diff --git a/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/illegal_chars/package.spdx.yml b/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/illegal_chars/package.spdx.yml new file mode 100644 index 0000000000000..e1926693f3778 --- /dev/null +++ b/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/illegal_chars/package.spdx.yml @@ -0,0 +1,23 @@ +SPDXID: "SPDXRef-DOCUMENT" +spdxVersion: "SPDX-2.2" +creationInfo: + created: "2022-06-29T00:00:00Z" + creators: + - "Organization: OSS Review Toolkit" +name: "illegal_chars" +dataLicense: "CC0-1.0" +documentNamespace: "http://spdx.org/spdxdocs/example" +documentDescribes: + - "SPDXRef-Package-asio_dtls" +packages: + - SPDXID: "SPDXRef-Package-illegal_chars" # This SPDX ID contains '_' which is not allowed. + description: "A SPDX document that is in a directory characters not allowed for SPDX IDs" + copyrightText: "NONE" + filesAnalyzed: false + homepage: "https://example.com/" + licenseConcluded: "NOASSERTION" + licenseDeclared: "NOASSERTION" + originator: "Organization: Robert Bosch GmbH" + name: "illegal_chars" + downloadLocation: "https://example.com" + versionInfo: "1.0.0" diff --git a/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/project-xyz.spdx.yml b/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/project-xyz.spdx.yml new file mode 100644 index 0000000000000..3538992f5102c --- /dev/null +++ b/plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/project-xyz.spdx.yml @@ -0,0 +1,29 @@ +SPDXID: "SPDXRef-DOCUMENT" +spdxVersion: "SPDX-2.2" +creationInfo: + created: "2024-07-08T18:30:22Z" + creators: + - "OSS Review Toolkit" +name: "External Ref with illegal chars" +dataLicense: "CC0-1.0" +documentNamespace: "https://spdx.org/spdxdocs/example" +documentDescribes: +- "SPDXRef-Package-illegal-chars" + +externalDocumentRefs: +- externalDocumentId: "DocumentRef-illegal_chars" # This SPDX ID contains '_' which is not allowed. + spdxDocument: "illegal_chars/package.spdx.yml" + checksum: + algorithm: "SHA1" + checksumValue: "3e3edec9f5073a7b17a9fd066e5f49ed3e41f0a2" + +packages: +- SPDXID: "SPDXRef-Package-test" + copyrightText: "NONE" + downloadLocation: "https://example.com" + filesAnalyzed: false + homepage: "NONE" + licenseConcluded: "Apache-2.0" + licenseDeclared: "Apache-2.0" + name: "Illegal Chars" + originator: "Organization: OSS Review Toolkit" diff --git a/plugins/package-managers/spdx/src/funTest/kotlin/SpdxDocumentFileFunTest.kt b/plugins/package-managers/spdx/src/funTest/kotlin/SpdxDocumentFileFunTest.kt index 8c2a44f3ba7fc..4af2f6fce8934 100644 --- a/plugins/package-managers/spdx/src/funTest/kotlin/SpdxDocumentFileFunTest.kt +++ b/plugins/package-managers/spdx/src/funTest/kotlin/SpdxDocumentFileFunTest.kt @@ -28,6 +28,7 @@ import io.kotest.matchers.maps.haveSize import io.kotest.matchers.nulls.shouldNotBeNull import io.kotest.matchers.should import io.kotest.matchers.shouldBe +import io.kotest.matchers.string.shouldContain import org.ossreviewtoolkit.analyzer.analyze import org.ossreviewtoolkit.analyzer.create @@ -255,6 +256,24 @@ class SpdxDocumentFileFunTest : WordSpec({ Identifier("SpdxDocumentFile:OpenSSL Development Team:openssl:1.1.1g") ) } + + "collect issues for subprojects using illegal SPDX identifiers" { + val projectFile = projectDir.resolve("illegal-chars-external-refs/project-xyz.spdx.yml") + val subProjectFile = projectDir.resolve("illegal-chars-external-refs/illegal_chars/package.spdx.yml") + val definitionFiles = listOf(projectFile, subProjectFile) + + val result = create("SpdxDocumentFile").resolveDependencies(definitionFiles, emptyMap()) + + val rootProject = result.projectResults[projectFile.absoluteFile]?.first() + + rootProject.shouldNotBeNull() + rootProject.issues shouldHaveSize 1 + rootProject.issues.first().message shouldContain Regex( + """ + .*SPDX ID 'SPDXRef-Package-illegal_chars' is only allowed to contain letters, numbers, '.', and '-'.* + """.trimIndent() + ) + } } })