From 3d00e879d6d8b51fee15468adbd4ea1d0945b8cc Mon Sep 17 00:00:00 2001 From: tdruez <489057+tdruez@users.noreply.github.com> Date: Wed, 23 Oct 2024 08:11:01 +0400 Subject: [PATCH] Fix the validity of SPDX outputs #180 (#186) Signed-off-by: tdruez --- CHANGELOG.rst | 3 +++ component_catalog/models.py | 12 ++++++++++-- dje/tests/test_outputs.py | 23 +++++++++++++++++++++-- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f665d19..ee9e192 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,9 @@ Release notes - Fix the models documentation navigation. https://github.com/aboutcode-org/dejacode/issues/182 +- Fix the validity of SPDX outputs. + https://github.com/aboutcode-org/dejacode/issues/180 + ### Version 5.2.0 - Add visual indicator in hierarchy views, when an object on the far left or far right diff --git a/component_catalog/models.py b/component_catalog/models.py index 3d0db08..9c60e9c 100644 --- a/component_catalog/models.py +++ b/component_catalog/models.py @@ -1357,6 +1357,10 @@ def aboutcode_data(self): return without_empty_values(component_data) + @property + def spdx_id(self): + return f"SPDXRef-dejacode-{self._meta.model_name}-{self.uuid}" + def as_spdx(self, license_concluded=None): """ Return this Component as an SPDX Package entry. @@ -1375,7 +1379,7 @@ def as_spdx(self, license_concluded=None): return spdx.Package( name=self.name, - spdx_id=f"dejacode-{self._meta.model_name}-{self.uuid}", + spdx_id=self.spdx_id, supplier=self.owner.as_spdx() if self.owner else "", license_concluded=license_concluded or self.concluded_license_expression_spdx, license_declared=self.declared_license_expression_spdx, @@ -2248,6 +2252,10 @@ def get_about_files(self): return about_files + @property + def spdx_id(self): + return f"SPDXRef-dejacode-{self._meta.model_name}-{self.uuid}" + def as_spdx(self, license_concluded=None): """ Return this Package as an SPDX Package entry. @@ -2281,7 +2289,7 @@ def as_spdx(self, license_concluded=None): return spdx.Package( name=self.name or self.filename, - spdx_id=f"dejacode-{self._meta.model_name}-{self.uuid}", + spdx_id=self.spdx_id, download_location=self.download_url, license_concluded=license_concluded or self.concluded_license_expression_spdx, license_declared=self.declared_license_expression_spdx, diff --git a/dje/tests/test_outputs.py b/dje/tests/test_outputs.py index 7cdcb15..9300844 100644 --- a/dje/tests/test_outputs.py +++ b/dje/tests/test_outputs.py @@ -43,6 +43,9 @@ def test_outputs_get_attachment_response(self): self.assertEqual("application/json", response["Content-Type"]) def test_outputs_get_spdx_document(self): + package = make_package(self.dataspace, package_url="pkg:type/name") + make_product_package(self.product1, package) + document = outputs.get_spdx_document(self.product1, self.super_user) document.creation_info.created = "2000-01-01T01:02:03Z" expected = { @@ -60,8 +63,24 @@ def test_outputs_get_spdx_document(self): ], "licenseListVersion": "3.18", }, - "packages": [], - "documentDescribes": [], + "packages": [ + { + "name": "name", + "SPDXID": f"SPDXRef-dejacode-package-{package.uuid}", + "downloadLocation": "NOASSERTION", + "licenseConcluded": "NOASSERTION", + "copyrightText": "NOASSERTION", + "filesAnalyzed": False, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:type/name", + } + ], + } + ], + "documentDescribes": [f"SPDXRef-dejacode-package-{package.uuid}"], } self.assertEqual(expected, document.as_dict())