1// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 2 3package v2_3 4 5import ( 6 "bytes" 7 "flag" 8 "fmt" 9 "os" 10 "testing" 11 12 "github.com/google/go-cmp/cmp" 13 14 "github.com/spdx/tools-golang/spdx/common" 15 "github.com/spdx/tools-golang/spdx/v2_3" 16 "github.com/spdx/tools-golang/tvloader" 17 "github.com/spdx/tools-golang/tvsaver" 18) 19 20var update = *flag.Bool("update-snapshots", false, "update the example snapshot") 21 22func TestLoad(t *testing.T) { 23 fileName := "../../examples/sample-docs/tv/SPDXTagExample-v2.3.spdx" 24 25 if update { 26 f, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) 27 if err != nil { 28 t.Errorf("unable to open file to write SPDX 2.3 example: %v", err) 29 } 30 err = tvsaver.Save2_3(&want, f) 31 if err != nil { 32 t.Errorf("unable to save SPDX 2.3 example: %v", err) 33 } 34 } 35 36 file, err := os.Open(fileName) 37 if err != nil { 38 panic(fmt.Errorf("error opening File: %s", err)) 39 } 40 41 got, err := tvloader.Load2_3(file) 42 if err != nil { 43 t.Errorf("Load2_3() error = %v", err) 44 return 45 } 46 47 // get a copy of the handwritten struct so we don't mutate it on accident 48 handwrittenExample := want 49 50 if cmp.Equal(handwrittenExample, got) { 51 t.Errorf("Got incorrect struct after parsing example") 52 return 53 } 54} 55 56func TestWrite(t *testing.T) { 57 w := &bytes.Buffer{} 58 // get a copy of the handwritten struct so we don't mutate it on accident 59 handwrittenExample := want 60 if err := tvsaver.Save2_3(&handwrittenExample, w); err != nil { 61 t.Errorf("Save2_3() error = %v", err.Error()) 62 return 63 } 64 65 // we should be able to parse what the writer wrote, and it should be identical to the original struct we wrote 66 parsedDoc, err := tvloader.Load2_3(bytes.NewReader(w.Bytes())) 67 if err != nil { 68 t.Errorf("failed to parse written document: %v", err.Error()) 69 return 70 } 71 72 if cmp.Equal(handwrittenExample, parsedDoc) { 73 t.Errorf("Got incorrect struct after writing and re-parsing example") 74 return 75 } 76} 77 78// want is handwritten translation of the official example SPDX v2.3 document into a Go struct. 79// We expect that the result of parsing the official document should be this value. 80// We expect that the result of writing this struct should match the official example document. 81var want = v2_3.Document{ 82 DataLicense: "CC0-1.0", 83 SPDXVersion: "SPDX-2.3", 84 SPDXIdentifier: "SPDXRef-DOCUMENT", 85 DocumentName: "SPDX-Tools-v2.0", 86 DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301", 87 CreationInfo: &v2_3.CreationInfo{ 88 LicenseListVersion: "3.9", 89 Creators: []common.Creator{ 90 {CreatorType: "Tool", Creator: "LicenseFind-1.0"}, 91 {CreatorType: "Organization", Creator: "ExampleCodeInspect ()"}, 92 {CreatorType: "Person", Creator: "Jane Doe ()"}, 93 }, 94 Created: "2010-01-29T18:30:22Z", 95 CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", 96 }, 97 DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.", 98 ExternalDocumentReferences: []v2_3.ExternalDocumentRef{ 99 { 100 DocumentRefID: "DocumentRef-spdx-tool-1.2", 101 URI: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301", 102 Checksum: common.Checksum{ 103 Algorithm: common.SHA1, 104 Value: "d6a770ba38583ed4bb4525bd96e50461655d2759", 105 }, 106 }, 107 }, 108 OtherLicenses: []*v2_3.OtherLicense{ 109 { 110 LicenseIdentifier: "LicenseRef-1", 111 ExtractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", 112 }, 113 { 114 LicenseIdentifier: "LicenseRef-2", 115 ExtractedText: "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", 116 }, 117 { 118 LicenseIdentifier: "LicenseRef-4", 119 ExtractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n * derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/", 120 }, 121 { 122 LicenseIdentifier: "LicenseRef-Beerware-4.2", 123 ExtractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\[email protected] wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp", 124 LicenseComment: "The beerware license has a couple of other standard variants.", 125 LicenseName: "Beer-Ware License (Version 42)", 126 LicenseCrossReferences: []string{"http://people.freebsd.org/~phk/"}, 127 }, 128 { 129 LicenseIdentifier: "LicenseRef-3", 130 ExtractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark. All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in\n the documentation and/or other materials provided with the\n distribution.\n\n3. The end-user documentation included with the redistribution,\n if any, must include the following acknowledgment: \n \"This product includes software developed by Andy Clark.\"\n Alternately, this acknowledgment may appear in the software itself,\n if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n or promote products derived from this software without prior \n written permission. For written permission, please contact \n [email protected].\n\n5. Products derived from this software may not be called \"CyberNeko\",\n nor may \"CyberNeko\" appear in their name, without prior written\n permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", 131 LicenseName: "CyberNeko License", 132 LicenseCrossReferences: []string{ 133 "http://people.apache.org/~andyc/neko/LICENSE", 134 "http://justasample.url.com", 135 }, 136 LicenseComment: "This is tye CyperNeko License", 137 }, 138 }, 139 Annotations: []*v2_3.Annotation{ 140 { 141 Annotator: common.Annotator{ 142 Annotator: "Jane Doe ()", 143 AnnotatorType: "Person", 144 }, 145 AnnotationDate: "2010-01-29T18:30:22Z", 146 AnnotationType: "OTHER", 147 AnnotationComment: "Document level annotation", 148 }, 149 { 150 Annotator: common.Annotator{ 151 Annotator: "Joe Reviewer", 152 AnnotatorType: "Person", 153 }, 154 AnnotationDate: "2010-02-10T00:00:00Z", 155 AnnotationType: "REVIEW", 156 AnnotationComment: "This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses", 157 }, 158 { 159 Annotator: common.Annotator{ 160 Annotator: "Suzanne Reviewer", 161 AnnotatorType: "Person", 162 }, 163 AnnotationDate: "2011-03-13T00:00:00Z", 164 AnnotationType: "REVIEW", 165 AnnotationComment: "Another example reviewer.", 166 }, 167 }, 168 Packages: []*v2_3.Package{ 169 { 170 PackageName: "glibc", 171 PackageSPDXIdentifier: "SPDXRef-Package", 172 PackageVersion: "2.11.1", 173 PackageFileName: "glibc-2.11.1.tar.gz", 174 PackageSupplier: &common.Supplier{ 175 Supplier: "Jane Doe ([email protected])", 176 SupplierType: "Person", 177 }, 178 PackageOriginator: &common.Originator{ 179 Originator: "ExampleCodeInspect ([email protected])", 180 OriginatorType: "Organization", 181 }, 182 PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", 183 FilesAnalyzed: true, 184 PackageVerificationCode: &common.PackageVerificationCode{ 185 Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", 186 ExcludedFiles: []string{"./package.spdx"}, 187 }, 188 PackageChecksums: []common.Checksum{ 189 { 190 Algorithm: "MD5", 191 Value: "624c1abb3664f4b35547e7c73864ad24", 192 }, 193 { 194 Algorithm: "SHA1", 195 Value: "85ed0817af83a24ad8da68c2b5094de69833983c", 196 }, 197 { 198 Algorithm: "SHA256", 199 Value: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd", 200 }, 201 }, 202 PackageHomePage: "http://ftp.gnu.org/gnu/glibc", 203 PackageSourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", 204 PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)", 205 PackageLicenseInfoFromFiles: []string{ 206 "GPL-2.0-only", 207 "LicenseRef-2", 208 "LicenseRef-1", 209 }, 210 PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)", 211 PackageLicenseComments: "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change.", 212 PackageCopyrightText: "Copyright 2008-2010 John Smith", 213 PackageSummary: "GNU C library.", 214 PackageDescription: "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", 215 PackageComment: "", 216 PackageExternalReferences: []*v2_3.PackageExternalReference{ 217 { 218 Category: "SECURITY", 219 RefType: "cpe23Type", 220 Locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*", 221 }, 222 { 223 Category: "OTHER", 224 RefType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", 225 Locator: "acmecorp/acmenator/4.1.3-alpha", 226 ExternalRefComment: "This is the external ref for Acme", 227 }, 228 }, 229 PackageAttributionTexts: []string{ 230 "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.", 231 }, 232 Files: nil, 233 Annotations: []v2_3.Annotation{ 234 { 235 Annotator: common.Annotator{ 236 Annotator: "Package Commenter", 237 AnnotatorType: "Person", 238 }, 239 AnnotationDate: "2011-01-29T18:30:22Z", 240 AnnotationType: "OTHER", 241 AnnotationComment: "Package level annotation", 242 }, 243 }, 244 }, 245 { 246 PackageSPDXIdentifier: "SPDXRef-fromDoap-1", 247 PackageCopyrightText: "NOASSERTION", 248 PackageDownloadLocation: "NOASSERTION", 249 FilesAnalyzed: false, 250 PackageHomePage: "http://commons.apache.org/proper/commons-lang/", 251 PackageLicenseDeclared: "NOASSERTION", 252 PackageName: "Apache Commons Lang", 253 }, 254 { 255 PackageName: "Jena", 256 PackageSPDXIdentifier: "SPDXRef-fromDoap-0", 257 PackageCopyrightText: "NOASSERTION", 258 PackageDownloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", 259 PackageExternalReferences: []*v2_3.PackageExternalReference{ 260 { 261 Category: "PACKAGE-MANAGER", 262 RefType: "purl", 263 Locator: "pkg:maven/org.apache.jena/apache-jena@3.12.0", 264 }, 265 }, 266 FilesAnalyzed: false, 267 PackageHomePage: "http://www.openjena.org/", 268 PackageLicenseConcluded: "NOASSERTION", 269 PackageLicenseDeclared: "NOASSERTION", 270 PackageVersion: "3.12.0", 271 }, 272 { 273 PackageSPDXIdentifier: "SPDXRef-Saxon", 274 PackageChecksums: []common.Checksum{ 275 { 276 Algorithm: "SHA1", 277 Value: "85ed0817af83a24ad8da68c2b5094de69833983c", 278 }, 279 }, 280 PackageCopyrightText: "Copyright Saxonica Ltd", 281 PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", 282 PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", 283 FilesAnalyzed: false, 284 PackageHomePage: "http://saxon.sourceforge.net/", 285 PackageLicenseComments: "Other versions available for a commercial license", 286 PackageLicenseConcluded: "MPL-1.0", 287 PackageLicenseDeclared: "MPL-1.0", 288 PackageName: "Saxon", 289 PackageFileName: "saxonB-8.8.zip", 290 PackageVersion: "8.8", 291 }, 292 { 293 PrimaryPackagePurpose: "CONTAINER", 294 PackageSPDXIdentifier: "SPDXRef-CentOS-7", 295 PackageCopyrightText: "NOASSERTION", 296 PackageDescription: "The CentOS container used to run the application.", 297 PackageDownloadLocation: "NOASSERTION", 298 FilesAnalyzed: false, 299 PackageHomePage: "https://www.centos.org/", 300 PackageName: "centos", 301 PackageFileName: "saxonB-8.8.zip", 302 PackageVersion: "centos7.9.2009", 303 BuiltDate: "2021-09-15T02:38:00Z", 304 ValidUntilDate: "2022-10-15T02:38:00Z", 305 ReleaseDate: "2021-10-15T02:38:00Z", 306 }, 307 }, 308 Files: []*v2_3.File{ 309 { 310 FileName: "./src/org/spdx/parser/DOAPProject.java", 311 FileSPDXIdentifier: "SPDXRef-DoapSource", 312 FileTypes: []string{ 313 "SOURCE", 314 }, 315 Checksums: []common.Checksum{ 316 { 317 Algorithm: "SHA1", 318 Value: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", 319 }, 320 }, 321 LicenseConcluded: "Apache-2.0", 322 LicenseInfoInFiles: []string{ 323 "Apache-2.0", 324 }, 325 FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.", 326 FileContributors: []string{ 327 "Protecode Inc.", 328 "SPDX Technical Team Members", 329 "Open Logic Inc.", 330 "Source Auditor Inc.", 331 "Black Duck Software In.c", 332 }, 333 }, 334 { 335 FileSPDXIdentifier: "SPDXRef-CommonsLangSrc", 336 Checksums: []common.Checksum{ 337 { 338 Algorithm: "SHA1", 339 Value: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125", 340 }, 341 }, 342 FileComment: "This file is used by Jena", 343 FileCopyrightText: "Copyright 2001-2011 The Apache Software Foundation", 344 FileContributors: []string{"Apache Software Foundation"}, 345 FileName: "./lib-source/commons-lang3-3.1-sources.jar", 346 FileTypes: []string{"ARCHIVE"}, 347 LicenseConcluded: "Apache-2.0", 348 LicenseInfoInFiles: []string{"Apache-2.0"}, 349 FileNotice: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())", 350 }, 351 { 352 FileSPDXIdentifier: "SPDXRef-JenaLib", 353 Checksums: []common.Checksum{ 354 { 355 Algorithm: "SHA1", 356 Value: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125", 357 }, 358 }, 359 FileComment: "This file belongs to Jena", 360 FileCopyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", 361 FileContributors: []string{"Apache Software Foundation", "Hewlett Packard Inc."}, 362 FileName: "./lib-source/jena-2.6.3-sources.jar", 363 FileTypes: []string{"ARCHIVE"}, 364 LicenseComments: "This license is used by Jena", 365 LicenseConcluded: "LicenseRef-1", 366 LicenseInfoInFiles: []string{"LicenseRef-1"}, 367 }, 368 { 369 FileSPDXIdentifier: "SPDXRef-File", 370 Annotations: []v2_3.Annotation{ 371 { 372 Annotator: common.Annotator{ 373 Annotator: "File Commenter", 374 AnnotatorType: "Person", 375 }, 376 AnnotationDate: "2011-01-29T18:30:22Z", 377 AnnotationType: "OTHER", 378 AnnotationComment: "File level annotation", 379 }, 380 }, 381 Checksums: []common.Checksum{ 382 { 383 Algorithm: "SHA1", 384 Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", 385 }, 386 { 387 Algorithm: "MD5", 388 Value: "624c1abb3664f4b35547e7c73864ad24", 389 }, 390 }, 391 FileComment: "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", 392 FileCopyrightText: "Copyright 2008-2010 John Smith", 393 FileContributors: []string{"The Regents of the University of California", "Modified by Paul Mundt [email protected]", "IBM Corporation"}, 394 FileName: "./package/foo.c", 395 FileTypes: []string{"SOURCE"}, 396 LicenseComments: "The concluded license was taken from the package level that the file was included in.", 397 LicenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)", 398 LicenseInfoInFiles: []string{"GPL-2.0-only", "LicenseRef-2"}, 399 FileNotice: "Copyright (c) 2001 Aaron Lehmann [email protected]\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", 400 }, 401 }, 402 Snippets: []v2_3.Snippet{ 403 { 404 SnippetSPDXIdentifier: "SPDXRef-Snippet", 405 SnippetFromFileSPDXIdentifier: "SPDXRef-DoapSource", 406 Ranges: []common.SnippetRange{ 407 { 408 StartPointer: common.SnippetRangePointer{ 409 Offset: 310, 410 FileSPDXIdentifier: "SPDXRef-DoapSource", 411 }, 412 EndPointer: common.SnippetRangePointer{ 413 Offset: 420, 414 FileSPDXIdentifier: "SPDXRef-DoapSource", 415 }, 416 }, 417 { 418 StartPointer: common.SnippetRangePointer{ 419 LineNumber: 5, 420 FileSPDXIdentifier: "SPDXRef-DoapSource", 421 }, 422 EndPointer: common.SnippetRangePointer{ 423 LineNumber: 23, 424 FileSPDXIdentifier: "SPDXRef-DoapSource", 425 }, 426 }, 427 }, 428 SnippetLicenseConcluded: "GPL-2.0-only", 429 LicenseInfoInSnippet: []string{"GPL-2.0-only"}, 430 SnippetLicenseComments: "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.", 431 SnippetCopyrightText: "Copyright 2008-2010 John Smith", 432 SnippetComment: "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", 433 SnippetName: "from linux kernel", 434 }, 435 }, 436 Relationships: []*v2_3.Relationship{ 437 { 438 RefA: common.MakeDocElementID("", "DOCUMENT"), 439 RefB: common.MakeDocElementID("", "Package"), 440 Relationship: "CONTAINS", 441 }, 442 { 443 RefA: common.MakeDocElementID("", "DOCUMENT"), 444 RefB: common.MakeDocElementID("spdx-tool-1.2", "ToolsElement"), 445 Relationship: "COPY_OF", 446 }, 447 { 448 RefA: common.MakeDocElementID("", "DOCUMENT"), 449 RefB: common.MakeDocElementID("", "File"), 450 Relationship: "DESCRIBES", 451 }, 452 { 453 RefA: common.MakeDocElementID("", "DOCUMENT"), 454 RefB: common.MakeDocElementID("", "Package"), 455 Relationship: "DESCRIBES", 456 }, 457 { 458 RefA: common.MakeDocElementID("", "Package"), 459 RefB: common.MakeDocElementID("", "JenaLib"), 460 Relationship: "CONTAINS", 461 }, 462 { 463 RefA: common.MakeDocElementID("", "Package"), 464 RefB: common.MakeDocElementID("", "Saxon"), 465 Relationship: "DYNAMIC_LINK", 466 }, 467 { 468 RefA: common.MakeDocElementID("", "CommonsLangSrc"), 469 RefB: common.MakeDocElementSpecial("NOASSERTION"), 470 Relationship: "GENERATED_FROM", 471 }, 472 { 473 RefA: common.MakeDocElementID("", "JenaLib"), 474 RefB: common.MakeDocElementID("", "Package"), 475 Relationship: "CONTAINS", 476 }, 477 { 478 RefA: common.MakeDocElementID("", "File"), 479 RefB: common.MakeDocElementID("", "fromDoap-0"), 480 Relationship: "GENERATED_FROM", 481 }, 482 }, 483 Reviews: []*v2_3.Review{ 484 { 485 Reviewer: "[email protected]", 486 ReviewerType: "Person", 487 ReviewDate: "2021-11-03T05:43:21Z", 488 ReviewComment: "This is a review comment", 489 }, 490 }, 491} 492