search

spdx / tools

SPDX Tools
Apache License 2.0
127 stars 69 forks source link

Tag/Value parser should remove the "excludes:" in the PackageVerificationCode excluded files #235

Open goneall opened 4 years ago

goneall commented 4 years ago

Currently, when parsing a tag/value PackageVerificationCode, the excludes: is not removed when adding the excluded file name to the PackageVerificationCode object.

For example:

PackageVerificationCode: d6a770ba38583ed4bb4525bd96e50461655d2758 (excludes: ./package.spdx)

results in the RDF:

<Package rdf:about="...">
    <packageVerificationCode>
        <PackageVerificationCode>
            <packageVerificationCodeValue>
                d6a770ba38583ed4bb4525bd96e50461655d2758
            </packageVerificationCodeValue>
            <packageVerificationCodeExcludedFile>
               excludes:  ./package.spdx
            </packageVerificationCodeExcludedFile>
        </PackageVerificationCode>
    </packageVerificationCode>
</Package>

when it should result in:

<Package rdf:about="...">
    <packageVerificationCode>
        <PackageVerificationCode>
            <packageVerificationCodeValue>
                d6a770ba38583ed4bb4525bd96e50461655d2758
            </packageVerificationCodeValue>
            <packageVerificationCodeExcludedFile>
                ./package.spdx
            </packageVerificationCodeExcludedFile>
        </PackageVerificationCode>
    </packageVerificationCode>
</Package>
goneall commented 4 years ago

There is a related SPDX spec issue https://github.com/spdx/spdx-spec/issues/414