Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/DemaConsulting.SpdxTool/SelfValidation/Validate.cs
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ public static void Run(Context context)
ValidateCopyPackage.Run(context, results);
ValidateFindPackage.Run(context, results);
ValidateGetVersion.Run(context, results);
ValidateNtia.Run(context, results);
ValidateQuery.Run(context, results);
ValidateRenameId.Run(context, results);
ValidateUpdatePackage.Run(context, results);
Expand Down
179 changes: 179 additions & 0 deletions src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
// Copyright (c) 2024 DEMA Consulting
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all
// copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
// SOFTWARE.

using DemaConsulting.TestResults;

namespace DemaConsulting.SpdxTool.SelfValidation;

/// <summary>
/// Self-validation of NTIA validation
/// </summary>
internal static class ValidateNtia
{
/// <summary>
/// Run validation test
/// </summary>
/// <param name="context">Program context</param>
/// <param name="results">Test results</param>
public static void Run(Context context, TestResults.TestResults results)
{
var passed = DoValidate();

// Report validation result
context.WriteLine($"- SpdxTool_Ntia: {(passed ? "Passed" : "Failed")}");
results.Results.Add(
new TestResult
{
Name = "SpdxTool_Ntia",
ClassName = "DemaConsulting.SpdxTool.SelfValidation.ValidateNtia",
ComputerName = Environment.MachineName,
StartTime = DateTime.Now,
Outcome = passed ? TestOutcome.Passed : TestOutcome.Failed
});
}

/// <summary>
/// Do the validation
/// </summary>
/// <returns>True on success</returns>
private static bool DoValidate()
Comment thread
Malcolmnixon marked this conversation as resolved.
{
try
{
// Create the temporary validation folder
Directory.CreateDirectory("validate.tmp");

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Windows / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

Check warning on line 61 in src/DemaConsulting.SpdxTool/SelfValidation/ValidateNtia.cs

View workflow job for this annotation

GitHub Actions / Build Linux / build

Define a constant instead of using this literal 'validate.tmp' 5 times. (https://rules.sonarsource.com/csharp/RSPEC-1192)

// Write test SPDX file that is valid but not NTIA compliant
// Missing: supplier field for the package
File.WriteAllText("validate.tmp/test-ntia.spdx.json",
"""
{
"files": [],
"packages": [
{
"SPDXID": "SPDXRef-Package",
"name": "Test Package",
"versionInfo": "1.0.0",
"downloadLocation": "https://github.com/demaconsulting/SpdxTool",
"filesAnalyzed": false,
"licenseConcluded": "MIT"
}
],
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-Package",
"relationshipType": "DESCRIBES"
}
],
"spdxVersion": "SPDX-2.2",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "Test Document",
"documentNamespace": "https://sbom.spdx.org",
"creationInfo": {
"created": "2021-10-01T00:00:00Z",
"creators": [ "Person: Malcolm Nixon" ]
}
}
""");

// Run validation without NTIA flag - should succeed
var exitCode1 = Validate.RunSpdxTool(
"validate.tmp",
[
"--silent",
"validate",
"test-ntia.spdx.json"
]);

// Fail if SpdxTool reported an error
if (exitCode1 != 0)
return false;

// Run validation with NTIA flag - should fail due to missing supplier
var exitCode2 = Validate.RunSpdxTool(
"validate.tmp",
[
"--silent",
"validate",
"test-ntia.spdx.json",
"ntia"
]);

// Should fail validation
if (exitCode2 == 0)
return false;

// Write test SPDX file that is NTIA compliant
File.WriteAllText("validate.tmp/test-ntia-valid.spdx.json",
"""
{
"files": [],
"packages": [
{
"SPDXID": "SPDXRef-Package",
"name": "Test Package",
"versionInfo": "1.0.0",
"supplier": "Organization: Test",
"downloadLocation": "https://github.com/demaconsulting/SpdxTool",
"filesAnalyzed": false,
"licenseConcluded": "MIT"
}
],
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-Package",
"relationshipType": "DESCRIBES"
}
],
"spdxVersion": "SPDX-2.2",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "Test Document",
"documentNamespace": "https://sbom.spdx.org",
"creationInfo": {
"created": "2021-10-01T00:00:00Z",
"creators": [ "Person: Malcolm Nixon" ]
}
}
""");

// Run validation with NTIA flag on valid document - should succeed
var exitCode3 = Validate.RunSpdxTool(
"validate.tmp",
[
"--silent",
"validate",
"test-ntia-valid.spdx.json",
"ntia"
]);

// Should pass validation
return exitCode3 == 0;
}
finally
{
// Delete the temporary validation folder
Directory.Delete("validate.tmp", true);
}
}
}
3 changes: 2 additions & 1 deletion test/DemaConsulting.SpdxTool.Tests/SelfValidationTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -98,12 +98,13 @@ public void SelfValidation_TrxResults()
Assert.Contains("SpdxTool_CopyPackage", results);
Assert.Contains("SpdxTool_FindPackage", results);
Assert.Contains("SpdxTool_GetVersion", results);
Assert.Contains("SpdxTool_Ntia", results);
Assert.Contains("SpdxTool_Query", results);
Assert.Contains("SpdxTool_RenameId", results);
Assert.Contains("SpdxTool_UpdatePackage", results);
Assert.Contains("""
<ResultSummary outcome="Completed">
<Counters total="8" executed="8" passed="8" failed="0" />
<Counters total="9" executed="9" passed="9" failed="0" />
</ResultSummary>
""", results);
}
Expand Down