Add validate command

DemaConsulting.SpdxTool.sln.DotSettings

@@ -1,4 +1,6 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=Dema/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=NOASSERTION/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=NTIA/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=SBOM/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=SPDXID/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>

README.md

@@ -42,12 +42,13 @@ Commands:
   copy-package                           Copy package between SPDX documents (workflow only).
   find-package <spdx.json> [criteria]    Find package ID in SPDX document
   print <text>                           Print text to the console
-  query <pattern> <command> [arguments]  Query program output for value
+  query <pattern> <program> [arguments]  Query program output for value
   rename-id <arguments>                  Rename an element ID in an SPDX document.
   run-workflow <workflow.yaml>           Runs the workflow file
   sha256 <operation> <file>              Generate or verify sha256 hashes of files
   to-markdown <spdx.yaml> <out.md>       Create Markdown summary for SPDX document
   update-package                         Update package in SPDX document (workflow only).
+  validate <spdx.json> [ntia]            Validate SPDX document for issues
 ```
 
 
@@ -232,4 +233,10 @@ steps:
       summary: <summary>          # Optional new package summary
       description: <description>  # Optional new package description
       license: <license>          # Optional new package license
+
+  # Validate an SPDX document
+- command: validate
+  inputs:
+    spdx: <spdx.json>             # SPDX file name
+    ntia: true                    # Optional NTIA checking
 ```

spdx-workflow.yaml

@@ -46,7 +46,13 @@ steps:
     operation: generate
     file: ${{ spdx }}
 
+  # Validate the SPDX document
+- command: validate
+  inputs:
+    spdx: ${{ spdx }}
+
+  # Generate the summary
 - command: to-markdown
   inputs:
     spdx: ${{ spdx }}
-    markdown: ${{ summary-markdown }}
+    markdown: ${{ summary-markdown }}

src/DemaConsulting.SpdxTool/Commands/CommandRegistry.cs

@@ -20,7 +20,8 @@ public static class CommandsRegistry
         { RunWorkflow.Entry.Name, RunWorkflow.Entry },
         { Sha256Command.Entry.Name, Sha256Command.Entry },
         { ToMarkdown.Entry.Name, ToMarkdown.Entry },
-        { UpdatePackage.Entry.Name, UpdatePackage.Entry }
+        { UpdatePackage.Entry.Name, UpdatePackage.Entry },
+        { Validate.Entry.Name, Validate.Entry }
     };
 
     /// <summary>

src/DemaConsulting.SpdxTool/Commands/Validate.cs

@@ -0,0 +1,108 @@
+using DemaConsulting.SpdxTool.Spdx;
+using YamlDotNet.Core;
+using YamlDotNet.RepresentationModel;
+
+namespace DemaConsulting.SpdxTool.Commands;
+
+/// <summary>
+/// Command to validate SPDX documents
+/// </summary>
+public class Validate : Command
+{
+    /// <summary>
+    /// Singleton instance of this command
+    /// </summary>
+    public static readonly Validate Instance = new();
+
+    /// <summary>
+    /// Entry information for this command
+    /// </summary>
+    public static readonly CommandEntry Entry = new(
+        "validate",
+        "validate <spdx.json> [ntia]",
+        "Validate SPDX document for issues",
+        new[]
+        {
+            "This command validates an SPDX document for issues.",
+            "",
+            "From the command-line this can be used as:",
+            "  spdx-tool validate <spdx.json> [ntia]",
+            "",
+            "From a YAML file this can be used as:",
+            "  - command: validate",
+            "    inputs:",
+            "      spdx: <spdx.json>             # SPDX file name",
+            "      ntia: true                    # Optional NTIA checking"
+        },
+        Instance);
+
+    /// <summary>
+    /// Private constructor - this is a singleton
+    /// </summary>
+    private Validate()
+    {
+    }
+
+    /// <inheritdoc />
+    public override void Run(string[] args)
+    {
+        // Report an error if for missing arguments
+        if (args.Length == 0)
+            throw new CommandUsageException("'validate' command missing arguments");
+
+        // Process the arguments
+        var spdxFile = args[0];
+        var ntia = args.Skip(1).Any(a => a == "ntia");
+
+        // Perform validation
+        DoValidate(spdxFile, ntia);
+    }
+
+    /// <inheritdoc />
+    public override void Run(YamlMappingNode step, Dictionary<string, string> variables)
+    {
+        // Get the step inputs
+        var inputs = GetMapMap(step, "inputs");
+
+        // Get the 'spdx' input
+        var spdxFile = GetMapString(inputs, "spdx", variables) ??
+                       throw new YamlException(step.Start, step.End, "'to-markdown' command missing 'spdx' input");
+
+        // Get the 'ntia' input
+        var ntiaValue = GetMapString(inputs, "ntia", variables);
+        var ntia = ntiaValue?.ToLowerInvariant() == "true";
+
+        // Perform validation
+        DoValidate(spdxFile, ntia);
+    }
+
+    /// <summary>
+    /// Validate SPDX document for issues
+    /// </summary>
+    /// <param name="spdxFile">SPDX document file name</param>
+    /// <param name="ntia">NTIA flag</param>
+    /// <exception cref="CommandErrorException">on issues</exception>
+    public static void DoValidate(string spdxFile, bool ntia)
+    {
+        // Load the SPDX document
+        var doc = SpdxHelpers.LoadJsonDocument(spdxFile);
+
+        // Get the issues
+        var issues = new List<string>();
+        doc.Validate(issues, ntia);
+
+        // Skip if no issues detected
+        if (issues.Count == 0)
+            return;
+
+        // Report issues to console
+        Console.ForegroundColor = ConsoleColor.DarkYellow;
+        foreach (var issue in issues)
+            Console.WriteLine(issue);
+        Console.ResetColor();
+        Console.WriteLine();
+
+        // Throw error
+        throw new CommandErrorException($"Found {issues.Count} Issues in {spdxFile}");
+    }
+}

src/DemaConsulting.SpdxTool/DemaConsulting.SpdxTool.csproj

@@ -40,7 +40,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="DemaConsulting.SpdxModel" Version="0.1.0-alpha.2" />
+    <PackageReference Include="DemaConsulting.SpdxModel" Version="0.1.0-alpha.4" />
     <PackageReference Include="YamlDotNet" Version="15.1.4" />
   </ItemGroup>
 

test/DemaConsulting.SpdxTool.Tests/DemaConsulting.SpdxTool.Tests.csproj

@@ -18,9 +18,9 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.4.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.4.1" />
   </ItemGroup>
 
   <ItemGroup>