tools icon indicating copy to clipboard operation
tools copied to clipboard

Published 20 hours ago verified publisher icon spdx

Tag/Value parser should remove the "excludes:" in the PackageVerificationCode excluded files

Open goneall opened this issue 4 years ago • 1 comments

Currently, when parsing a tag/value PackageVerificationCode, the excludes: is not removed when adding the excluded file name to the PackageVerificationCode object.

For example:

PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx)

results in the RDF:

<Package rdf:about="...">
    <packageVerificationCode>
        <PackageVerificationCode>
            <packageVerificationCodeValue>
                d6a770ba38583ed4bb4525bd96e50461655d2758
            </packageVerificationCodeValue>
            <packageVerificationCodeExcludedFile>
               excludes:  ./package.spdx
            </packageVerificationCodeExcludedFile>
        </PackageVerificationCode>
    </packageVerificationCode>
</Package>

when it should result in:

<Package rdf:about="...">
    <packageVerificationCode>
        <PackageVerificationCode>
            <packageVerificationCodeValue>
                d6a770ba38583ed4bb4525bd96e50461655d2758
            </packageVerificationCodeValue>
            <packageVerificationCodeExcludedFile>
                ./package.spdx
            </packageVerificationCodeExcludedFile>
        </PackageVerificationCode>
    </packageVerificationCode>
</Package>

goneall avatar Jun 11 '20 22:06 goneall

There is a related SPDX spec issue https://github.com/spdx/spdx-spec/issues/414

goneall avatar Jun 11 '20 22:06 goneall