spdx
tag_value writer does not write relationships where package contains file
The tag_value writer seems to be handling relationship writing different than all the other formats specifically around the CONTAINS and CONTAINED_BY between package and files the code for it is here https://github.com/spdx/tools-python/blob/a25937fa18ef3cfc57192502924a6ae723e7057d/src/spdx_tools/spdx/writer/tagvalue/tagvalue_writer_helper_functions.py#L88-L107
for some reason when grouping packages and files the relationship is only written if there is a comment but comments are optional and would be overly verbose to require them in this simple case.
all other formats correctly write the relationships
this can be reproduced using the example code examples/spdx2_document_from_scratch.py and changing the output extention to .spdx
comparing the result from json to tag_value we can see that the relationships are missing in tag value
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-Package",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-Package",
"relatedSpdxElement": "SPDXRef-File1",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package",
"relatedSpdxElement": "SPDXRef-File2",
"relationshipType": "CONTAINS"
}
]
## Relationships
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package
I would expect that the relationships are the same between tag_value and all other formats
I've attached the entire files for reference. my_spdx_document.spdx.json
my_spdx_document.txt (github wont allow .spdx uploads so renamed to .txt)
