Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft: bug fixing #180

Closed
wants to merge 7 commits into from
Closed

Conversation

yanyag
Copy link

@yanyag yanyag commented Jul 5, 2021

Support writing and parsing "filesAnalyzed" into XML/JSON/YAML.
Fix parsers to support multiple packages per document.
All the tests are passing.

yanyag added 2 commits July 5, 2021 17:58
…sers to support multiple packages per document

Signed-off-by: Yan <yyagudayev@vdoo.com>
…ML. Fix parsers to support multiple packages per document. Fixing unit-tests

Signed-off-by: Yan <yyagudayev@vdoo.com>
# Files Analyzed optional
if pkg_files_analyzed is None:
return
if isinstance(pkg_files_analyzed, six.string_types) or isinstance(pkg_files_analyzed, bool):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

according to the spec, https://spdx.github.io/spdx-spec/3-package-information/
filesAnalysed can only be a boolean.

So I would have stored the conversion to bool.

Also, we are removing six in #179 , so please don't use six for new code/

def parse_pkg_verif_code_field(self, pkg_verif_code_field):
"""
Parse Package verification code dict
- pkg_verif_code_field: Python dict('value':str/unicode, 'excludedFilesNames':list)
"""
if self.document.packages[-1].files_analyzed == False:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if self.document.packages[-1].files_analyzed == False:
if not self.document.packages[-1].files_analyzed:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why testing on packages[-1]? Sounds like a hack assuming the current package being parser is the last one.

I think we may rather want to do this test in the caller function

@@ -1183,6 +1183,7 @@ def p_package_name(self, p):
value = p[2].decode(encoding="utf-8")
else:
value = p[2]
self.builder.reset_package()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure why this change. Can you please explain?

package_object["packageVerificationCode"] = self.package_verification_code(
package
)
if package.files_analyzed in [True, None]:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as the default value for this field is True, we should initialize the field to True.

this test is really not obvious, and will lead to bugs in the future

package_object["licenseConcluded"] = self.license(package.conc_lics)
package_object["licenseInfoFromFiles"] = list(
map(self.license, package.licenses_from_files)
)
package_object["licenseDeclared"] = self.license(package.license_declared)
package_object["copyrightText"] = package.cr_text.__str__()

if package.has_optional_field("files_analyzed"):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as per spec: 3.8.3 Cardinality: Optional, one. If omitted, the default value of true is assumed.

so imho we should really initialize this to True, an only write if it is set to False

Suggested change
if package.has_optional_field("files_analyzed"):
if package.files_analyzed:

@tardyp
Copy link
Contributor

tardyp commented Jul 15, 2021

hi @yanyag can you please rebase this PR?

now that the six removal PR is merged, there are a few conflicts.

@tardyp
Copy link
Contributor

tardyp commented Jul 27, 2021

hi @yanyag @itraviv ,

Please remember you still have this PR open that needs rebasing. It still contains merge conflicts.

Now the PR contains more fixes than initially pushed, and it becoming less trivial.
I think it will need more unit tests, with 2.2 file examples which proves that your code is actually working.

@yanyag yanyag changed the title bug fixing Draft: bug fixing Jul 27, 2021
@pombredanne
Copy link
Member

Gentle ping :)

@itraviv
Copy link

itraviv commented Jul 28, 2021

hi, we will probably need some time until we'll be able to have this MR ready due to capacity. will ping when ready.

@pombredanne
Copy link
Member

gentle ping :) Any update?

@armintaenzertng
Copy link
Collaborator

As this PR is still in draft mode and has not been receiving vital updates for over a year, I suggest closing it.

@yanyag, any objections?

@nicoweidner
Copy link
Collaborator

Closing this due to inactivity, please ping if it should be reopened.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants