Skip to content

Commit b370d35

Browse files
enzbangenzbang
authored
Merge pull request #576 from enzbang/enhance-spdx-support
Enhance spdx support
2 parents 179c95e + a73ee77 commit b370d35

File tree

2 files changed

+21
-3
lines changed

2 files changed

+21
-3
lines changed

src/e3/spdx.py

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -384,6 +384,15 @@ class PackageLicenseConcluded(SPDXEntryMaybeStr):
384384
json_entry_key = "licenseConcluded"
385385

386386

387+
class PackageLicenseComments(SPDXEntryMaybeStrMultilines):
388+
"""Cecord background information or analysis for the Concluded License.
389+
390+
See 7.16 Comments on license field
391+
"""
392+
393+
json_entry_key = "licenseComments"
394+
395+
387396
class PackageLicenseDeclared(SPDXEntryMaybeStr):
388397
"""Contain the license having been declared by the authors of the package.
389398
@@ -417,7 +426,7 @@ class ExternalRef(SPDXEntry):
417426
See 7.21 External reference field
418427
"""
419428

420-
json_entry_key = "external-refs"
429+
json_entry_key = "externalRefs"
421430

422431
def __init__(
423432
self,
@@ -624,6 +633,7 @@ class Package(SPDXSection):
624633
copyright_text: PackageCopyrightText
625634
files_analyzed: FilesAnalyzed
626635
license_concluded: PackageLicenseConcluded
636+
license_comments: PackageLicenseComments | None
627637
license_declared: PackageLicenseDeclared | None
628638
download_location: PackageDownloadLocation
629639
external_refs: list[ExternalRef] | None
@@ -695,6 +705,7 @@ def add_package(
695705
download_location: str,
696706
files_analyzed: bool,
697707
copyright_text: str,
708+
license_comments: str | None = None,
698709
license_declared: str | None = None,
699710
is_main_package: bool = False,
700711
add_relationship: bool = True,
@@ -707,6 +718,7 @@ def add_package(
707718
:param file_name: the actual file name of the package
708719
:param checksum: the package checksum (see SHA1, SHA256 classes)
709720
:param license_concluded: the license concluded as govering the package
721+
:param license_comments: comments for the license_concluded field
710722
:param license_declared: the license declared in the package
711723
:param supplier: actual distribution source for the package
712724
:param originator: this field identifies from where or whom the package
@@ -753,6 +765,9 @@ def add_package(
753765
file_name=PackageFileName(file_name),
754766
checksum=checksum,
755767
license_concluded=PackageLicenseConcluded(license_concluded),
768+
license_comments=PackageLicenseComments(license_comments)
769+
if license_comments is not None
770+
else None,
756771
license_declared=PackageLicenseDeclared(license_declared)
757772
if license_declared is not None
758773
else None,

tests/tests_e3/spdx_test.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ def test_external_ref():
4444
== "ExternalRef: PACKAGE-MANAGER purl pkg:pypi/wheel@0.36.2"
4545
)
4646
assert ExternalRef.from_dict(value).to_json_dict() == {
47-
"external-refs": {
47+
"externalRefs": {
4848
"referenceCategory": "PACKAGE-MANAGER",
4949
"referenceLocator": "pkg:pypi/wheel@0.36.2",
5050
"referenceType": "purl",
@@ -91,6 +91,7 @@ def test_spdx():
9191
SHA1("6876df3aa8780622368173fe6e868a2edc3932c8"),
9292
],
9393
license_concluded="GPL-3.0-or-later",
94+
license_comments="Pretty sure this is GPL v3",
9495
supplier=Organization("AdaCore"),
9596
originator=Organization("AdaCore"),
9697
download_location=NOASSERTION,
@@ -203,6 +204,7 @@ def test_spdx():
203204
"PackageCopyrightText: <text>2023 AdaCore</text>",
204205
"FilesAnalyzed: false",
205206
"PackageLicenseConcluded: GPL-3.0-or-later",
207+
"PackageLicenseComments: <text>Pretty sure this is GPL v3</text>",
206208
"PackageDownloadLocation: NOASSERTION",
207209
"ExternalRef: PACKAGE-MANAGER purl pkg:generic/my-dep@1b2",
208210
"",
@@ -286,7 +288,7 @@ def test_spdx():
286288
],
287289
"copyrightText": "2023 AdaCore",
288290
"downloadLocation": "NOASSERTION",
289-
"external-refs": [
291+
"externalRefs": [
290292
{
291293
"referenceCategory": "PACKAGE-MANAGER",
292294
"referenceLocator": "pkg:generic/my-dep@1b2",
@@ -295,6 +297,7 @@ def test_spdx():
295297
],
296298
"packageFileName": "my-dep-1b2.tgz",
297299
"licenseConcluded": "GPL-3.0-or-later",
300+
"licenseComments": "Pretty sure this is GPL v3",
298301
"name": "my-dep",
299302
"originator": "Organization: AdaCore",
300303
"supplier": "Organization: AdaCore",

0 commit comments

Comments
 (0)