Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation issue #136

Closed
armintaenzertng opened this issue Jul 24, 2023 · 4 comments
Closed

Validation issue #136

armintaenzertng opened this issue Jul 24, 2023 · 4 comments

Comments

@armintaenzertng
Copy link

In this SPDX document (it is in JSON format, but has .txt extension because of GitHub), the SPDXID SPDXRef-v2\"-None is used, which contains the invalid (escaped) character ".

This issue is not picked up by the java-tools validation.

For reference, the issue came up here.
@goneall
Copy link
Member

goneall commented Jul 25, 2023

@armintaenzertng what version of the tools were you using? I just ran verify the the above referenced file on the master version and got the following error:

Analysis exception processing SPDX file: No SPDX element found for SPDX ID SPDXRef-None-None

@armintaenzertng
Copy link
Author

Sorry for the confusion, Gary, I did not notice that the java-tools don't even get to the validation step due to the SPDXRef-None-None error. I deleted the offending reference, here is the "fixed" version. This seems to pick up on all issues I mentioned, though I must say that the formatting seems a bit off, especially all these "Relationship error:" parts:

This SPDX Document is not valid due to:
        Relationship error: Relationship error: Relationship error: Relationship error: Invalid SPDX ID: SPDXRef-v2"-None.  Must match the pattern SPDXRef-([0-9a-zA-Z\.\-\+]+)$ in v2" in v2" in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-45c771b in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-21495e9 in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-fa9fd02 in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-1b79b75 in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-4ccf56f in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-ca2312b in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: License not found for LicenseRef-39c3ee0 in 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Relationship error: Missing required package verification code for package 665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in d909eff282003e2d64af08633f4ae58f8cab4efc0a83b86579b4bbcb0ac90956 in golang in golang in Tern report for golang
        Relationship error: Relationship error: License not found for LicenseRef-1c734cf in c9b1b535fdd91a9855fb7f82348177e5f019329a58c53c47272962dd60f71fc9 in golang in golang in Tern report for golang
        Relationship error: Relationship error: License not found for LicenseRef-21495e9 in c9b1b535fdd91a9855fb7f82348177e5f019329a58c53c47272962dd60f71fc9 in golang in golang in Tern report for golang
        Relationship error: Relationship error: Missing required package verification code for package c9b1b535fdd91a9855fb7f82348177e5f019329a58c53c47272962dd60f71fc9 in golang in golang in Tern report for golang

@armintaenzertng armintaenzertng mentioned this issue Jul 26, 2023
Closed
@armintaenzertng armintaenzertng changed the title Validation issue with forbidden symbols in the SPDXID Validation issue Jul 26, 2023
@armintaenzertng
Copy link
Author

One thing I just noticed. The last line above talks about Missing required package verification code [...]. The spec is not clear on this, though. Is it really required?
This is actually an older problem, I just found the ticket here: spdx/spdx-spec#802.

@goneall
Copy link
Member

goneall commented Dec 17, 2023

This is similar, if not a duplicate of issue #134 and the spec issue is in spdx/spdx-spec#802.

Closing this issue.

@armintaenzertng - if I missed something, please open a new issue.

@goneall goneall closed this as completed Dec 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@goneall @armintaenzertng