tools-python
tools-python copied to clipboard
spdx
Parser throwing exception
PackageName:spdx-tools SPDXID: SPDXRef-spdx-tools-0.6.1 PackageSupplier: Person:Ahmed H. Ismail PackageVersion: 0.6.1
Is throwing an exception on this spdx SBOM data: https://raw.githubusercontent.com/rjb4standards/REA-Products/master/SAG-DBOMPOC-SBOM.spdx
Here is the exception I'm seeing: <class 'TypeError'> 'builtin_function_or_method' object is not subscriptable <traceback object at 0x000001B8B16DC0C8>
Gary, I was able to get a successful validation with the online validator for https://github.com/rjb4standards/REA-Products/blob/master/SAG-PM.spdx However, I'm seeing these errors from the python parser for the same file: PackageChecksum must be a single line of text, line: 15 false Only one PackageName allowed, extra at line: 22
Any suggestions on how to get around this?
Ahhh - the Python Parser - Now everything makes sense.
The Python Parser is maintained in a different repo, I'll move this issue over.
You can disregard my above comments.
I'll leave it up to the maintainers of the Python project to respond to the issues.
In the interim, you can use the online tools at https://tools.spdx.org/app/ for validating the SPDX file.
Once you have a validated file, give it a try using the Python parsers.
I found the culprit for this error too: PackageChecksum must be a single line of text, line: 15 LOOKS LIKE SHA256 not supported, only SHA1 allowed:
15: PackageChecksum: SHA256: aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de
def checksum_from_sha1(value): """ Return an spdx.checksum.Algorithm instance representing the SHA1 checksum or None if does not match CHECKSUM_RE. """ # More constrained regex at lexer level CHECKSUM_RE = re.compile("SHA1:\s([\S]+)", re.UNICODE)* match = CHECKSUM_RE.match(value) if match: return checksum.Algorithm(identifier="SHA1", value=match.group(1)) else: return None
Closing this issue as it should be solved with #311. Please reopen, if this is not the case.