s\n", s) + // print EDRs in order sorted by identifier + edrIDs := []string{} + for docRefID := range ci.ExternalDocumentReferences { + edrIDs = append(edrIDs, docRefID) + } + sort.Strings(edrIDs) + for _, edrID := range edrIDs { + edr := ci.ExternalDocumentReferences[edrID] + fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", + edr.DocumentRefID, edr.URI, edr.Alg, edr.Checksum) } if ci.LicenseListVersion != "" { fmt.Fprintf(w, "LicenseListVersion: %s\n", ci.LicenseListVersion) diff --git a/tvsaver/saver2v1/save_creation_info_test.go b/tvsaver/saver2v1/save_creation_info_test.go index 3b961ecf..cec03c7c 100644 --- a/tvsaver/saver2v1/save_creation_info_test.go +++ b/tvsaver/saver2v1/save_creation_info_test.go @@ -17,9 +17,19 @@ func TestSaver2_1CISavesText(t *testing.T) { SPDXIdentifier: spdx.ElementID("DOCUMENT"), DocumentName: "spdx-go-0.0.1.abcdef", DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - ExternalDocumentReferences: []string{ - "DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567", - "DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568", + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_1{ + "spdx-go-0.0.1a": spdx.ExternalDocumentRef2_1{ + DocumentRefID: "spdx-go-0.0.1a", + URI: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever", + Alg: "SHA1", + Checksum: "0123456701234567012345670123456701234567", + }, + "time-1.2.3": spdx.ExternalDocumentRef2_1{ + DocumentRefID: "time-1.2.3", + URI: "https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever", + Alg: "SHA1", + Checksum: "0123456701234567012345670123456701234568", + }, }, LicenseListVersion: "2.0", CreatorPersons: []string{ diff --git a/tvsaver/saver2v2/save_creation_info.go b/tvsaver/saver2v2/save_creation_info.go index af9b9772..1492fb45 100644 --- a/tvsaver/saver2v2/save_creation_info.go +++ b/tvsaver/saver2v2/save_creation_info.go @@ -5,6 +5,7 @@ package saver2v2 import ( "fmt" "io" + "sort" "github.com/spdx/tools-golang/spdx" ) @@ -25,8 +26,16 @@ func renderCreationInfo2_2(ci *spdx.CreationInfo2_2, w io.Writer) error { if ci.DocumentNamespace != "" { fmt.Fprintf(w, "DocumentNamespace: %s\n", ci.DocumentNamespace) } - for _, s := range ci.ExternalDocumentReferences { - fmt.Fprintf(w, "ExternalDocumentRef: %s\n", s) + // print EDRs in order sorted by identifier + edrIDs := []string{} + for docRefID := range ci.ExternalDocumentReferences { + edrIDs = append(edrIDs, docRefID) + } + sort.Strings(edrIDs) + for _, edrID := range edrIDs { + edr := ci.ExternalDocumentReferences[edrID] + fmt.Fprintf(w, "ExternalDocumentRef: DocumentRef-%s %s %s:%s\n", + edr.DocumentRefID, edr.URI, edr.Alg, edr.Checksum) } if ci.LicenseListVersion != "" { fmt.Fprintf(w, "LicenseListVersion: %s\n", ci.LicenseListVersion) diff --git a/tvsaver/saver2v2/save_creation_info_test.go b/tvsaver/saver2v2/save_creation_info_test.go index 3e23c0b0..404abfe0 100644 --- a/tvsaver/saver2v2/save_creation_info_test.go +++ b/tvsaver/saver2v2/save_creation_info_test.go @@ -17,9 +17,19 @@ func TestSaver2_2CISavesText(t *testing.T) { SPDXIdentifier: spdx.ElementID("DOCUMENT"), DocumentName: "spdx-go-0.0.1.abcdef", DocumentNamespace: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1.abcdef.whatever", - ExternalDocumentReferences: []string{ - "DocumentRef-spdx-go-0.0.1a https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever SHA1:0123456701234567012345670123456701234567", - "DocumentRef-time-1.2.3 https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever SHA1:0123456701234567012345670123456701234568", + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{ + "spdx-go-0.0.1a": spdx.ExternalDocumentRef2_2{ + DocumentRefID: "spdx-go-0.0.1a", + URI: "https://github.com/swinslow/spdx-docs/spdx-go/spdx-go-0.0.1a.cdefab.whatever", + Alg: "SHA1", + Checksum: "0123456701234567012345670123456701234567", + }, + "time-1.2.3": spdx.ExternalDocumentRef2_2{ + DocumentRefID: "time-1.2.3", + URI: "https://github.com/swinslow/spdx-docs/time/time-1.2.3.cdefab.whatever", + Alg: "SHA1", + Checksum: "0123456701234567012345670123456701234568", + }, }, LicenseListVersion: "3.9", CreatorPersons: []string{ From 20e06832ced7051ddd4ad40fcfedacdc9b3c8abc Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar Date: Wed, 11 Nov 2020 20:56:55 +0530 Subject: [PATCH 5/5] Use Updated ExternalDocumentRef For RDFLoader - ExternalDocumentRef is now a struct instead of a coalesced string - Also, added dependency of github.com/spdx/gordf in go.mod file Signed-off-by: Rishabh Bhatnagar --- go.mod | 2 ++ rdfloader/parser2v2/parse_spdx_document.go | 24 +++++++++++----------- rdfloader/parser2v2/parser.go | 4 +++- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index c58bf987..416c181b 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module github.com/spdx/tools-golang go 1.13 + +require github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb diff --git a/rdfloader/parser2v2/parse_spdx_document.go b/rdfloader/parser2v2/parse_spdx_document.go index c6b9b198..e98fbf61 100644 --- a/rdfloader/parser2v2/parse_spdx_document.go +++ b/rdfloader/parser2v2/parse_spdx_document.go @@ -42,9 +42,12 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) ci.DocumentName = objectValue case SPDX_EXTERNAL_DOCUMENT_REF: // 2.6: externalDocumentReferences // cardinality: min 0 - var extRef string + var extRef spdx.ExternalDocumentRef2_2 extRef, err = parser.getExternalDocumentRefFromNode(subTriple.Object) - ci.ExternalDocumentReferences = append(ci.ExternalDocumentReferences, extRef) + if err != nil { + return err + } + ci.ExternalDocumentReferences[extRef.DocumentRefID] = extRef case SPDX_CREATION_INFO: // 2.7 - 2.10: // cardinality: exactly 1 err = parser.parseCreationInfoFromNode(ci, subTriple.Object) @@ -86,31 +89,28 @@ func (parser *rdfParser2_2) parseSpdxDocumentNode(spdxDocNode *gordfParser.Node) return nil } -func (parser *rdfParser2_2) getExternalDocumentRefFromNode(node *gordfParser.Node) (string, error) { - var docID, checksumValue, checksumAlgorithm, spdxDocument string - var err error +func (parser *rdfParser2_2) getExternalDocumentRefFromNode(node *gordfParser.Node) (edr spdx.ExternalDocumentRef2_2, err error) { for _, triple := range parser.nodeToTriples(node) { switch triple.Predicate.ID { case SPDX_EXTERNAL_DOCUMENT_ID: // cardinality: exactly 1 - docID = triple.Object.ID + edr.DocumentRefID = triple.Object.ID case SPDX_SPDX_DOCUMENT: // cardinality: exactly 1 // assumption: "spdxDocument" property of an external document // reference is just a uri which doesn't follow a spdxDocument definition - spdxDocument = triple.Object.ID + edr.URI = triple.Object.ID case SPDX_CHECKSUM: // cardinality: exactly 1 - checksumAlgorithm, checksumValue, err = parser.getChecksumFromNode(triple.Object) + edr.Alg, edr.Checksum, err = parser.getChecksumFromNode(triple.Object) if err != nil { - return "", err + return edr, err } case RDF_TYPE: continue default: - return "", fmt.Errorf("unknown predicate ID (%s) while parsing externalDocumentReference", triple.Predicate.ID) + return edr, fmt.Errorf("unknown predicate ID (%s) while parsing externalDocumentReference", triple.Predicate.ID) } } - // transform the variables into string form (same as that of tag-value). - return fmt.Sprintf("%s %s %s: %s", docID, spdxDocument, checksumAlgorithm, checksumValue), nil + return edr, nil } diff --git a/rdfloader/parser2v2/parser.go b/rdfloader/parser2v2/parser.go index 3b0fac90..4f1adc01 100644 --- a/rdfloader/parser2v2/parser.go +++ b/rdfloader/parser2v2/parser.go @@ -16,7 +16,9 @@ func NewParser2_2(gordfParserObj *gordfParser.Parser, nodeToTriples map[string][ gordfParserObj: gordfParserObj, nodeStringToTriples: nodeToTriples, doc: &spdx.Document2_2{ - CreationInfo: &spdx.CreationInfo2_2{}, + CreationInfo: &spdx.CreationInfo2_2{ + ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{}, + }, Packages: map[spdx.ElementID]*spdx.Package2_2{}, UnpackagedFiles: map[spdx.ElementID]*spdx.File2_2{}, OtherLicenses: []*spdx.OtherLicense2_2{},