diff --git a/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json b/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json index 89171a14..af8545fb 100644 --- a/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json +++ b/examples/sample-docs/json/SPDXJSONExample-v2.2.spdx.json @@ -126,7 +126,6 @@ "referenceLocator" : "pkg:maven/org.apache.jena/apache-jena@3.12.0", "referenceType" : "purl" } ], - "filesAnalyzed" : false, "homepage" : "http://www.openjena.org/", "licenseConcluded" : "NOASSERTION", "licenseDeclared" : "NOASSERTION", diff --git a/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json b/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json index 07d1374d..def7ad8e 100644 --- a/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json +++ b/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json @@ -97,6 +97,7 @@ "name": "Apache Commons Lang", "SPDXID": "SPDXRef-fromDoap-1", "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, "homepage": "http://commons.apache.org/proper/commons-lang/", "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", @@ -125,6 +126,7 @@ "versionInfo": "8.8", "packageFileName": "saxonB-8.8.zip", "downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "filesAnalyzed": false, "checksums": [ { "algorithm": "SHA1", diff --git a/examples/sample-docs/tv/SPDXTagExample-v2.3.spdx b/examples/sample-docs/tv/SPDXTagExample-v2.3.spdx index e7483b4a..8d4bb61a 100644 --- a/examples/sample-docs/tv/SPDXTagExample-v2.3.spdx +++ b/examples/sample-docs/tv/SPDXTagExample-v2.3.spdx @@ -92,7 +92,7 @@ PrimaryPackagePurpose: CONTAINER ReleaseDate: 2021-10-15T02:38:00Z BuiltDate: 2021-09-15T02:38:00Z ValidUntilDate: 2022-10-15T02:38:00Z -FilesAnalyzed: false +FilesAnalyzed: true PackageHomePage: https://www.centos.org/ PackageCopyrightText: NOASSERTION PackageDescription: The CentOS container used to run the application. @@ -148,7 +148,7 @@ PackageName: Jena SPDXID: SPDXRef-fromDoap-0 PackageVersion: 3.12.0 PackageDownloadLocation: https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz -FilesAnalyzed: false +FilesAnalyzed: true PackageHomePage: http://www.openjena.org/ PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION diff --git a/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml b/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml index d58cf229..de14ae5c 100644 --- a/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml +++ b/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml @@ -217,7 +217,6 @@ packages: - referenceCategory: "PACKAGE_MANAGER" referenceLocator: "pkg:maven/org.apache.jena/apache-jena@3.12.0" referenceType: "purl" - filesAnalyzed: false homepage: "http://www.openjena.org/" licenseConcluded: "NOASSERTION" licenseDeclared: "NOASSERTION" diff --git a/examples/sample-docs/yaml/SPDXYAMLExample-2.3.spdx.yaml b/examples/sample-docs/yaml/SPDXYAMLExample-2.3.spdx.yaml index 52d333f9..ccc6eb90 100644 --- a/examples/sample-docs/yaml/SPDXYAMLExample-2.3.spdx.yaml +++ b/examples/sample-docs/yaml/SPDXYAMLExample-2.3.spdx.yaml @@ -309,6 +309,7 @@ packages: - SPDXID: SPDXRef-fromDoap-1 copyrightText: NOASSERTION downloadLocation: NOASSERTION + filesAnalyzed: false homepage: http://commons.apache.org/proper/commons-lang/ licenseConcluded: NOASSERTION licenseDeclared: NOASSERTION @@ -331,6 +332,7 @@ packages: checksumValue: 85ed0817af83a24ad8da68c2b5094de69833983c copyrightText: Copyright Saxonica Ltd description: The Saxon package is a collection of tools for processing XML documents. + filesAnalyzed: false downloadLocation: https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download homepage: http://saxon.sourceforge.net/ licenseComments: Other versions available for a commercial license diff --git a/spdx/v2/v2_2/example/example.go b/spdx/v2/v2_2/example/example.go index 61b446a4..010ed73f 100644 --- a/spdx/v2/v2_2/example/example.go +++ b/spdx/v2/v2_2/example/example.go @@ -123,8 +123,9 @@ var example = spdx.Document{ Originator: "ExampleCodeInspect (contact@example.com)", OriginatorType: "Organization", }, - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - FilesAnalyzed: true, + PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, PackageVerificationCode: common.PackageVerificationCode{ Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", ExcludedFiles: []string{"./package.spdx"}, @@ -187,14 +188,15 @@ var example = spdx.Document{ }, }, { - PackageSPDXIdentifier: "fromDoap-1", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - PackageHomePage: "http://commons.apache.org/proper/commons-lang/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Apache Commons Lang", + PackageSPDXIdentifier: "fromDoap-1", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://commons.apache.org/proper/commons-lang/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageName: "Apache Commons Lang", }, { PackageName: "Jena", @@ -208,11 +210,12 @@ var example = spdx.Document{ Locator: "pkg:maven/org.apache.jena/apache-jena@3.12.0", }, }, - FilesAnalyzed: false, - PackageHomePage: "http://www.openjena.org/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageVersion: "3.12.0", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageHomePage: "http://www.openjena.org/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageVersion: "3.12.0", }, { PackageSPDXIdentifier: "Saxon", @@ -222,17 +225,18 @@ var example = spdx.Document{ Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, }, - PackageCopyrightText: "Copyright Saxonica Ltd", - PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", - PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - FilesAnalyzed: false, - PackageHomePage: "http://saxon.sourceforge.net/", - PackageLicenseComments: "Other versions available for a commercial license", - PackageLicenseConcluded: "MPL-1.0", - PackageLicenseDeclared: "MPL-1.0", - PackageName: "Saxon", - PackageFileName: "saxonB-8.8.zip", - PackageVersion: "8.8", + PackageCopyrightText: "Copyright Saxonica Ltd", + PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", + PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://saxon.sourceforge.net/", + PackageLicenseComments: "Other versions available for a commercial license", + PackageLicenseConcluded: "MPL-1.0", + PackageLicenseDeclared: "MPL-1.0", + PackageName: "Saxon", + PackageFileName: "saxonB-8.8.zip", + PackageVersion: "8.8", }, }, Files: []*spdx.File{ diff --git a/spdx/v2/v2_2/json/json_test.go b/spdx/v2/v2_2/json/json_test.go index b2411a8e..d6246277 100644 --- a/spdx/v2/v2_2/json/json_test.go +++ b/spdx/v2/v2_2/json/json_test.go @@ -71,6 +71,11 @@ func TestLoad(t *testing.T) { func Test_Write(t *testing.T) { want := example.Copy() + // we always output FilesAnalyzed, even though we handle reading files where it is omitted + for _, p := range want.Packages { + p.IsFilesAnalyzedTagPresent = true + } + w := &bytes.Buffer{} if err := json.Write(&want, w); err != nil { @@ -153,16 +158,19 @@ func Test_ShorthandFields(t *testing.T) { { PackageName: "Container", PackageSPDXIdentifier: "Container", + FilesAnalyzed: true, }, { PackageName: "Package-1", PackageSPDXIdentifier: "Package-1", PackageVersion: "1.1.1", + FilesAnalyzed: true, }, { PackageName: "Package-2", PackageSPDXIdentifier: "Package-2", PackageVersion: "2.2.2", + FilesAnalyzed: true, }, }, Files: []*spdx.File{ @@ -272,6 +280,7 @@ func Test_JsonEnums(t *testing.T) { { PackageName: "Container", PackageSPDXIdentifier: "Container", + FilesAnalyzed: true, }, { PackageName: "Package-1", @@ -284,6 +293,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "pkg:somepkg/ns/name1", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-2", @@ -296,6 +306,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "pkg:somepkg/ns/name2", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-3", @@ -308,6 +319,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-4", @@ -320,6 +332,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", }, }, + FilesAnalyzed: true, }, }, Relationships: []*spdx.Relationship{ diff --git a/spdx/v2/v2_2/package.go b/spdx/v2/v2_2/package.go index aaaeabd2..46081cca 100644 --- a/spdx/v2/v2_2/package.go +++ b/spdx/v2/v2_2/package.go @@ -48,7 +48,7 @@ type Package struct { // 7.8: FilesAnalyzed // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` + FilesAnalyzed bool `json:"filesAnalyzed"` // NOT PART OF SPEC: did FilesAnalyzed tag appear? IsFilesAnalyzedTagPresent bool `json:"-"` @@ -125,7 +125,8 @@ type Package struct { func (p *Package) UnmarshalJSON(b []byte) error { type pkg Package type extras struct { - HasFiles []common.DocElementID `json:"hasFiles"` + HasFiles []common.DocElementID `json:"hasFiles"` + FilesAnalyzed *bool `json:"filesAnalyzed"` } var p2 pkg @@ -141,6 +142,12 @@ func (p *Package) UnmarshalJSON(b []byte) error { *p = Package(p2) p.hasFiles = e.HasFiles + // FilesAnalyzed defaults to true if omitted + if e.FilesAnalyzed == nil { + p.FilesAnalyzed = true + } else { + p.IsFilesAnalyzedTagPresent = true + } return nil } diff --git a/spdx/v2/v2_2/yaml/yaml_test.go b/spdx/v2/v2_2/yaml/yaml_test.go index 62743b12..bacfc805 100644 --- a/spdx/v2/v2_2/yaml/yaml_test.go +++ b/spdx/v2/v2_2/yaml/yaml_test.go @@ -69,6 +69,11 @@ func Test_Read(t *testing.T) { func Test_Write(t *testing.T) { want := example.Copy() + // we always output FilesAnalyzed, even though we handle reading files where it is omitted + for _, p := range want.Packages { + p.IsFilesAnalyzedTagPresent = true + } + w := &bytes.Buffer{} if err := yaml.Write(want, w); err != nil { t.Errorf("Save() error = %v", err.Error()) diff --git a/spdx/v2/v2_3/example/example.go b/spdx/v2/v2_3/example/example.go index ee327534..e426d876 100644 --- a/spdx/v2/v2_3/example/example.go +++ b/spdx/v2/v2_3/example/example.go @@ -123,8 +123,9 @@ var example = spdx.Document{ Originator: "ExampleCodeInspect (contact@example.com)", OriginatorType: "Organization", }, - PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - FilesAnalyzed: true, + PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: true, PackageVerificationCode: &common.PackageVerificationCode{ Value: "d6a770ba38583ed4bb4525bd96e50461655d2758", ExcludedFiles: []string{"./package.spdx"}, @@ -187,14 +188,15 @@ var example = spdx.Document{ }, }, { - PackageSPDXIdentifier: "fromDoap-1", - PackageCopyrightText: "NOASSERTION", - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - PackageHomePage: "http://commons.apache.org/proper/commons-lang/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageName: "Apache Commons Lang", + PackageSPDXIdentifier: "fromDoap-1", + PackageCopyrightText: "NOASSERTION", + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://commons.apache.org/proper/commons-lang/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageName: "Apache Commons Lang", }, { PackageName: "Jena", @@ -208,11 +210,12 @@ var example = spdx.Document{ Locator: "pkg:maven/org.apache.jena/apache-jena@3.12.0", }, }, - FilesAnalyzed: false, - PackageHomePage: "http://www.openjena.org/", - PackageLicenseConcluded: "NOASSERTION", - PackageLicenseDeclared: "NOASSERTION", - PackageVersion: "3.12.0", + FilesAnalyzed: true, + IsFilesAnalyzedTagPresent: false, + PackageHomePage: "http://www.openjena.org/", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageVersion: "3.12.0", }, { PackageSPDXIdentifier: "Saxon", @@ -222,17 +225,18 @@ var example = spdx.Document{ Value: "85ed0817af83a24ad8da68c2b5094de69833983c", }, }, - PackageCopyrightText: "Copyright Saxonica Ltd", - PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", - PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - FilesAnalyzed: false, - PackageHomePage: "http://saxon.sourceforge.net/", - PackageLicenseComments: "Other versions available for a commercial license", - PackageLicenseConcluded: "MPL-1.0", - PackageLicenseDeclared: "MPL-1.0", - PackageName: "Saxon", - PackageFileName: "saxonB-8.8.zip", - PackageVersion: "8.8", + PackageCopyrightText: "Copyright Saxonica Ltd", + PackageDescription: "The Saxon package is a collection of tools for processing XML documents.", + PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + FilesAnalyzed: false, + IsFilesAnalyzedTagPresent: true, + PackageHomePage: "http://saxon.sourceforge.net/", + PackageLicenseComments: "Other versions available for a commercial license", + PackageLicenseConcluded: "MPL-1.0", + PackageLicenseDeclared: "MPL-1.0", + PackageName: "Saxon", + PackageFileName: "saxonB-8.8.zip", + PackageVersion: "8.8", }, { PrimaryPackagePurpose: "CONTAINER", @@ -240,7 +244,7 @@ var example = spdx.Document{ PackageCopyrightText: "NOASSERTION", PackageDescription: "The CentOS container used to run the application.", PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, + FilesAnalyzed: true, PackageHomePage: "https://www.centos.org/", PackageName: "centos", PackageFileName: "saxonB-8.8.zip", diff --git a/spdx/v2/v2_3/json/json_test.go b/spdx/v2/v2_3/json/json_test.go index 6bed4ea9..69801438 100644 --- a/spdx/v2/v2_3/json/json_test.go +++ b/spdx/v2/v2_3/json/json_test.go @@ -61,6 +61,11 @@ func Test_Read(t *testing.T) { func Test_Write(t *testing.T) { want := example.Copy() + // we always output FilesAnalyzed, even though we handle reading files where it is omitted + for _, p := range want.Packages { + p.IsFilesAnalyzedTagPresent = true + } + w := &bytes.Buffer{} if err := json.Write(&want, w); err != nil { @@ -143,16 +148,19 @@ func Test_ShorthandFields(t *testing.T) { { PackageName: "Container", PackageSPDXIdentifier: "Container", + FilesAnalyzed: true, }, { PackageName: "Package-1", PackageSPDXIdentifier: "Package-1", PackageVersion: "1.1.1", + FilesAnalyzed: true, }, { PackageName: "Package-2", PackageSPDXIdentifier: "Package-2", PackageVersion: "2.2.2", + FilesAnalyzed: true, }, }, Files: []*spdx.File{ @@ -262,6 +270,7 @@ func Test_JsonEnums(t *testing.T) { { PackageName: "Container", PackageSPDXIdentifier: "Container", + FilesAnalyzed: true, }, { PackageName: "Package-1", @@ -274,6 +283,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "pkg:somepkg/ns/name1", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-2", @@ -286,6 +296,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "pkg:somepkg/ns/name2", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-3", @@ -298,6 +309,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", }, }, + FilesAnalyzed: true, }, { PackageName: "Package-4", @@ -310,6 +322,7 @@ func Test_JsonEnums(t *testing.T) { Locator: "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", }, }, + FilesAnalyzed: true, }, }, Relationships: []*spdx.Relationship{ diff --git a/spdx/v2/v2_3/package.go b/spdx/v2/v2_3/package.go index 88edf0d3..887e1e61 100644 --- a/spdx/v2/v2_3/package.go +++ b/spdx/v2/v2_3/package.go @@ -48,7 +48,7 @@ type Package struct { // 7.8: FilesAnalyzed // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` + FilesAnalyzed bool `json:"filesAnalyzed"` // NOT PART OF SPEC: did FilesAnalyzed tag appear? IsFilesAnalyzedTagPresent bool `json:"-" yaml:"-"` @@ -143,7 +143,8 @@ type Package struct { func (p *Package) UnmarshalJSON(b []byte) error { type pkg Package type extras struct { - HasFiles []common.DocElementID `json:"hasFiles"` + HasFiles []common.DocElementID `json:"hasFiles"` + FilesAnalyzed *bool `json:"filesAnalyzed"` } var p2 pkg @@ -160,6 +161,13 @@ func (p *Package) UnmarshalJSON(b []byte) error { p.hasFiles = e.HasFiles + // FilesAnalyzed defaults to true if omitted + if e.FilesAnalyzed == nil { + p.FilesAnalyzed = true + } else { + p.IsFilesAnalyzedTagPresent = true + } + return nil } diff --git a/spdx/v2/v2_3/yaml/yaml_test.go b/spdx/v2/v2_3/yaml/yaml_test.go index adaa4846..766a7c33 100644 --- a/spdx/v2/v2_3/yaml/yaml_test.go +++ b/spdx/v2/v2_3/yaml/yaml_test.go @@ -56,6 +56,11 @@ func Test_Read(t *testing.T) { func Test_Write(t *testing.T) { want := example.Copy() + // we always output FilesAnalyzed, even though we handle reading files where it is omitted + for _, p := range want.Packages { + p.IsFilesAnalyzedTagPresent = true + } + w := &bytes.Buffer{} if err := yaml.Write(&want, w); err != nil {