Closed JorWo closed 1 year ago
I highly advise looking at isValidTagValue again and making sure it works with a wide set of SPDX files. Other than that, looks good.
I was also thinking of just using the SPDX23TagValueDeserializer.readFromString()
method and seeing if an error would be thrown, but we would have to update that method to throw errors if a required field is missing. For now, I'll update the tests to try more SPDX files.
The SBOMFileServiceTest#merge_two_sboms() test was failing after I made improvements to the resolveFormat to check for a valid TagValue. I found that the SPDX TagValue SBOM generated from the merge test was invalid because it contained these lines:
The convention for multi-line values are to wrap it inside a
<text></text>
.So in SPDX23TagValueSerializer#getDocumentInfo, I added code to check if a
creatorComment
ordocumentComment
contained "null" as a string.