1// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 2 3package parser2v3 4 5import ( 6 "reflect" 7 "testing" 8 9 gordfParser "github.com/spdx/gordf/rdfloader/parser" 10 "github.com/spdx/tools-golang/spdx/common" 11 "github.com/spdx/tools-golang/spdx/v2_3" 12) 13 14func Test_setPackageSupplier(t *testing.T) { 15 var err error 16 17 // TestCase 1: no assertion must set PackageSupplierNOASSERTION field to true 18 pkg := &v2_3.Package{} 19 err = setPackageSupplier(pkg, "NOASSERTION") 20 if err != nil { 21 t.Fatalf("unexpected error: %v", err) 22 } 23 if pkg.PackageSupplier.Supplier != "NOASSERTION" { 24 t.Errorf("PackageSupplier must've been set to NOASSERTION") 25 } 26 27 // TestCase 2: lower-case noassertion must also set the 28 // PackageSupplierNOASSERTION to true. 29 pkg = &v2_3.Package{} 30 err = setPackageSupplier(pkg, "noassertion") 31 if err != nil { 32 t.Fatalf("unexpected error: %v", err) 33 } 34 if pkg.PackageSupplier.Supplier != "NOASSERTION" { 35 t.Errorf("PackageSupplier must've been set to NOASSERTION") 36 } 37 38 // TestCase 3: invalid input without colon separator. must raise an error 39 pkg = &v2_3.Package{} 40 input := "string without colon separator" 41 err = setPackageSupplier(pkg, input) 42 if err == nil { 43 t.Errorf("invalid input \"%s\" didn't raise an error", input) 44 } 45 46 // TestCase 4: Valid Person 47 pkg = &v2_3.Package{} 48 personName := "Rishabh Bhatnagar" 49 input = "Person: " + personName 50 err = setPackageSupplier(pkg, input) 51 if err != nil { 52 t.Errorf("unexpected error: %v", err) 53 } 54 if pkg.PackageSupplier.Supplier != personName { 55 t.Errorf("PackageSupplierPerson should be %s. found %s", personName, pkg.PackageSupplier.Supplier) 56 } 57 58 // TestCase 5: Valid Organization 59 pkg = &v2_3.Package{} 60 orgName := "SPDX" 61 input = "Organization: " + orgName 62 err = setPackageSupplier(pkg, input) 63 if err != nil { 64 t.Errorf("unexpected error: %v", err) 65 } 66 if pkg.PackageSupplier.Supplier != orgName { 67 t.Errorf("PackageSupplierPerson should be %s. found %s", orgName, pkg.PackageSupplier.Supplier) 68 } 69 70 // TestCase 6: Invalid EntityType 71 pkg = &v2_3.Package{} 72 input = "InvalidEntity: entity" 73 err = setPackageSupplier(pkg, input) 74 if err == nil { 75 t.Errorf("invalid entity should've raised an error") 76 } 77} 78 79func Test_setPackageOriginator(t *testing.T) { 80 var err error 81 82 // TestCase 1: no assertion must set PackageSupplierNOASSERTION field to true 83 pkg := &v2_3.Package{} 84 err = setPackageOriginator(pkg, "NOASSERTION") 85 if err != nil { 86 t.Fatalf("unexpected error: %v", err) 87 } 88 if pkg.PackageOriginator.Originator != "NOASSERTION" { 89 t.Errorf("PackageOriginator must've been set to NOASSERTION") 90 } 91 92 // TestCase 2: lower-case noassertion must also set the 93 // PackageOriginatorNOASSERTION to true. 94 pkg = &v2_3.Package{} 95 err = setPackageOriginator(pkg, "noassertion") 96 if err != nil { 97 t.Fatalf("unexpected error: %v", err) 98 } 99 if pkg.PackageOriginator.Originator != "NOASSERTION" { 100 t.Errorf("PackageOriginator must've been set to NOASSERTION") 101 } 102 103 // TestCase 3: invalid input without colon separator. must raise an error 104 pkg = &v2_3.Package{} 105 input := "string without colon separator" 106 err = setPackageOriginator(pkg, input) 107 if err == nil { 108 t.Errorf("invalid input \"%s\" didn't raise an error", input) 109 } 110 111 // TestCase 4: Valid Person 112 pkg = &v2_3.Package{} 113 personName := "Rishabh Bhatnagar" 114 input = "Person: " + personName 115 err = setPackageOriginator(pkg, input) 116 if err != nil { 117 t.Errorf("unexpected error: %v", err) 118 } 119 if pkg.PackageOriginator.Originator != personName { 120 t.Errorf("PackageOriginatorPerson should be %s. found %s", personName, pkg.PackageOriginator.Originator) 121 } 122 123 // TestCase 5: Valid Organization 124 pkg = &v2_3.Package{} 125 orgName := "SPDX" 126 input = "Organization: " + orgName 127 err = setPackageOriginator(pkg, input) 128 if err != nil { 129 t.Errorf("unexpected error: %v", err) 130 } 131 if pkg.PackageOriginator.Originator != orgName { 132 t.Errorf("PackageOriginatorOrganization should be %s. found %s", orgName, pkg.PackageOriginator.Originator) 133 } 134 135 // TestCase 6: Invalid EntityType 136 pkg = &v2_3.Package{} 137 input = "InvalidEntity: entity" 138 err = setPackageOriginator(pkg, input) 139 if err == nil { 140 t.Errorf("invalid entity should've raised an error") 141 } 142} 143 144func Test_rdfParser2_3_setPackageVerificationCode(t *testing.T) { 145 var parser *rdfParser2_3 146 var node *gordfParser.Node 147 var pkg *v2_3.Package 148 var err error 149 150 // TestCase 1: invalid predicate must raise an error 151 parser, _ = parserFromBodyContent(` 152 <spdx.PackageVerificationCode> 153 <spdx:invalidPredicate /> 154 <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> 155 <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> 156 </spdx.PackageVerificationCode> 157 `) 158 node = parser.gordfParserObj.Triples[0].Subject 159 pkg = &v2_3.Package{} 160 err = parser.setPackageVerificationCode(pkg, node) 161 if err == nil { 162 t.Errorf("expected an error due to invalid predicate, got <nil>") 163 } 164 165 // TestCase 2: valid input 166 parser, _ = parserFromBodyContent(` 167 <spdx.PackageVerificationCode> 168 <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> 169 <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> 170 </spdx.PackageVerificationCode> 171 `) 172 node = parser.gordfParserObj.Triples[0].Subject 173 pkg = &v2_3.Package{} 174 err = parser.setPackageVerificationCode(pkg, node) 175 if err != nil { 176 t.Errorf("unexpected error: %v", err) 177 } 178 expectedValue := "cbceb8b5689b75a584efe35587b5d41bd48820ce" 179 if pkg.PackageVerificationCode.Value != expectedValue { 180 t.Errorf("expected %v, got %v", expectedValue, pkg.PackageVerificationCode) 181 } 182 expectedExcludedFile := "./package.spdx" 183 if pkg.PackageVerificationCode.ExcludedFiles[0] != expectedExcludedFile { 184 t.Errorf("expected %v, got %v", expectedExcludedFile, pkg.PackageVerificationCode.ExcludedFiles) 185 } 186} 187 188func Test_rdfParser2_3_getPackageExternalRef(t *testing.T) { 189 var extRef *v2_3.PackageExternalReference 190 var err error 191 var parser *rdfParser2_3 192 var node *gordfParser.Node 193 194 // TestCase 1: invalid reference category 195 parser, _ = parserFromBodyContent(` 196 <spdx:ExternalRef> 197 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 198 <spdx:referenceType> 199 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 200 </spdx:referenceType> 201 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_invalid"/> 202 </spdx:ExternalRef> 203 `) 204 node = parser.gordfParserObj.Triples[0].Subject 205 extRef, err = parser.getPackageExternalRef(node) 206 if err == nil { 207 t.Errorf("expected an error due to invalid referenceCategory, got <nil>") 208 } 209 210 // TestCase 2: invalid predicate 211 parser, _ = parserFromBodyContent(` 212 <spdx:ExternalRef> 213 <spdx:unknownPredicate /> 214 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 215 <spdx:referenceType> 216 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 217 </spdx:referenceType> 218 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> 219 </spdx:ExternalRef> 220 `) 221 node = parser.gordfParserObj.Triples[0].Subject 222 extRef, err = parser.getPackageExternalRef(node) 223 if err == nil { 224 t.Errorf("expected an error due to invalid referenceCategory, got <nil>") 225 } 226 227 // TestCase 3: valid example (referenceCategory_security) 228 parser, _ = parserFromBodyContent(` 229 <spdx:ExternalRef> 230 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 231 <spdx:referenceType> 232 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 233 </spdx:referenceType> 234 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> 235 <rdfs:comment>comment</rdfs:comment> 236 </spdx:ExternalRef> 237 `) 238 node = parser.gordfParserObj.Triples[0].Subject 239 extRef, err = parser.getPackageExternalRef(node) 240 if err != nil { 241 t.Fatalf("unexpected error parsing a valid example: %v", err) 242 } 243 expectedExtRef := &v2_3.PackageExternalReference{ 244 Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", 245 RefType: "http://spdx.org/rdf/references/cpe23Type", 246 Category: "SECURITY", 247 ExternalRefComment: "comment", 248 } 249 if !reflect.DeepEqual(extRef, expectedExtRef) { 250 t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) 251 } 252 253 // TestCase 4: valid example (referenceCategory_packageManager) 254 parser, _ = parserFromBodyContent(` 255 <spdx:ExternalRef> 256 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 257 <spdx:referenceType> 258 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 259 </spdx:referenceType> 260 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_packageManager"/> 261 <rdfs:comment>comment</rdfs:comment> 262 </spdx:ExternalRef> 263 `) 264 node = parser.gordfParserObj.Triples[0].Subject 265 extRef, err = parser.getPackageExternalRef(node) 266 if err != nil { 267 t.Fatalf("unexpected error parsing a valid example: %v", err) 268 } 269 expectedExtRef = &v2_3.PackageExternalReference{ 270 Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", 271 RefType: "http://spdx.org/rdf/references/cpe23Type", 272 Category: "PACKAGE-MANAGER", 273 ExternalRefComment: "comment", 274 } 275 if !reflect.DeepEqual(extRef, expectedExtRef) { 276 t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) 277 } 278 279 // TestCase 5: valid example (referenceCategory_other) 280 parser, _ = parserFromBodyContent(` 281 <spdx:ExternalRef> 282 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 283 <spdx:referenceType> 284 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 285 </spdx:referenceType> 286 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_other"/> 287 <rdfs:comment>comment</rdfs:comment> 288 </spdx:ExternalRef> 289 `) 290 node = parser.gordfParserObj.Triples[0].Subject 291 extRef, err = parser.getPackageExternalRef(node) 292 if err != nil { 293 t.Fatalf("unexpected error parsing a valid example: %v", err) 294 } 295 expectedExtRef = &v2_3.PackageExternalReference{ 296 Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", 297 RefType: "http://spdx.org/rdf/references/cpe23Type", 298 Category: "OTHER", 299 ExternalRefComment: "comment", 300 } 301 if !reflect.DeepEqual(extRef, expectedExtRef) { 302 t.Errorf("expected: \n%+v\ngot: \n%+v", expectedExtRef, extRef) 303 } 304} 305 306func Test_rdfParser2_3_getPrimaryPackagePurpose(t *testing.T) { 307 // TestCase 1: basic purpose 308 value := getPrimaryPackagePurpose("packagePurpose_container") 309 if value != "CONTAINER" { 310 t.Errorf("expected primary package purpose to be CONTAINER. got: '%s'", value) 311 } 312 313 // TestCase 2: purpose with underscore-to-dash 314 value = getPrimaryPackagePurpose("packagePurpose_operating_system") 315 if value != "OPERATING-SYSTEM" { 316 t.Errorf("expected primary package purpose to be OPERATING-SYSTEM. got: '%s'", value) 317 } 318 319 // TestCase 3: invalid purpose 320 value = getPrimaryPackagePurpose("packagePurpose_invalid") 321 if value != "" { 322 t.Errorf("expected invalid primary package purpose to be empty. got: '%s'", value) 323 } 324} 325 326func Test_rdfParser2_3_getPackageFromNode(t *testing.T) { 327 var parser *rdfParser2_3 328 var node *gordfParser.Node 329 var err error 330 331 // TestCase 1: invalid elementId 332 parser, _ = parserFromBodyContent(` 333 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#upload2"> 334 <spdx:name>time-1.9.tar.gz</spdx:name> 335 </spdx:Package> 336 `) 337 node = parser.gordfParserObj.Triples[0].Subject 338 _, err = parser.getPackageFromNode(node) 339 if err == nil { 340 t.Errorf("expected an error(missing SPDXRef- prefix), found %v", err) 341 } 342 343 // TestCase 2: Invalid License Concluded must raise an error: 344 parser, _ = parserFromBodyContent(` 345 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 346 <spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/IPL-3.0"/> 347 </spdx:Package> 348 `) 349 node = parser.gordfParserObj.Triples[0].Subject 350 _, err = parser.getPackageFromNode(node) 351 if err == nil { 352 t.Errorf("expected an error(invalid license), found %v", err) 353 } 354 355 // TestCase 2: Invalid License Declared must raise an error: 356 parser, _ = parserFromBodyContent(` 357 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 358 <spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/IPL-3.0"/> 359 </spdx:Package> 360 `) 361 node = parser.gordfParserObj.Triples[0].Subject 362 _, err = parser.getPackageFromNode(node) 363 if err == nil { 364 t.Errorf("expected an error(invalid license), found %v", err) 365 } 366 367 // TestCase 3: Invalid ExternalRef 368 parser, _ = parserFromBodyContent(` 369 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 370 <spdx:externalRef> 371 <spdx:ExternalRef> 372 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 373 <spdx:referenceType> 374 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 375 </spdx:referenceType> 376 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_invalid"/> 377 </spdx:ExternalRef> 378 </spdx:externalRef> 379 </spdx:Package> 380 `) 381 node = parser.gordfParserObj.Triples[0].Subject 382 _, err = parser.getPackageFromNode(node) 383 if err == nil { 384 t.Errorf("expected an error(invalid externalRef), found %v", err) 385 } 386 387 // TestCase 4: invalid file must raise an error 388 parser, _ = parserFromBodyContent(` 389 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 390 <spdx:hasFile> 391 <spdx:File rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9.tar.gz_1535120734-spdx.rdf#item8"/> 392 </spdx:hasFile> 393 </spdx:Package> 394 `) 395 node = parser.gordfParserObj.Triples[0].Subject 396 _, err = parser.getPackageFromNode(node) 397 if err == nil { 398 t.Errorf("expected an error(invalid file), found %v", err) 399 } 400 401 // TestCase 5: invalid predicate must raise an error 402 parser, _ = parserFromBodyContent(` 403 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 404 <spdx:hasFiles> 405 <spdx:File rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9.tar.gz_1535120734-spdx.rdf#item8"/> 406 </spdx:hasFiles> 407 </spdx:Package> 408 `) 409 node = parser.gordfParserObj.Triples[0].Subject 410 _, err = parser.getPackageFromNode(node) 411 if err == nil { 412 t.Errorf("expected an error(invalid predicate), found %v", err) 413 } 414 415 // TestCase 6: invalid annotation must raise an error 416 parser, _ = parserFromBodyContent(` 417 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 418 <spdx:annotation> 419 <spdx:Annotation> 420 <spdx:unknownAttribute /> 421 </spdx:Annotation> 422 </spdx:annotation> 423 </spdx:Package> 424 `) 425 node = parser.gordfParserObj.Triples[0].Subject 426 _, err = parser.getPackageFromNode(node) 427 if err == nil { 428 t.Errorf("expected an error(invalid annotation), found %v", err) 429 } 430 431 // TestCase 6: invalid homepage must raise an error 432 parser, _ = parserFromBodyContent(` 433 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 434 <doap:homepage>u r i</doap:homepage> 435 </spdx:Package> 436 `) 437 node = parser.gordfParserObj.Triples[0].Subject 438 _, err = parser.getPackageFromNode(node) 439 if err == nil { 440 t.Errorf("expected an error(invalid homepage uri), found %v", err) 441 } 442 443 // TestCase 7: Package tag declared more than once should be parsed into a single object's definition 444 parser, _ = parserFromBodyContent(` 445 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 446 <spdx:name>Test Package</spdx:name> 447 </spdx:Package> 448 `) 449 node = parser.gordfParserObj.Triples[0].Subject 450 _, err = parser.getPackageFromNode(node) 451 if err != nil { 452 t.Errorf("error parsing a valid package: %v", err) 453 } 454 yetAnotherPkgTriple := gordfParser.Triple{ 455 Subject: node, 456 Predicate: &gordfParser.Node{ 457 NodeType: gordfParser.IRI, 458 ID: SPDX_PACKAGE_FILE_NAME, 459 }, 460 Object: &gordfParser.Node{ 461 NodeType: gordfParser.LITERAL, 462 ID: "packageFileName", 463 }, 464 } 465 parser.nodeStringToTriples[node.String()] = append(parser.nodeStringToTriples[node.String()], &yetAnotherPkgTriple) 466 pkg, err := parser.getPackageFromNode(node) 467 if err != nil { 468 t.Errorf("error parsing a valid package: %v", err) 469 } 470 // validating if all the attributes that spanned over two tags are included in the parsed package. 471 expectedID := "upload2" 472 if string(pkg.PackageSPDXIdentifier) != expectedID { 473 t.Errorf("expected package id: %s, got %s", expectedID, pkg.PackageSPDXIdentifier) 474 } 475 expectedPkgFileName := "packageFileName" 476 if expectedPkgFileName != pkg.PackageFileName { 477 t.Errorf("expected package file name: %s, got %s", expectedPkgFileName, pkg.PackageFileName) 478 } 479 expectedName := "Test Package" 480 if pkg.PackageName != expectedName { 481 t.Errorf("expected package name: %s, got %s", expectedPkgFileName, pkg.PackageName) 482 } 483 484 // TestCase 8: Checking if packages can handle cyclic dependencies: 485 // Simulating a smallest possible cycle: package related to itself. 486 parser, _ = parserFromBodyContent(` 487 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 488 <spdx:name>Test Package</spdx:name> 489 <spdx:relationship> 490 <spdx:Relationship> 491 <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes" /> 492 <spdx:relatedSpdxElement> 493 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 494 <spdx:versionInfo>1.1.1</spdx:versionInfo> 495 </spdx:Package> 496 </spdx:relatedSpdxElement> 497 </spdx:Relationship> 498 </spdx:relationship> 499 </spdx:Package> 500 `) 501 node = parser.gordfParserObj.Triples[0].Subject 502 pkg, err = parser.getPackageFromNode(node) 503 if err != nil { 504 t.Errorf("error parsing a valid package: %v", err) 505 } 506 // checking if both the attributes of the packages are set. 507 expectedVersionInfo := "1.1.1" 508 expectedPackageName := "Test Package" 509 if pkg.PackageVersion != expectedVersionInfo { 510 t.Errorf("Expected %s, found %s", expectedVersionInfo, pkg.PackageVersion) 511 } 512 if pkg.PackageName != expectedPackageName { 513 t.Errorf("Expected %s, found %s", expectedPackageName, pkg.PackageName) 514 } 515 516 // TestCase 9: everything valid 517 parser, _ = parserFromBodyContent(` 518 <spdx:Package rdf:about="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2"> 519 <spdx:name>Test Package</spdx:name> 520 <spdx:versionInfo>1.1.1</spdx:versionInfo> 521 <spdx:packageFileName>time-1.9.tar.gz</spdx:packageFileName> 522 <spdx:supplier>Person: Jane Doe (jane.doe@example.com)</spdx:supplier> 523 <spdx:originator>Organization: SPDX</spdx:originator> 524 <spdx:downloadLocation rdf:resource="http://spdx.org/rdf/terms#noassertion" /> 525 <spdx:filesAnalyzed>true</spdx:filesAnalyzed> 526 <spdx:packageVerificationCode> 527 <spdx.PackageVerificationCode> 528 <spdx:packageVerificationCodeValue>cbceb8b5689b75a584efe35587b5d41bd48820ce</spdx:packageVerificationCodeValue> 529 <spdx:packageVerificationCodeExcludedFile>./package.spdx</spdx:packageVerificationCodeExcludedFile> 530 </spdx.PackageVerificationCode> 531 </spdx:packageVerificationCode> 532 <spdx:checksum> 533 <spdx:Checksum> 534 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1" /> 535 <spdx:checksumValue>75068c26abbed3ad3980685bae21d7202d288317</spdx:checksumValue> 536 </spdx:Checksum> 537 </spdx:checksum> 538 <doap:homepage>http://www.openjena.org/</doap:homepage> 539 <spdx:sourceInfo>uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.</spdx:sourceInfo> 540 <spdx:licenseConcluded> 541 <spdx:DisjunctiveLicenseSet> 542 <spdx:member rdf:resource="http://spdx.org/licenses/Nokia"/> 543 <spdx:member rdf:resource="http://spdx.org/licenses/LGPL-2.0"/> 544 </spdx:DisjunctiveLicenseSet> 545 </spdx:licenseConcluded> 546 <spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/rdf/terms#noassertion" /> 547 <spdx:licenseDeclared rdf:resource="http://spdx.org/rdf/terms#noassertion" /> 548 <spdx:licenseComments>Other versions available for a commercial license</spdx:licenseComments> 549 <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion" /> 550 <spdx:summary> Package for Testing </spdx:summary> 551 <spdx:description> Some tags are taken from other spdx autogenerated files </spdx:description> 552 <rdfs:comment>no comments</rdfs:comment> 553 <spdx:externalRef> 554 <spdx:ExternalRef> 555 <spdx:referenceLocator>cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*</spdx:referenceLocator> 556 <spdx:referenceType> 557 <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/> 558 </spdx:referenceType> 559 <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/> 560 </spdx:ExternalRef> 561 </spdx:externalRef> 562 <spdx:hasFile rdf:resource="http://spdx.org/documents/spdx-toolsv2.1.7-SNAPSHOT#SPDXRef-129" /> 563 <spdx:relationship> 564 <spdx:Relationship> 565 <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes" /> 566 <spdx:relatedSpdxElement rdf:resource="http://anupam-VirtualBox/repo/SPDX2_time-1.9#SPDXRef-upload2" /> 567 </spdx:Relationship> 568 </spdx:relationship> 569 <spdx:attributionText>attribution text</spdx:attributionText> 570 <spdx:annotation> 571 <spdx:Annotation> 572 <spdx:annotationDate>2011-01-29T18:30:22Z</spdx:annotationDate> 573 <rdfs:comment>Package level annotation</rdfs:comment> 574 <spdx:annotator>Person: Package Commenter</spdx:annotator> 575 <spdx:annotationType rdf:resource="http://spdx.org/rdf/terms#annotationType_other"/> 576 </spdx:Annotation> 577 </spdx:annotation> 578 </spdx:Package> 579 `) 580 node = parser.gordfParserObj.Triples[0].Subject 581 _, err = parser.getPackageFromNode(node) 582 if err != nil { 583 t.Errorf("error parsing a valid package: %v", err) 584 } 585} 586 587func Test_rdfParser2_3_setFileToPackage(t *testing.T) { 588 var pkg *v2_3.Package 589 var file *v2_3.File 590 var parser *rdfParser2_3 591 592 // TestCase 1: setting to a nil files attribute shouldn't panic. 593 parser, _ = parserFromBodyContent(``) 594 pkg = &v2_3.Package{} 595 file = &v2_3.File{} 596 parser.setFileToPackage(pkg, file) 597 if len(pkg.Files) != 1 { 598 t.Errorf("expected given package to have one file after setting, got %d", len(pkg.Files)) 599 } 600 if parser.assocWithPackage[file.FileSPDXIdentifier] != true { 601 t.Errorf("given file should've been associated with a package, assocWithPackage is false") 602 } 603} 604 605func Test_rdfParser2_3_setPackageChecksum(t *testing.T) { 606 var parser *rdfParser2_3 607 var node *gordfParser.Node 608 var pkg *v2_3.Package 609 var expectedChecksumValue string 610 var err error 611 612 // TestCase 1: invalid checksum algorithm 613 parser, _ = parserFromBodyContent(` 614 <spdx:Checksum> 615 <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> 616 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha999"/> 617 </spdx:Checksum> 618 `) 619 pkg = &v2_3.Package{} 620 node = parser.gordfParserObj.Triples[0].Subject 621 err = parser.setPackageChecksum(pkg, node) 622 if err == nil { 623 t.Error("expected an error due to invalid checksum node, got <nil>") 624 } 625 626 // TestCase 1: valid checksum algorithm which is invalid for package 627 parser, _ = parserFromBodyContent(` 628 <spdx:Checksum> 629 <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> 630 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha2000"/> 631 </spdx:Checksum> 632 `) 633 pkg = &v2_3.Package{} 634 node = parser.gordfParserObj.Triples[0].Subject 635 err = parser.setPackageChecksum(pkg, node) 636 if err == nil { 637 t.Error("expected an error due to invalid checksum for package, got <nil>") 638 } 639 640 // TestCase 2: valid checksum (sha1) 641 parser, _ = parserFromBodyContent(` 642 <spdx:Checksum> 643 <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> 644 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/> 645 </spdx:Checksum> 646 `) 647 pkg = &v2_3.Package{} 648 node = parser.gordfParserObj.Triples[0].Subject 649 err = parser.setPackageChecksum(pkg, node) 650 if err != nil { 651 t.Errorf("unexpected error: %v", err) 652 } 653 expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" 654 655 for _, checksum := range pkg.PackageChecksums { 656 switch checksum.Algorithm { 657 case common.SHA1: 658 if checksum.Value != expectedChecksumValue { 659 t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) 660 } 661 } 662 } 663 664 // TestCase 3: valid checksum (sha256) 665 parser, _ = parserFromBodyContent(` 666 <spdx:Checksum> 667 <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> 668 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/> 669 </spdx:Checksum> 670 `) 671 pkg = &v2_3.Package{} 672 node = parser.gordfParserObj.Triples[0].Subject 673 err = parser.setPackageChecksum(pkg, node) 674 if err != nil { 675 t.Errorf("unexpected error: %v", err) 676 } 677 expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" 678 for _, checksum := range pkg.PackageChecksums { 679 switch checksum.Algorithm { 680 case common.SHA256: 681 if checksum.Value != expectedChecksumValue { 682 t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) 683 } 684 } 685 } 686 687 // TestCase 4: valid checksum (md5) 688 parser, _ = parserFromBodyContent(` 689 <spdx:Checksum> 690 <spdx:checksumValue>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</spdx:checksumValue> 691 <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/> 692 </spdx:Checksum> 693 `) 694 pkg = &v2_3.Package{} 695 node = parser.gordfParserObj.Triples[0].Subject 696 err = parser.setPackageChecksum(pkg, node) 697 if err != nil { 698 t.Errorf("unexpected error: %v", err) 699 } 700 expectedChecksumValue = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" 701 for _, checksum := range pkg.PackageChecksums { 702 switch checksum.Algorithm { 703 case common.MD5: 704 if checksum.Value != expectedChecksumValue { 705 t.Errorf("expected %v, got: %v", expectedChecksumValue, checksum.Value) 706 } 707 } 708 } 709} 710 711func Test_setDocumentLocationFromURI(t *testing.T) { 712 var pkg *v2_3.Package 713 var expectedDocumentLocation, gotDocumentLocation string 714 var inputURI string 715 var err error 716 717 // TestCase 1: NOASSERTION 718 inputURI = SPDX_NOASSERTION_SMALL 719 pkg = &v2_3.Package{} 720 err = setDocumentLocationFromURI(pkg, inputURI) 721 if err != nil { 722 t.Fatalf("unexpected error: %v", err) 723 } 724 expectedDocumentLocation = "NOASSERTION" 725 gotDocumentLocation = pkg.PackageDownloadLocation 726 if expectedDocumentLocation != gotDocumentLocation { 727 t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) 728 } 729 730 // TestCase 2: NONE 731 inputURI = SPDX_NONE_CAPS 732 pkg = &v2_3.Package{} 733 err = setDocumentLocationFromURI(pkg, inputURI) 734 if err != nil { 735 t.Fatalf("unexpected error: %v", err) 736 } 737 expectedDocumentLocation = "NONE" 738 gotDocumentLocation = pkg.PackageDownloadLocation 739 if expectedDocumentLocation != gotDocumentLocation { 740 t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) 741 } 742 743 // TestCase 3: valid uri 744 inputURI = "https://www.gnu.org/software/texinfo/" 745 pkg = &v2_3.Package{} 746 err = setDocumentLocationFromURI(pkg, inputURI) 747 if err != nil { 748 t.Fatalf("unexpected error: %v", err) 749 } 750 expectedDocumentLocation = "https://www.gnu.org/software/texinfo/" 751 gotDocumentLocation = pkg.PackageDownloadLocation 752 if expectedDocumentLocation != gotDocumentLocation { 753 t.Errorf("expected: %v, got: %v", expectedDocumentLocation, gotDocumentLocation) 754 } 755 756 // TestCase 3: invalid uri 757 inputURI = " " 758 pkg = &v2_3.Package{} 759 err = setDocumentLocationFromURI(pkg, inputURI) 760 if err == nil { 761 t.Fatalf("expected an error due to invalid uri, got %v", err) 762 } 763} 764 765func Test_setFilesAnalyzed(t *testing.T) { 766 var pkg *v2_3.Package 767 var err error 768 769 // TestCase 1: not a valid bool value: 770 pkg = &v2_3.Package{} 771 err = setFilesAnalyzed(pkg, "no") 772 if err == nil { 773 t.Errorf("expected an error due to invalid bool input, got %v", err) 774 } 775 776 // TestCase 2: valid input 777 pkg = &v2_3.Package{} 778 err = setFilesAnalyzed(pkg, "true") 779 if err != nil { 780 t.Fatalf("unexpected error: %v", err) 781 } 782 if !pkg.IsFilesAnalyzedTagPresent { 783 t.Errorf("should've set IsFilesAnalyzedTagPresent, got: %t", pkg.IsFilesAnalyzedTagPresent) 784 } 785 if !pkg.FilesAnalyzed { 786 t.Errorf("expected: %t, got: %t", true, pkg.FilesAnalyzed) 787 } 788} 789