Skip to content

Commit 84bf031

Browse files
goneallgoneall
committed
Update unit tests for SPDX 2.3 fields
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
1 parent 61c19be commit 84bf031

7 files changed

Lines changed: 5374 additions & 2338 deletions

File tree

TestFiles/SPDXRdfExample-old.rdf

Lines changed: 1365 additions & 0 deletions
Large diffs are not rendered by default.

TestFiles/SPDXRdfExample.rdf

Lines changed: 3873 additions & 896 deletions
Large diffs are not rendered by default.

TestFiles/SPDXRdfExampleHttps.rdf.xml

Lines changed: 0 additions & 1434 deletions
This file was deleted.

src/test/java/org/spdx/library/model/ChecksumTest.java

Lines changed: 46 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import org.spdx.library.InvalidSPDXAnalysisException;
2424
import org.spdx.library.ModelCopyManager;
2525
import org.spdx.library.SpdxConstants;
26+
import org.spdx.library.Version;
2627
import org.spdx.library.model.enumerations.ChecksumAlgorithm;
2728
import org.spdx.spdxRdfStore.RdfStore;
2829

@@ -36,14 +37,36 @@ public class ChecksumTest extends TestCase {
3637

3738
static final ChecksumAlgorithm[] ALGORITHMS = new ChecksumAlgorithm[] {
3839
ChecksumAlgorithm.MD5, ChecksumAlgorithm.SHA1,
39-
ChecksumAlgorithm.SHA256};
40+
ChecksumAlgorithm.SHA256, ChecksumAlgorithm.SHA3_256, ChecksumAlgorithm.SHA3_384, ChecksumAlgorithm.SHA3_512,
41+
ChecksumAlgorithm.BLAKE2b_256, ChecksumAlgorithm.BLAKE2b_384, ChecksumAlgorithm.BLAKE2b_512,
42+
ChecksumAlgorithm.BLAKE3, ChecksumAlgorithm.ADLER32};
4043
static final String SHA1_VALUE1 = "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12";
4144
static final String SHA1_VALUE2 = "2222e1c67a2d28fced849ee1bb76e7391b93eb12";
4245
static final String SHA256_VALUE1 = "CA978112CA1BBDCAFAC231B39A23DC4DA786EFF8147C4E72B9807785AFEE48BB";
4346
static final String SHA256_VALUE2 = "F7846F55CF23E14EEBEAB5B4E1550CAD5B509E3348FBC4EFA3A1413D393CB650";
4447
static final String MD5_VALUE1 = "9e107d9d372bb6826bd81d3542a419d6";
4548
static final String MD5_VALUE2 = "d41d8cd98f00b204e9800998ecf8427e";
46-
String[] VALUES = new String[] {MD5_VALUE1, SHA1_VALUE1, SHA256_VALUE1};
49+
static final String SHA3_256_VALUE1 = "3518a1626d45e0136ab145f4406e7991b983609ef47fda2c0e12b8c07c35bcde";
50+
static final String SHA3_256_VALUE2 = "ef6b5a41a0e7c3e0699f17aa1a2b03d0d3739163015928dead0136ffcd2d0733";
51+
static final String SHA3_384_VALUE1 = "8ba59b02f048a31a7ee4cbbd22a6cd02961e9650008037b7f7309dd882f3aaa9bb2a93653c1d524420f25ac62d037667";
52+
static final String SHA3_384_VALUE2 = "ccfe5458990438984358069f0b647f5cbc248ee41679bca93b4f18c0bb69ec8e6e41f19481eb3dc83dd22a2ad28f2102";
53+
static final String SHA3_512_VALUE1 = "b410ad04ad92b70b1f77b62165a67c2ac368030ca79d47f95d48f37e9be155423242d4ef0c2af510c99f1c99deb95b990a131189adfe0dc841082833dd5dfc64";
54+
static final String SHA3_512_VALUE2 = "e32069186e8946b22c0eec91a2978727b16bd6020e2b191f95ddd1e3ffcfa533ac1444dd0c09caf73b003b30001e974859ef1a48996e9b4cf783d764438725d6";
55+
static final String BLAKE2B_256_VALUE1 = "716f6e863f744b9ac22c97ec7b76ea5f5908bc5b2f67c61510bfc4751384ea7a";
56+
static final String BLAKE2B_256_VALUE2 = "aaaf6e863f744b9ac22c97ec7b76ea5f5908bc5b2f67c61510bfc4751384ea7a";
57+
static final String BLAKE2B_384_VALUE1 = "c6cbd89c926ab525c242e6621f2f5fa73aa4afe3d9e24aed727faaadd6af38b620bdb623dd2b4788b1c8086984af8706";
58+
static final String BLAKE2B_384_VALUE2 = "aaabd89c926ab525c242e6621f2f5fa73aa4afe3d9e24aed727faaadd6af38b620bdb623dd2b4788b1c8086984af8706";
59+
static final String BLAKE2B_512_VALUE1 = "a8cfbbd73726062df0c6864dda65defe58ef0cc52a5625090fa17601e1eecd1b628e94f396ae402a00acc9eab77b4d4c2e852aaaa25a636d80af3fc7913ef5b8";
60+
static final String BLAKE2B_512_VALUE2 = "dddfbbd73726062df0c6864dda65defe58ef0cc52a5625090fa17601e1eecd1b628e94f396ae402a00acc9eab77b4d4c2e852aaaa25a636d80af3fc7913ef5b8";
61+
static final String BLAKE3_VALUE1 = "9d48cdf8fdcd4af64318de560973d16140ea4de3e1f9212770b01211d9eb59fc";
62+
static final String BLAKE3_VALUE2 = "aaa8cdf8fdcd4af64318de560973d16140ea4de3e1f9212770b01211d9eb59fc";
63+
static final String ADLER32_VALUE1 = "0eaa033d";
64+
static final String ADLER32_VALUE2 = "ddaa033d";
65+
66+
String[] VALUES = new String[] {MD5_VALUE1, SHA1_VALUE1, SHA256_VALUE1, SHA3_256_VALUE1, SHA3_384_VALUE1,
67+
SHA3_512_VALUE1, BLAKE2B_256_VALUE1, BLAKE2B_384_VALUE1, BLAKE2B_512_VALUE1, BLAKE3_VALUE1, ADLER32_VALUE1};
68+
String[] VALUES2 = new String[] {MD5_VALUE2, SHA1_VALUE2, SHA256_VALUE2, SHA3_256_VALUE2, SHA3_384_VALUE2,
69+
SHA3_512_VALUE2, BLAKE2B_256_VALUE2, BLAKE2B_384_VALUE2, BLAKE2B_512_VALUE2, BLAKE3_VALUE2, ADLER32_VALUE2};
4770
Checksum[] TEST_CHECKSUMS;
4871
GenericModelObject gmo;
4972

@@ -108,7 +131,7 @@ public void testSetAlgorithm() throws InvalidSPDXAnalysisException {
108131
ChecksumAlgorithm[] newAlgorithms = new ChecksumAlgorithm[] {
109132
ALGORITHMS[2], ALGORITHMS[0], ALGORITHMS[1]
110133
};
111-
for (int i = 0;i < checksumReferences.length; i++) {
134+
for (int i = 0;i < newAlgorithms.length; i++) {
112135
assertEquals(ALGORITHMS[i], TEST_CHECKSUMS[i].getAlgorithm());
113136
assertEquals(ALGORITHMS[i], checksumReferences[i].getAlgorithm());
114137
checksumReferences[i].setAlgorithm(newAlgorithms[i]);
@@ -132,7 +155,7 @@ public void testSetValue() throws InvalidSPDXAnalysisException {
132155
String[] newValues = new String[] {
133156
MD5_VALUE2, SHA1_VALUE2, SHA256_VALUE2
134157
};
135-
for (int i = 0;i < checksumReferences.length; i++) {
158+
for (int i = 0;i < newValues.length; i++) {
136159
assertEquals(VALUES[i], TEST_CHECKSUMS[i].getValue());
137160
assertEquals(VALUES[i], checksumReferences[i].getValue());
138161
checksumReferences[i].setValue(newValues[i]);
@@ -177,5 +200,24 @@ public void testCompareTo() throws InvalidSPDXAnalysisException {
177200
assertTrue(checksum.compareTo(checksum2) > 0);
178201
assertTrue(checksum2.compareTo(checksum) < 0);
179202
}
203+
204+
public void testPre23FailsVerification() throws InvalidSPDXAnalysisException {
205+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.ADLER32, ADLER32_VALUE1)
206+
.verify(Version.TWO_POINT_TWO_VERSION).size());
207+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.BLAKE2b_256, BLAKE2B_256_VALUE1)
208+
.verify(Version.TWO_POINT_TWO_VERSION).size());
209+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.BLAKE2b_384, BLAKE2B_384_VALUE1)
210+
.verify(Version.TWO_POINT_TWO_VERSION).size());
211+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.BLAKE2b_512, BLAKE2B_512_VALUE1)
212+
.verify(Version.TWO_POINT_TWO_VERSION).size());
213+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.BLAKE3, BLAKE3_VALUE1)
214+
.verify(Version.TWO_POINT_TWO_VERSION).size());
215+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.SHA3_256, SHA3_256_VALUE1)
216+
.verify(Version.TWO_POINT_TWO_VERSION).size());
217+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.SHA3_384, SHA3_384_VALUE1)
218+
.verify(Version.TWO_POINT_TWO_VERSION).size());
219+
assertEquals(1, gmo.createChecksum(ChecksumAlgorithm.SHA3_512, SHA3_512_VALUE1)
220+
.verify(Version.TWO_POINT_TWO_VERSION).size());
221+
}
180222

181223
}

src/test/java/org/spdx/library/model/SpdxPackageTest.java

Lines changed: 79 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,11 @@
2727
import org.spdx.library.InvalidSPDXAnalysisException;
2828
import org.spdx.library.ModelCopyManager;
2929
import org.spdx.library.SpdxConstants;
30+
import org.spdx.library.Version;
3031
import org.spdx.library.model.enumerations.AnnotationType;
3132
import org.spdx.library.model.enumerations.ChecksumAlgorithm;
3233
import org.spdx.library.model.enumerations.FileType;
34+
import org.spdx.library.model.enumerations.Purpose;
3335
import org.spdx.library.model.enumerations.ReferenceCategory;
3436
import org.spdx.library.model.enumerations.RelationshipType;
3537
import org.spdx.library.model.license.AnyLicenseInfo;
@@ -1297,7 +1299,6 @@ public void testAddRelationship() throws InvalidSPDXAnalysisException {
12971299
List<Relationship> relationships1 = Arrays.asList(new Relationship[] {RELATIONSHIP1});
12981300
List<Relationship> relationships2 = Arrays.asList(new Relationship[] {RELATIONSHIP1, RELATIONSHIP2});
12991301
List<Checksum> checksums = Arrays.asList(new Checksum[] {CHECKSUM2, CHECKSUM3, CHECKSUM1});
1300-
List<SpdxFile> files = Arrays.asList(new SpdxFile[] {FILE1, FILE2});
13011302
List<AnyLicenseInfo> licenseFromFiles = Arrays.asList(new AnyLicenseInfo[] {LICENSE2});
13021303
String id = gmo.getModelStore().getNextId(IdType.SpdxId, gmo.getDocumentUri());
13031304
List<ExternalRef> externalRefs = Arrays.asList(new ExternalRef[] {EXTERNAL_REF1});
@@ -1456,4 +1457,81 @@ public void testSetNameString() throws InvalidSPDXAnalysisException {
14561457
assertEquals(PKG_NAME2, pkg2.getName().get());
14571458
assertEquals(PKG_NAME2, pkg.getName().get());
14581459
}
1460+
1461+
// Test to verify spec versions prior to 2.3 fail verify for missing license or copyright fields
1462+
public void testVerify23Fields() throws InvalidSPDXAnalysisException {
1463+
// previously required fields
1464+
SpdxPackage pkg = gmo.createPackage(gmo.getModelStore()
1465+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, null, null, null)
1466+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1467+
.setFilesAnalyzed(false)
1468+
.build();
1469+
1470+
1471+
assertEquals(0, pkg.verify().size());
1472+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1473+
1474+
// BuiltDate
1475+
pkg = gmo.createPackage(gmo.getModelStore()
1476+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1477+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1478+
.setFilesAnalyzed(false)
1479+
.setBuiltDate(DATE_NOW)
1480+
.build();
1481+
assertEquals(0, pkg.verify().size());
1482+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1483+
1484+
// Release Date
1485+
pkg = gmo.createPackage(gmo.getModelStore()
1486+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1487+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1488+
.setFilesAnalyzed(false)
1489+
.setReleaseDate(DATE_NOW)
1490+
.build();
1491+
assertEquals(0, pkg.verify().size());
1492+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1493+
1494+
// Valid Until Date
1495+
pkg = gmo.createPackage(gmo.getModelStore()
1496+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1497+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1498+
.setFilesAnalyzed(false)
1499+
.setValidUntilDate(DATE_NOW)
1500+
.build();
1501+
assertEquals(0, pkg.verify().size());
1502+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1503+
1504+
// Primary Purpose
1505+
pkg = gmo.createPackage(gmo.getModelStore()
1506+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1507+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1508+
.setFilesAnalyzed(false)
1509+
.setPrimaryPurpose(Purpose.APPLICATION)
1510+
.build();
1511+
assertEquals(0, pkg.verify().size());
1512+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1513+
1514+
// Relationship Type REQUIREMENT_DESCRIPTION_FOR
1515+
Relationship rel = gmo.createRelationship(FILE1, RelationshipType.REQUIREMENT_DESCRIPTION_FOR, "");
1516+
pkg = gmo.createPackage(gmo.getModelStore()
1517+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1518+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1519+
.setFilesAnalyzed(false)
1520+
.addRelationship(rel)
1521+
.build();
1522+
assertEquals(0, pkg.verify().size());
1523+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1524+
1525+
// Relationship Type SPECIFICATION_FOR
1526+
rel = gmo.createRelationship(FILE1, RelationshipType.SPECIFICATION_FOR, "");
1527+
pkg = gmo.createPackage(gmo.getModelStore()
1528+
.getNextId(IdType.SpdxId, gmo.getDocumentUri()), PKG_NAME1, LICENSE1, "copyright", LICENSE2)
1529+
.setDownloadLocation(DOWNLOAD_LOCATION1)
1530+
.setFilesAnalyzed(false)
1531+
.addRelationship(rel)
1532+
.build();
1533+
assertEquals(0, pkg.verify().size());
1534+
assertTrue(pkg.verify(Version.TWO_POINT_ZERO_VERSION).size() > 0);
1535+
1536+
}
14591537
}

src/test/java/org/spdx/library/model/SpdxSnippetTest.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
import org.spdx.library.model.license.DisjunctiveLicenseSet;
3535
import org.spdx.library.model.license.ExtractedLicenseInfo;
3636
import org.spdx.library.model.license.SpdxListedLicense;
37+
import org.spdx.library.model.license.SpdxNoAssertionLicense;
3738
import org.spdx.library.model.pointer.ByteOffsetPointer;
3839
import org.spdx.library.model.pointer.LineCharPointer;
3940
import org.spdx.library.model.pointer.StartEndPointer;
@@ -346,5 +347,15 @@ public void testCompareTo() throws InvalidSPDXAnalysisException {
346347
.build();
347348
assertTrue(snippet.compareTo(snippet5) > 0);
348349
}
350+
351+
public void testMissingLicenseInfo() throws InvalidSPDXAnalysisException {
352+
SpdxSnippet snippet = gmo.createSpdxSnippet(gmo.getModelStore().getNextId(IdType.SpdxId, gmo.getDocumentUri()),
353+
"snippetName", null, Arrays.asList(new AnyLicenseInfo[] {}), null,
354+
FROM_FILE1, OFFSET1_1, OFFSET1_2)
355+
.setLineRange(LINE1_1, LINE1_2)
356+
.build();
357+
assertEquals(new SpdxNoAssertionLicense(), snippet.getLicenseConcluded());
358+
assertTrue(snippet.getLicenseInfoFromFiles().isEmpty());
359+
}
349360

350361
}

src/test/java/org/spdx/spdxRdfStore/RdfStoreTest.java

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,7 @@
44
package org.spdx.spdxRdfStore;
55

66
import java.io.File;
7-
import java.io.FileOutputStream;
87
import java.io.IOException;
9-
import java.nio.file.Files;
10-
import java.nio.file.Path;
118
import java.util.ArrayList;
129
import java.util.Collection;
1310
import java.util.List;

0 commit comments

Comments
 (0)