tools-python

tools-python copied to clipboard

More tests for URI/URL/download location validation

1

see `tests/validation/test_uri_validators`: - [ ] more negative tests for URL - [ ] more negative tests for download location - [ ] check that `test_uri_without_scheme` is indeed superfluous

armintaenzertng

Add `pre-commit` hook

1

This is a PR for discussion :). I was looking for a possibility to introduce some kind of automatically validation of SPDX files inside of a git repository. I found...

chrisdecker1201

SPDX3: data license should be a URI

6

The data license is currently only serialized as `CC0-1.0`, but should be the complete URI.

armintaenzertng

The current implementation of `create_list_without_duplicates` includes a relatively expensive check of if an element is in a list. https://github.com/spdx/tools-python/blob/8050fd9c41a92c75ec2ba9eb10ed9a919c375fa9/src/spdx_tools/spdx/document_utils.py#L51-L57 Using a set to keep track of unique elements will speed...

jspeed-meyers

I'm trying to use the tool to generate a graph of an SPDX SBOM; however due to the number of files included the image is 32767 pixels wide and totally...

Malcolmnixon

Slow for SBOMs with a large number of files + relationships

1

This check iterates over the list `existing_relationships` up to 2 times: https://github.com/spdx/tools-python/blob/8050fd9c41a92c75ec2ba9eb10ed9a919c375fa9/src/spdx_tools/spdx/parser/jsonlikedict/relationship_parser.py#L162-L172 And it's called for every file: https://github.com/spdx/tools-python/blob/8050fd9c41a92c75ec2ba9eb10ed9a919c375fa9/src/spdx_tools/spdx/parser/jsonlikedict/relationship_parser.py#L144-L157 So if `F` is the number of files and `R` is...

jonjohnsonjr

Converting valid JSON SPDX file to tag:value gives invalid SPDX

1

[bug.spdx.json.txt](https://github.com/spdx/tools-python/files/13964995/bug.spdx.json.txt) [bug.spdx.txt](https://github.com/spdx/tools-python/files/13964996/bug.spdx.txt) `bug.spdx.json`is valid: ``` pyspdxtools -i bug.spdx.json ``` Convert to tag:value: ``` pyspdxtools -i bug.spdx.json -o bug.spdx ``` Result is invalid: ``` pyspdxtools -i bug.spdx ERROR:root:There have been issues...

vargenau

would like to package - but the name is unsuitable

1

I'd like to package up these tools, but I find "tools-python" to be a very bad name. Is it possible to change name to spdx-tools or python-spdx-tools ?

paulwouters

Automatic checks for missing license headers

2

There is currently no tool in the CI that checks each file for a correct license header. We should introduce such a check, for example by using `reuse`.

armintaenzertng

Make SPDX2 model tests less verbose

1

In the spdx3 branch, we have developed a model test structure involving a fixture factory that makes initialization tests much less verbose. We should look into whether we can also...

armintaenzertng