spdx · armintaenzertng · Feb 1, 2023 · Feb 1, 2023 · Feb 1, 2023 · Feb 1, 2023
diff --git a/src/spdx/validation/package_verification_code_validator.py b/src/spdx/validation/package_verification_code_validator.py
@@ -16,24 +16,23 @@
 from spdx.validation.validation_message import ValidationMessage, ValidationContext, SpdxElementType
 
 
-# TODO: make test for this (https://github.com/spdx/tools-python/issues/386)
 def validate_verification_code(verification_code: PackageVerificationCode, parent_id: str) -> List[ValidationMessage]:
     validation_messages: List[ValidationMessage] = []
     context = ValidationContext(parent_id=parent_id, element_type=SpdxElementType.PACKAGE_VERIFICATION_CODE,
                                 full_element=verification_code)
 
     for file in verification_code.excluded_files:
-        if not file.startswith("./"):
+        if file.startswith("/"):
             validation_messages.append(
                 ValidationMessage(
-                    f'file name must be a relative path to the file, starting with "./", but is: {file}', context)
+                    f'file name must not be an absolute path starting with "/", but is: {file}', context)
             )
 
     value: str = verification_code.value
     if not re.match("^[0-9a-f]{40}$", value):
         validation_messages.append(
             ValidationMessage(
-                f"value of verification_code must consist of 40 hexadecimal digits, but is: {value} (length: {len(value)} digits)",
+                f"value of verification_code must consist of 40 lowercase hexadecimal digits, but is: {value} (length: {len(value)} digits)",
                 context)
         )
 

diff --git a/tests/spdx/validation/test_package_verification_code_validator.py b/tests/spdx/validation/test_package_verification_code_validator.py
@@ -0,0 +1,38 @@
+# Copyright (c) 2022 spdx contributors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pytest
+
+from spdx.model.package import PackageVerificationCode
+from spdx.validation.package_verification_code_validator import validate_verification_code
+from spdx.validation.validation_message import ValidationContext, SpdxElementType, ValidationMessage
+
+
+def test_valid_package_verification_code():
+    code = PackageVerificationCode("71c4025dd9897b364f3ebbb42c484ff43d00791c", ["./excluded_file", "another.file"])
+    validation_messages = validate_verification_code(code, "SPDXRef-Package")
+
+    assert validation_messages == []
+
+
+@pytest.mark.parametrize("code, expected_message",
+                         [(PackageVerificationCode("71c4025dd9897b364f3ebbb42c484ff43d00791cab", []),
+                           "value of verification_code must consist of 40 lowercase hexadecimal digits, but is: 71c4025dd9897b364f3ebbb42c484ff43d00791cab (length: 42 digits)"),
+                          (PackageVerificationCode("71c4025dd9897b364f3ebbb42c484ff43d00791c", ["/invalid/excluded/file"]),
+                           'file name must not be an absolute path starting with "/", but is: /invalid/excluded/file')
+                          ])
+def test_invalid_package_verification_code(code, expected_message):
+    parent_id = "SPDXRef-Package"
+    context = ValidationContext(parent_id=parent_id, element_type=SpdxElementType.PACKAGE_VERIFICATION_CODE,
+                                full_element=code)
+    validation_messages = validate_verification_code(code, parent_id)
+
+    assert validation_messages == [ValidationMessage(expected_message, context)]