Make FilesAnalyzed a pointer, assume "true" if absent

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
       - uses: actions/checkout@main
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.14'
+          go-version: '1.15'
       - name: Run tests
         run: go test -v -covermode=count -coverprofile=profile.cov ./...
       - name: Send coverage report to coveralls

.gitignore

@@ -5,4 +5,5 @@
 .DS_Store
 scratch/*
 *.swp
+profile.cov
 

README.md

@@ -27,6 +27,8 @@ tools-golang provides the following packages:
 * *tvsaver* - tag-value document saver
 * *rdfloader* - RDF document loader
 * *json* - JSON document parser and writer
+* *spreadsheet* - Spreadsheet (XLS/XLSX) parser and writer
+* *yaml* - YAML document parser and writer
 * *builder* - builds "empty" SPDX document (with hashes) for directory contents
 * *idsearcher* - searches for [SPDX short-form IDs](https://spdx.org/ids/) and builds SPDX document
 * *licensediff* - compares concluded licenses between files in two packages

builder/build_test.go

@@ -84,7 +84,7 @@ func TestBuild2_1CreatesDocument(t *testing.T) {
 	if pkg.PackageDownloadLocation != "NOASSERTION" {
 		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation)
 	}
-	if pkg.FilesAnalyzed != true {
+	if *pkg.FilesAnalyzed != true {
 		t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed)
 	}
 	if pkg.PackageVerificationCode.Value != wantVerificationCode.Value {
@@ -495,7 +495,7 @@ func TestBuild2_2CreatesDocument(t *testing.T) {
 	if pkg.PackageDownloadLocation != "NOASSERTION" {
 		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation)
 	}
-	if pkg.FilesAnalyzed != true {
+	if !*pkg.FilesAnalyzed {
 		t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed)
 	}
 	if pkg.PackageVerificationCode.Value != wantVerificationCode.Value {

builder/builder2v1/build_package.go

@@ -57,13 +57,13 @@ func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []st
 		return nil, err
 	}
 
+	analyzed := true
 	// now build the package section
 	pkg := &spdx.Package2_1{
 		PackageName:                 packageName,
 		PackageSPDXIdentifier:       spdx.ElementID(fmt.Sprintf("Package-%s", packageName)),
 		PackageDownloadLocation:     "NOASSERTION",
-		FilesAnalyzed:               true,
-		IsFilesAnalyzedTagPresent:   true,
+		FilesAnalyzed:               &analyzed,
 		PackageVerificationCode:     code,
 		PackageLicenseConcluded:     "NOASSERTION",
 		PackageLicenseInfoFromFiles: []string{},

builder/builder2v1/build_package_test.go

@@ -32,12 +32,9 @@ func TestBuilder2_1CanBuildPackageSection(t *testing.T) {
 	if pkg.PackageDownloadLocation != "NOASSERTION" {
 		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation)
 	}
-	if pkg.FilesAnalyzed != true {
+	if *pkg.FilesAnalyzed != true {
 		t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed)
 	}
-	if pkg.IsFilesAnalyzedTagPresent != true {
-		t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent)
-	}
 	if pkg.PackageVerificationCode.Value != wantVerificationCode.Value {
 		t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode)
 	}

builder/builder2v2/build_package.go

@@ -59,12 +59,12 @@ func BuildPackageSection2_2(packageName string, dirRoot string, pathsIgnore []st
 	}
 
 	// now build the package section
+	truthy := true
 	pkg := &spdx.Package2_2{
 		PackageName:                 packageName,
 		PackageSPDXIdentifier:       spdx.ElementID(fmt.Sprintf("Package-%s", packageName)),
 		PackageDownloadLocation:     "NOASSERTION",
-		FilesAnalyzed:               true,
-		IsFilesAnalyzedTagPresent:   true,
+		FilesAnalyzed:               &truthy,
 		PackageVerificationCode:     code,
 		PackageLicenseConcluded:     "NOASSERTION",
 		PackageLicenseInfoFromFiles: []string{},

builder/builder2v2/build_package_test.go

@@ -32,12 +32,9 @@ func TestBuilder2_2CanBuildPackageSection(t *testing.T) {
 	if pkg.PackageDownloadLocation != "NOASSERTION" {
 		t.Errorf("expected %v, got %v", "NOASSERTION", pkg.PackageDownloadLocation)
 	}
-	if pkg.FilesAnalyzed != true {
+	if !*pkg.FilesAnalyzed {
 		t.Errorf("expected %v, got %v", true, pkg.FilesAnalyzed)
 	}
-	if pkg.IsFilesAnalyzedTagPresent != true {
-		t.Errorf("expected %v, got %v", true, pkg.IsFilesAnalyzedTagPresent)
-	}
 	if pkg.PackageVerificationCode.Value != wantVerificationCode.Value {
 		t.Errorf("expected %v, got %v", wantVerificationCode, pkg.PackageVerificationCode)
 	}

examples/1-load/example_load.go

@@ -83,7 +83,7 @@ func main() {
 		pkgID := pkg.PackageSPDXIdentifier
 
 		// check whether the package had its files analyzed
-		if !pkg.FilesAnalyzed {
+		if pkg.FilesAnalyzed != nil && !*pkg.FilesAnalyzed {
 			fmt.Printf("Package %s (%s) had FilesAnalyzed: false\n", string(pkgID), pkg.PackageName)
 			continue
 		}

examples/5-report/example_report.go

@@ -75,7 +75,7 @@ func main() {
 		pkgID := pkg.PackageSPDXIdentifier
 
 		// check whether the package had its files analyzed
-		if !pkg.FilesAnalyzed {
+		if !*pkg.FilesAnalyzed {
 			fmt.Printf("Package %s (%s) had FilesAnalyzed: false\n", string(pkgID), pkg.PackageName)
 			return
 		}

go.mod

@@ -5,4 +5,6 @@ go 1.13
 require (
 	github.com/google/go-cmp v0.5.7
 	github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb
+	github.com/xuri/excelize/v2 v2.6.0
+	sigs.k8s.io/yaml v1.3.0
 )

go.sum

@@ -1,6 +1,51 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/richardlehane/mscfb v1.0.4 h1:WULscsljNPConisD5hR0+OyZjwK46Pfyr6mPu5ZawpM=
+github.com/richardlehane/mscfb v1.0.4/go.mod h1:YzVpcZg9czvAuhk9T+a3avCpcFPMUWm7gK3DypaEsUk=
+github.com/richardlehane/msoleps v1.0.1 h1:RfrALnSNXzmXLbGct/P2b4xkFz4e8Gmj/0Vj9M9xC1o=
+github.com/richardlehane/msoleps v1.0.1/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb h1:bLo8hvc8XFm9J47r690TUKBzcjSWdJDxmjXJZ+/f92U=
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/xuri/efp v0.0.0-20220407160117-ad0f7a785be8 h1:3X7aE0iLKJ5j+tz58BpvIZkXNV7Yq4jC93Z/rbN2Fxk=
+github.com/xuri/efp v0.0.0-20220407160117-ad0f7a785be8/go.mod h1:ybY/Jr0T0GTCnYjKqmdwxyxn2BQf2RcQIIvex5QldPI=
+github.com/xuri/excelize/v2 v2.6.0 h1:m/aXAzSAqxgt74Nfd+sNzpzVKhTGl7+S9nbG4A57mF4=
+github.com/xuri/excelize/v2 v2.6.0/go.mod h1:Q1YetlHesXEKwGFfeJn7PfEZz2IvHb6wdOeYjBxVcVs=
+github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 h1:OAmKAfT06//esDdpi/DZ8Qsdt4+M5+ltca05dA5bG2M=
+github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ=
+golang.org/x/crypto v0.0.0-20220408190544-5352b0902921 h1:iU7T1X1J6yxDr0rda54sWGkHgOp5XJrqm79gcNlC2VM=
+golang.org/x/crypto v0.0.0-20220408190544-5352b0902921/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/image v0.0.0-20211028202545-6944b10bf410 h1:hTftEOvwiOq2+O8k2D5/Q7COC7k5Qcrgc2TFURJYnvQ=
+golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220407224826-aac1ed45d8e3 h1:EN5+DfgmRMvRUrMGERW2gQl3Vc+Z7ZMnI/xdEpPSf0c=
+golang.org/x/net v0.0.0-20220407224826-aac1ed45d8e3/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

json/json_test.go

@@ -55,13 +55,16 @@ func TestWrite2_2(t *testing.T) {
 	}
 }
 
+var truthy = true
+var falsy = false
+
 // want is handwritten translation of the official example JSON SPDX v2.2 document into a Go struct.
 // We expect that the result of parsing the official document should be this value.
 // We expect that the result of writing this struct should match the official example document.
 var want = spdx.Document2_2{
 	DataLicense:       "CC0-1.0",
 	SPDXVersion:       "SPDX-2.2",
-	SPDXIdentifier:    "SPDXRef-DOCUMENT",
+	SPDXIdentifier:    "DOCUMENT",
 	DocumentName:      "SPDX-Tools-v2.0",
 	DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301",
 	CreationInfo: &spdx.CreationInfo2_2{
@@ -77,7 +80,7 @@ var want = spdx.Document2_2{
 	DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.",
 	ExternalDocumentReferences: []spdx.ExternalDocumentRef2_2{
 		{
-			DocumentRefID: "DocumentRef-spdx-tool-1.2",
+			DocumentRefID: spdx.MakeDocElementID("spdx-tool-1.2", ""),
 			URI:           "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301",
 			Checksum: spdx.Checksum{
 				Algorithm: spdx.SHA1,
@@ -148,7 +151,7 @@ var want = spdx.Document2_2{
 	Packages: []*spdx.Package2_2{
 		{
 			PackageName:           "glibc",
-			PackageSPDXIdentifier: "SPDXRef-Package",
+			PackageSPDXIdentifier: "Package",
 			PackageVersion:        "2.11.1",
 			PackageFileName:       "glibc-2.11.1.tar.gz",
 			PackageSupplier: &spdx.Supplier{
@@ -160,7 +163,7 @@ var want = spdx.Document2_2{
 				OriginatorType: "Organization",
 			},
 			PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz",
-			FilesAnalyzed:           true,
+			FilesAnalyzed:           &truthy,
 			PackageVerificationCode: spdx.PackageVerificationCode{
 				Value:         "d6a770ba38583ed4bb4525bd96e50461655d2758",
 				ExcludedFiles: []string{"./package.spdx"},
@@ -223,18 +226,18 @@ var want = spdx.Document2_2{
 			},
 		},
 		{
-			PackageSPDXIdentifier:   "SPDXRef-fromDoap-1",
+			PackageSPDXIdentifier:   "fromDoap-1",
 			PackageCopyrightText:    "NOASSERTION",
 			PackageDownloadLocation: "NOASSERTION",
-			FilesAnalyzed:           false,
+			FilesAnalyzed:           &falsy,
 			PackageHomePage:         "http://commons.apache.org/proper/commons-lang/",
 			PackageLicenseConcluded: "NOASSERTION",
 			PackageLicenseDeclared:  "NOASSERTION",
 			PackageName:             "Apache Commons Lang",
 		},
 		{
 			PackageName:             "Jena",
-			PackageSPDXIdentifier:   "SPDXRef-fromDoap-0",
+			PackageSPDXIdentifier:   "fromDoap-0",
 			PackageCopyrightText:    "NOASSERTION",
 			PackageDownloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz",
 			PackageExternalReferences: []*spdx.PackageExternalReference2_2{
@@ -244,14 +247,14 @@ var want = spdx.Document2_2{
 					Locator:  "pkg:maven/org.apache.jena/apache-jena@3.12.0",
 				},
 			},
-			FilesAnalyzed:           false,
+			FilesAnalyzed:           &falsy,
 			PackageHomePage:         "http://www.openjena.org/",
 			PackageLicenseConcluded: "NOASSERTION",
 			PackageLicenseDeclared:  "NOASSERTION",
 			PackageVersion:          "3.12.0",
 		},
 		{
-			PackageSPDXIdentifier: "SPDXRef-Saxon",
+			PackageSPDXIdentifier: "Saxon",
 			PackageChecksums: []spdx.Checksum{
 				{
 					Algorithm: "SHA1",
@@ -261,7 +264,7 @@ var want = spdx.Document2_2{
 			PackageCopyrightText:    "Copyright Saxonica Ltd",
 			PackageDescription:      "The Saxon package is a collection of tools for processing XML documents.",
 			PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download",
-			FilesAnalyzed:           false,
+			FilesAnalyzed:           &falsy,
 			PackageHomePage:         "http://saxon.sourceforge.net/",
 			PackageLicenseComments:  "Other versions available for a commercial license",
 			PackageLicenseConcluded: "MPL-1.0",
@@ -274,7 +277,7 @@ var want = spdx.Document2_2{
 	Files: []*spdx.File2_2{
 		{
 			FileName:           "./src/org/spdx/parser/DOAPProject.java",
-			FileSPDXIdentifier: "SPDXRef-DoapSource",
+			FileSPDXIdentifier: "DoapSource",
 			FileTypes: []string{
 				"SOURCE",
 			},
@@ -298,7 +301,7 @@ var want = spdx.Document2_2{
 			},
 		},
 		{
-			FileSPDXIdentifier: "SPDXRef-CommonsLangSrc",
+			FileSPDXIdentifier: "CommonsLangSrc",
 			Checksums: []spdx.Checksum{
 				{
 					Algorithm: "SHA1",
@@ -315,7 +318,7 @@ var want = spdx.Document2_2{
 			FileNotice:         "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())",
 		},
 		{
-			FileSPDXIdentifier: "SPDXRef-JenaLib",
+			FileSPDXIdentifier: "JenaLib",
 			Checksums: []spdx.Checksum{
 				{
 					Algorithm: "SHA1",
@@ -332,7 +335,7 @@ var want = spdx.Document2_2{
 			LicenseInfoInFiles: []string{"LicenseRef-1"},
 		},
 		{
-			FileSPDXIdentifier: "SPDXRef-File",
+			FileSPDXIdentifier: "File",
 			Annotations: []spdx.Annotation2_2{
 				{
 					Annotator: spdx.Annotator{
@@ -367,27 +370,27 @@ var want = spdx.Document2_2{
 	},
 	Snippets: []spdx.Snippet2_2{
 		{
-			SnippetSPDXIdentifier:         "SPDXRef-Snippet",
-			SnippetFromFileSPDXIdentifier: "SPDXRef-DoapSource",
+			SnippetSPDXIdentifier:         "Snippet",
+			SnippetFromFileSPDXIdentifier: "DoapSource",
 			Ranges: []spdx.SnippetRange{
 				{
 					StartPointer: spdx.SnippetRangePointer{
 						Offset:             310,
-						FileSPDXIdentifier: "SPDXRef-DoapSource",
+						FileSPDXIdentifier: "DoapSource",
 					},
 					EndPointer: spdx.SnippetRangePointer{
 						Offset:             420,
-						FileSPDXIdentifier: "SPDXRef-DoapSource",
+						FileSPDXIdentifier: "DoapSource",
 					},
 				},
 				{
 					StartPointer: spdx.SnippetRangePointer{
 						LineNumber:         5,
-						FileSPDXIdentifier: "SPDXRef-DoapSource",
+						FileSPDXIdentifier: "DoapSource",
 					},
 					EndPointer: spdx.SnippetRangePointer{
 						LineNumber:         23,
-						FileSPDXIdentifier: "SPDXRef-DoapSource",
+						FileSPDXIdentifier: "DoapSource",
 					},
 				},
 			},