tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
This is a fix for https://github.com/spdx/tools-python/issues/825
To allow download location with case insensitive hostname and protocol the regular expression should be replaced in validation.
[OPENSSL-zlib.spdx.json](https://github.com/user-attachments/files/16147054/OPENSSL-zlib.spdx.json) ``` pyspdxtools -i OPENSSL-zlib.spdx.json ERROR:root:The document is invalid. The following issues have been found: Unrecognized license reference: zlib. license_expression must only use IDs from the license list or extracted...
The error messages produced by failing type checks are very hard to read as they contain coloring commands which seem not be rendered correctly and might not even make sense...
I am finding that validation is extremely slow (taking 3+ hours to validate a document that took a fraction of the time to create). A sample cProfile run shows ```...
In SPDX models `CreationInfo` class we have [`license_list_version: Optional[Version] = None`](https://github.com/spdx/tools-python/blob/main/src/spdx_tools/spdx/model/document.py#L35) and in the `Version` class we only have support for [Major and Minor version numbers](https://github.com/spdx/tools-python/blob/main/src/spdx_tools/spdx/model/version.py#L13) but since SPDX License...
An internal tool is failing to validate SPDX files which use PACKAGE_MANAGER as an ExternalPackageRefCategory. Presumably PERSISTENT_ID would fail validation as well. According to [SPDX 2.2.2 spec](https://spdx.github.io/spdx-spec/v2-draft/package-information/#722-external-reference-comment-field), those underscores should...
[merge.spdx.json](https://github.com/user-attachments/files/16157694/merge.spdx.json) ``` "packages": [ { "name": "merge", "SPDXID": "SPDXRef-RootPackage-25a7cf47-382b-459a-b9b0-d66923553704", "versionInfo": "1", "supplier": "NOASSERTION", "downloadLocation": "NOASSERTION", "filesAnalyzed": true, "copyrightText": "NOASSERTION", "primaryPackagePurpose": "application" }, ``` The spec only allows upper case, it...
[case-sensitive2.spdx.txt](https://github.com/user-attachments/files/16141694/case-sensitive2.spdx.txt) File is valid SPDX, but tools-python says: ``` mvargena@M-FVFL11531WG7 252 > pyspdxtools -i case-sensitive2.spdx ERROR:root:The document is invalid. The following issues have been found: Unrecognized license reference: LicenseRef-case-sensitive. license_expression...
[duplicate.spdx.json](https://github.com/user-attachments/files/16139610/duplicate.spdx.json) Java tools https://github.com/spdx/tools-java correctly detect a duplicate licenseId: ``` Analysis exception processing SPDX file: ID LicenseRef-Golang-BSD-plus-Patents already exists. ``` tools-python 0.8.2 does not.