From 01c88542260353b6d9d250323540bf70671ba3c1 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Wed, 23 Apr 2025 13:11:15 +0200 Subject: [PATCH 01/12] feat: Handle misencoded license text files graceful. Signed-off-by: Michael Schlenker --- cyclonedx_py/_internal/utils/pep639.py | 130 +++++++++++++++++++------ 1 file changed, 99 insertions(+), 31 deletions(-) diff --git a/cyclonedx_py/_internal/utils/pep639.py b/cyclonedx_py/_internal/utils/pep639.py index c9cb53ca..b1360387 100644 --- a/cyclonedx_py/_internal/utils/pep639.py +++ b/cyclonedx_py/_internal/utils/pep639.py @@ -23,12 +23,13 @@ from base64 import b64encode from os.path import join -from typing import TYPE_CHECKING, Generator +from typing import TYPE_CHECKING, Generator, Set, Union from cyclonedx.factory.license import LicenseFactory from cyclonedx.model import AttachedText, Encoding from cyclonedx.model.license import DisjunctiveLicense, LicenseAcknowledgement +from .io import io2str from .mimetypes import guess_type if TYPE_CHECKING: # pragma: no cover @@ -38,43 +39,110 @@ from cyclonedx.model.license import License +def handle_bad_license_file_encoding( + dist: 'Distribution', + lfile: str, + logger: 'Logger' +) -> Union[str, None]: + + def try_load(dist: 'Distribution', metadir: str, filename: str) -> Union[str, None]: + # Might raise NotImplementedError in theory + # but nothing we can do in that case. + try: + candidate = dist.locate_file(join(metadir, filename)) + except NotImplementedError: + return None + + if not candidate: + return None + + try: + with open(str(candidate), 'rb') as fin: + return io2str(fin) + except FileNotFoundError: + pass + return None + + # Distribution has no method to find the actual metadata dir, + # e.g. dist-info or egg-info. + # So we mimic the logic in PathDistribution and check both subdirs + content: Union[str, None] = None + for metadir in ('.dist-info', '.egg-info'): + content = try_load(dist, metadir, lfile) + if content: + break + + if content is None: + logger.debug('Error: license file %r for dist %r is not UTF-8 encoded', + lfile, dist.metadata['Name']) + return content + + +def gather_license_texts( + dist: 'Distribution', + lfiles: Set[str], + logger: 'Logger' +) -> Generator['License', None, None]: + lack = LicenseAcknowledgement.DECLARED + for mlfile in lfiles: + # see spec: https://peps.python.org/pep-0639/#add-license-file-field + # latest spec rev: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020 # noqa: E501 + + # per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. + # but in practice, other locations are used, too. + # loop over the candidate location and pick the first one found. + locations = ('licenses', 'license_files', '.') + malformed = None + content = None + for loc in locations: + try: + path = join(loc, mlfile) + content = dist.read_text(path) + except UnicodeDecodeError: + # Malformed, stop looking + malformed = path + break + + if content is not None: + break + + if content is None and malformed: # pragma: no cover + # Try a little harder + content = handle_bad_license_file_encoding(dist, malformed, logger) + + if content is None: # pragme: no cover + logger.debug('Error: failed to read license file %r for dist %r', + mlfile, dist.metadata['Name']) + continue + + encoding = None + content_type = guess_type(mlfile) or AttachedText.DEFAULT_CONTENT_TYPE + # per default, license files are human-readable texts. + if not content_type.startswith('text/'): + encoding = Encoding.BASE_64 + content = b64encode(content.encode('utf-8')).decode('ascii') + yield DisjunctiveLicense( + name=f'declared license file: {mlfile}', + acknowledgement=lack, + text=AttachedText( + content=content, + encoding=encoding, + content_type=content_type + )) + + def dist2licenses( dist: 'Distribution', gather_text: bool, logger: 'Logger' ) -> Generator['License', None, None]: - lfac = LicenseFactory() - lack = LicenseAcknowledgement.DECLARED metadata = dist.metadata # see https://packaging.python.org/en/latest/specifications/core-metadata/ if (lexp := metadata['License-Expression']) is not None: + lfac = LicenseFactory() + lack = LicenseAcknowledgement.DECLARED # see spec: https://peps.python.org/pep-0639/#add-license-expression-field yield lfac.make_from_string(lexp, license_acknowledgement=lack) - if gather_text: - for mlfile in set(metadata.get_all('License-File', ())): - # see spec: https://peps.python.org/pep-0639/#add-license-file-field - # latest spec rev: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020 # noqa: E501 - - # per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. - # but in practice, other locations are used, too. - content = dist.read_text(join('licenses', mlfile)) \ - or dist.read_text(join('license_files', mlfile)) \ - or dist.read_text(mlfile) - if content is None: # pragma: no cover - logger.debug('Error: failed to read license file %r for dist %r', - mlfile, metadata['Name']) - continue - encoding = None - content_type = guess_type(mlfile) or AttachedText.DEFAULT_CONTENT_TYPE - # per default, license files are human-readable texts. - if not content_type.startswith('text/'): - encoding = Encoding.BASE_64 - content = b64encode(content.encode('utf-8')).decode('ascii') - yield DisjunctiveLicense( - name=f'declared license file: {mlfile}', - acknowledgement=lack, - text=AttachedText( - content=content, - encoding=encoding, - content_type=content_type - )) + if gather_text and (lfiles := set(str(fn) for fn in metadata.get_all('License-File', ()))): + for lic in gather_license_texts(dist, lfiles, logger): + yield lic From 0a39e86aa959e8eeafddbcb13204a31cae1f63d0 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Wed, 23 Apr 2025 19:07:08 +0200 Subject: [PATCH 02/12] tests: tests for the code Signed-off-by: Michael Schlenker --- .../badlicdepends/.gitattributes | 2 + .../badlicdepends/GoodLicense.txt | 2 + .../badlicdepends/License.rtf | Bin 0 -> 210 bytes .../badlicdepends/UTF16License.txt | Bin 0 -> 124 bytes .../badlicdepends/init.py | 66 +++++++++ .../badlicdepends/pyproject.toml | 11 ++ .../with-license-bad-file-recoverable/init.py | 66 +++++++++ .../pyproject.toml | 9 ++ ...h-license-bad-file-recoverable_1.0.xml.bin | 10 ++ ...h-license-bad-file-recoverable_1.1.xml.bin | 26 ++++ ...-license-bad-file-recoverable_1.2.json.bin | 73 ++++++++++ ...h-license-bad-file-recoverable_1.2.xml.bin | 50 +++++++ ...-license-bad-file-recoverable_1.3.json.bin | 79 +++++++++++ ...h-license-bad-file-recoverable_1.3.xml.bin | 53 +++++++ ...-license-bad-file-recoverable_1.4.json.bin | 114 +++++++++++++++ ...h-license-bad-file-recoverable_1.4.xml.bin | 80 +++++++++++ ...-license-bad-file-recoverable_1.5.json.bin | 128 +++++++++++++++++ ...h-license-bad-file-recoverable_1.5.xml.bin | 90 ++++++++++++ ...-license-bad-file-recoverable_1.6.json.bin | 131 ++++++++++++++++++ ...h-license-bad-file-recoverable_1.6.xml.bin | 90 ++++++++++++ ...h-license-bad-file-recoverable_1.0.xml.bin | 10 ++ ...h-license-bad-file-recoverable_1.1.xml.bin | 15 ++ ...-license-bad-file-recoverable_1.2.json.bin | 52 +++++++ ...h-license-bad-file-recoverable_1.2.xml.bin | 39 ++++++ ...-license-bad-file-recoverable_1.3.json.bin | 58 ++++++++ ...h-license-bad-file-recoverable_1.3.xml.bin | 42 ++++++ ...-license-bad-file-recoverable_1.4.json.bin | 93 +++++++++++++ ...h-license-bad-file-recoverable_1.4.xml.bin | 69 +++++++++ ...-license-bad-file-recoverable_1.5.json.bin | 107 ++++++++++++++ ...h-license-bad-file-recoverable_1.5.xml.bin | 79 +++++++++++ ...-license-bad-file-recoverable_1.6.json.bin | 108 +++++++++++++++ ...h-license-bad-file-recoverable_1.6.xml.bin | 79 +++++++++++ tests/integration/test_cli_environment.py | 16 +++ 33 files changed, 1847 insertions(+) create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/.gitattributes create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/GoodLicense.txt create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/License.rtf create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/UTF16License.txt create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py create mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin create mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin create mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/.gitattributes b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/.gitattributes new file mode 100644 index 00000000..2f135340 --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/.gitattributes @@ -0,0 +1,2 @@ +UTF16License.txt binary +License.rtf binary diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/GoodLicense.txt b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/GoodLicense.txt new file mode 100644 index 00000000..68e4bc0c --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/GoodLicense.txt @@ -0,0 +1,2 @@ +A simple license. +Do what you want. \ No newline at end of file diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/License.rtf b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/License.rtf new file mode 100644 index 0000000000000000000000000000000000000000..2e6251f1d073d5884a176bc89e8f3f582f773b9a GIT binary patch literal 210 zcmW-bF$=;l5QUu!{STQPFZD1@OOonP`rmC`J{}Jq- za^PrkAJs$biyI9JVFx=rLxnSaguibIO+}+cRTeau*ibSWfRfjzhZj(yI2m1)lEFFyRulEn;-74N5%jE literal 0 HcmV?d00001 diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/UTF16License.txt b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/UTF16License.txt new file mode 100644 index 0000000000000000000000000000000000000000..3955ed1d90f21a54b417bb260a030ca7e5f4c3dd GIT binary patch literal 124 zcmXYoI|_g>6a=Rhyn`1oVB-z6vQrOWqM#rK{1jeZ-AIZzJa%WFmyVf*gDi4l!{Hg3 rbRpfuUS3T>NlrtBQPyhdxmbVC%Fq7Qsm~D@_Lf_8atHR<8&Z-F$=Vh0 literal 0 HcmV?d00001 diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py new file mode 100644 index 00000000..3213f1f8 --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py @@ -0,0 +1,66 @@ +# This file is part of CycloneDX Python +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. + +""" +initialize this testbed. +""" + +from os import name as os_name +from os.path import dirname, join +from subprocess import CompletedProcess, run # nosec:B404 +from sys import executable +from venv import EnvBuilder + +__all__ = ['main'] + +this_dir = dirname(__file__) +env_dir = join(this_dir, '.venv') + + +def pip_run(*args: str) -> CompletedProcess: + # pip is not API, but a CLI -- call it like that! + call = ( + executable, '-m', 'pip', + '--python', env_dir, + *args + ) + print('+ ', *call) + res = run(call, cwd=this_dir, shell=False) # nosec:B603 + if res.returncode != 0: + raise RuntimeError('process failed') + return res + + +def pip_install(*args: str) -> None: + pip_run( + 'install', '--require-virtualenv', '--no-input', '--progress-bar=off', '--no-color', + *args + ) + + +def main() -> None: + EnvBuilder( + system_site_packages=False, + symlinks=os_name != 'nt', + with_pip=False, + ).create(env_dir) + + pip_install(dirname(__file__)) + + +if __name__ == '__main__': + main() diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml new file mode 100644 index 00000000..1f74d3d1 --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml @@ -0,0 +1,11 @@ +[build-system] +# Known broken version +requires = ["setuptools == 78.1.0"] +build-backend = "setuptools.build_meta" + +[project] +name = "badlicdepends" +version = "0.1" +# UTF-16 is simply bad encoding +# RTF is technically 7-bit ASCII, but has application/rtf mimetype. +license-files = ["GoodLicense.txt", "License.rtf", "UTF16License.txt"] diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py b/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py new file mode 100644 index 00000000..2308343a --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py @@ -0,0 +1,66 @@ +# This file is part of CycloneDX Python +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. + +""" +initialize this testbed. +""" + +from os import name as os_name +from os.path import dirname, join +from subprocess import CompletedProcess, run # nosec:B404 +from sys import executable +from venv import EnvBuilder + +__all__ = ['main'] + +this_dir = dirname(__file__) +env_dir = join(this_dir, '.venv') + + +def pip_run(*args: str) -> CompletedProcess: + # pip is not API, but a CLI -- call it like that! + call = ( + executable, '-m', 'pip', + '--python', env_dir, + *args + ) + print('+ ', *call) + res = run(call, cwd=this_dir, shell=False) # nosec:B603 + if res.returncode != 0: + raise RuntimeError('process failed') + return res + + +def pip_install(*args: str) -> None: + pip_run( + 'install', '--require-virtualenv', '--no-input', '--progress-bar=off', '--no-color', + *args + ) + + +def main() -> None: + EnvBuilder( + system_site_packages=False, + symlinks=os_name != 'nt', + with_pip=False, + ).create(env_dir) + pip_install(join(dirname(__file__), 'badlicdepends')) + pip_install(dirname(__file__)) + + +if __name__ == '__main__': + main() diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml b/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml new file mode 100644 index 00000000..a6e91e72 --- /dev/null +++ b/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml @@ -0,0 +1,9 @@ +[build-system] +# Known broken version +requires = ["setuptools == 78.1.0"] +build-backend = "setuptools.build_meta" + +[project] +name = "badlic" +version = "0.1" +dependencies = ["badlicdepends"] diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin new file mode 100644 index 00000000..e595b9fd --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin @@ -0,0 +1,10 @@ + + + + + badlicdepends + 0.1 + false + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin new file mode 100644 index 00000000..570e7c6a --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin @@ -0,0 +1,26 @@ + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin new file mode 100644 index 00000000..10870318 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin @@ -0,0 +1,73 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: GoodLicense.txt", + "text": { + "content": "A simple license.\nDo what you want.", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: License.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/msword", + "encoding": "base64" + } + } + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "tools": [ + { + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin new file mode 100644 index 00000000..eca0bd29 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin @@ -0,0 +1,50 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + badlic + 0.1 + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin new file mode 100644 index 00000000..2b7ce31f --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin @@ -0,0 +1,79 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: GoodLicense.txt", + "text": { + "content": "A simple license.\nDo what you want.", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: License.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/msword", + "encoding": "base64" + } + } + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": [ + { + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin new file mode 100644 index 00000000..b85b7eb9 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin @@ -0,0 +1,53 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin new file mode 100644 index 00000000..b2fcc041 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin @@ -0,0 +1,114 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: GoodLicense.txt", + "text": { + "content": "A simple license.\nDo what you want.", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: License.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/msword", + "encoding": "base64" + } + } + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": [ + { + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "externalReferences": [ ], + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin new file mode 100644 index 00000000..4ea47a9c --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin @@ -0,0 +1,80 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin new file mode 100644 index 00000000..b1f42db1 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin @@ -0,0 +1,128 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: GoodLicense.txt", + "text": { + "content": "A simple license.\nDo what you want.", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: License.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/msword", + "encoding": "base64" + } + } + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": { + "components": [ + { + "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-py", + "type": "application", + "version": "thisVersion-testing" + }, + { + "description": "stripped", + "externalReferences": [ ], + "group": "CycloneDX", + "licenses": [ ], + "name": "cyclonedx-python-lib", + "type": "library", + "version": "libVersion-testing" + } + ] + } + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin new file mode 100644 index 00000000..811fe811 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin @@ -0,0 +1,90 @@ + + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments + + + Apache-2.0 + + + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin new file mode 100644 index 00000000..92f9c42e --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin @@ -0,0 +1,131 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "licenses": [ + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: GoodLicense.txt", + "text": { + "content": "A simple license.\nDo what you want.", + "contentType": "text/plain" + } + } + }, + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: License.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/msword", + "encoding": "base64" + } + } + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": { + "components": [ + { + "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "acknowledgement": "declared", + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-py", + "type": "application", + "version": "thisVersion-testing" + }, + { + "description": "stripped", + "externalReferences": [ ], + "group": "CycloneDX", + "licenses": [ ], + "name": "cyclonedx-python-lib", + "type": "library", + "version": "libVersion-testing" + } + ] + } + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin new file mode 100644 index 00000000..d8359374 --- /dev/null +++ b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin @@ -0,0 +1,90 @@ + + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments + + + Apache-2.0 + + + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + declared license file: GoodLicense.txt + A simple license. +Do what you want. + + + declared license file: License.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin new file mode 100644 index 00000000..e595b9fd --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin @@ -0,0 +1,10 @@ + + + + + badlicdepends + 0.1 + false + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin new file mode 100644 index 00000000..c1878300 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin @@ -0,0 +1,15 @@ + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin new file mode 100644 index 00000000..31fcff38 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin @@ -0,0 +1,52 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "tools": [ + { + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin new file mode 100644 index 00000000..d71df43c --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin @@ -0,0 +1,39 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + badlic + 0.1 + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin new file mode 100644 index 00000000..ce1680e3 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin @@ -0,0 +1,58 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": [ + { + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin new file mode 100644 index 00000000..91b20f16 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin @@ -0,0 +1,42 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin new file mode 100644 index 00000000..dd3cfaed --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin @@ -0,0 +1,93 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": [ + { + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "name": "cyclonedx-py", + "vendor": "CycloneDX", + "version": "thisVersion-testing" + }, + { + "externalReferences": [ ], + "name": "cyclonedx-python-lib", + "vendor": "CycloneDX", + "version": "libVersion-testing" + } + ] + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin new file mode 100644 index 00000000..a8c84db8 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin @@ -0,0 +1,69 @@ + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin new file mode 100644 index 00000000..ef180b45 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin @@ -0,0 +1,107 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": { + "components": [ + { + "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-py", + "type": "application", + "version": "thisVersion-testing" + }, + { + "description": "stripped", + "externalReferences": [ ], + "group": "CycloneDX", + "licenses": [ ], + "name": "cyclonedx-python-lib", + "type": "library", + "version": "libVersion-testing" + } + ] + } + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin new file mode 100644 index 00000000..ebea94f6 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin @@ -0,0 +1,79 @@ + + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments + + + Apache-2.0 + + + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin new file mode 100644 index 00000000..d75dcf27 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin @@ -0,0 +1,108 @@ +{ + "components": [ + { + "bom-ref": "badlicdepends==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" + } + ], + "name": "badlicdepends", + "type": "library", + "version": "0.1" + } + ], + "dependencies": [ + { + "ref": "badlicdepends==0.1" + }, + { + "dependsOn": [ + "badlicdepends==0.1" + ], + "ref": "root-component" + } + ], + "metadata": { + "component": { + "bom-ref": "root-component", + "name": "badlic", + "type": "application", + "version": "0.1" + }, + "properties": [ + { + "name": "cdx:reproducible", + "value": "true" + } + ], + "tools": { + "components": [ + { + "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "acknowledgement": "declared", + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-py", + "type": "application", + "version": "thisVersion-testing" + }, + { + "description": "stripped", + "externalReferences": [ ], + "group": "CycloneDX", + "licenses": [ ], + "name": "cyclonedx-python-lib", + "type": "library", + "version": "libVersion-testing" + } + ] + } + }, + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6" +} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin new file mode 100644 index 00000000..b176a5a1 --- /dev/null +++ b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin @@ -0,0 +1,79 @@ + + + + + + + CycloneDX + cyclonedx-py + thisVersion-testing + CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments + + + Apache-2.0 + + + + + https://github.com/CycloneDX/cyclonedx-python/actions + + + https://pypi.org/project/cyclonedx-bom/ + + + https://cyclonedx-bom-tool.readthedocs.io/ + + + https://github.com/CycloneDX/cyclonedx-python/issues + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE + + + https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md + + + https://github.com/CycloneDX/cyclonedx-python/ + + + https://github.com/CycloneDX/cyclonedx-python/#readme + + + + + CycloneDX + cyclonedx-python-lib + libVersion-testing + + + + + + + + badlic + 0.1 + + + true + + + + + badlicdepends + 0.1 + + + file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends + PackageSource: Local + + + + + + + + + + + diff --git a/tests/integration/test_cli_environment.py b/tests/integration/test_cli_environment.py index 09e8b13e..0a627ff8 100644 --- a/tests/integration/test_cli_environment.py +++ b/tests/integration/test_cli_environment.py @@ -203,6 +203,22 @@ def test_texts_as_expected(self, projectdir: str, sv: SchemaVersion, of: OutputF self.assertEqual(0, res, err) self.assertEqualSnapshot(out, 'texts', projectdir, sv, of) + @named_data(*test_data_file_filter('with-license-bad-file-recoverable')) + def test_bad_license_file_recover_as_expected(self, projectdir: str, sv: SchemaVersion, of: OutputFormat) -> None: + res, out, err = run_cli( + 'environment', + '-vvv', + '--sv', sv.to_version(), + '--of', of.name, + '--output-reproducible', + '--outfile=-', + '--PEP-639', + '--pyproject', join(projectdir, 'pyproject.toml'), + '--gather-license-texts', + join(projectdir, '.venv')) + self.assertEqual(0, res, err) + self.assertEqualSnapshot(out, 'badlic-texts', projectdir, sv, of) + def assertEqualSnapshot( # noqa:N802 self, actual: str, purpose: str, From 35b752c4be074919fdfe89a7b778945a42684bc8 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Thu, 24 Apr 2025 01:06:54 +0200 Subject: [PATCH 03/12] Refactor and simplify Signed-off-by: Michael Schlenker --- cyclonedx_py/_internal/utils/pep639.py | 54 +++++++++++++------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/cyclonedx_py/_internal/utils/pep639.py b/cyclonedx_py/_internal/utils/pep639.py index b1360387..a7f0bfc7 100644 --- a/cyclonedx_py/_internal/utils/pep639.py +++ b/cyclonedx_py/_internal/utils/pep639.py @@ -39,36 +39,36 @@ from cyclonedx.model.license import License +def _try_load(dist: 'Distribution', metadir: str, filename: str) -> Union[str, None]: + # Might raise NotImplementedError in theory + # but nothing we can do in that case. + try: + candidate = dist.locate_file(join(metadir, filename)) + except NotImplementedError: + return None + + if not candidate: + return None + + try: + with open(str(candidate), 'rb') as fin: + return io2str(fin) + except FileNotFoundError: + pass + return None + + def handle_bad_license_file_encoding( dist: 'Distribution', lfile: str, logger: 'Logger' ) -> Union[str, None]: - - def try_load(dist: 'Distribution', metadir: str, filename: str) -> Union[str, None]: - # Might raise NotImplementedError in theory - # but nothing we can do in that case. - try: - candidate = dist.locate_file(join(metadir, filename)) - except NotImplementedError: - return None - - if not candidate: - return None - - try: - with open(str(candidate), 'rb') as fin: - return io2str(fin) - except FileNotFoundError: - pass - return None - # Distribution has no method to find the actual metadata dir, # e.g. dist-info or egg-info. # So we mimic the logic in PathDistribution and check both subdirs content: Union[str, None] = None for metadir in ('.dist-info', '.egg-info'): - content = try_load(dist, metadir, lfile) + content = _try_load(dist, metadir, lfile) if content: break @@ -91,12 +91,11 @@ def gather_license_texts( # per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. # but in practice, other locations are used, too. # loop over the candidate location and pick the first one found. - locations = ('licenses', 'license_files', '.') malformed = None content = None - for loc in locations: + for loc in ('licenses', 'license_files', '.'): + path = join(loc, mlfile) try: - path = join(loc, mlfile) content = dist.read_text(path) except UnicodeDecodeError: # Malformed, stop looking @@ -106,11 +105,11 @@ def gather_license_texts( if content is not None: break - if content is None and malformed: # pragma: no cover + if content is None and malformed: # Try a little harder content = handle_bad_license_file_encoding(dist, malformed, logger) - if content is None: # pragme: no cover + if content is None: logger.debug('Error: failed to read license file %r for dist %r', mlfile, dist.metadata['Name']) continue @@ -143,6 +142,5 @@ def dist2licenses( # see spec: https://peps.python.org/pep-0639/#add-license-expression-field yield lfac.make_from_string(lexp, license_acknowledgement=lack) - if gather_text and (lfiles := set(str(fn) for fn in metadata.get_all('License-File', ()))): - for lic in gather_license_texts(dist, lfiles, logger): - yield lic + if gather_text and (lfiles := set(fn for fn in metadata.get_all('License-File', ()))): + yield from gather_license_texts(dist, lfiles, logger) From 373254c69b3d83f10c8ce94b17c91a7a4a617453 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Thu, 24 Apr 2025 10:08:30 +0200 Subject: [PATCH 04/12] Simplify conditions and loop Signed-off-by: Michael Schlenker --- cyclonedx_py/_internal/utils/pep639.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/cyclonedx_py/_internal/utils/pep639.py b/cyclonedx_py/_internal/utils/pep639.py index a7f0bfc7..3b5e1e47 100644 --- a/cyclonedx_py/_internal/utils/pep639.py +++ b/cyclonedx_py/_internal/utils/pep639.py @@ -91,25 +91,18 @@ def gather_license_texts( # per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. # but in practice, other locations are used, too. # loop over the candidate location and pick the first one found. - malformed = None content = None for loc in ('licenses', 'license_files', '.'): path = join(loc, mlfile) try: content = dist.read_text(path) except UnicodeDecodeError: - # Malformed, stop looking - malformed = path - break + # Malformed, try harder + content = handle_bad_license_file_encoding(dist, mlfile, logger) if content is not None: break - - if content is None and malformed: - # Try a little harder - content = handle_bad_license_file_encoding(dist, malformed, logger) - - if content is None: + else: logger.debug('Error: failed to read license file %r for dist %r', mlfile, dist.metadata['Name']) continue From 4ff9b23395dd7b1eeb2fc8fc51c063e980d2dc6b Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Thu, 24 Apr 2025 10:31:47 +0200 Subject: [PATCH 05/12] Look into locations subdir Signed-off-by: Michael Schlenker --- cyclonedx_py/_internal/utils/pep639.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cyclonedx_py/_internal/utils/pep639.py b/cyclonedx_py/_internal/utils/pep639.py index 3b5e1e47..83abfd7a 100644 --- a/cyclonedx_py/_internal/utils/pep639.py +++ b/cyclonedx_py/_internal/utils/pep639.py @@ -98,7 +98,7 @@ def gather_license_texts( content = dist.read_text(path) except UnicodeDecodeError: # Malformed, try harder - content = handle_bad_license_file_encoding(dist, mlfile, logger) + content = handle_bad_license_file_encoding(dist, path, logger) if content is not None: break From d95dc7399dec934cb3d960a6aef895faf97e0581 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 11:45:04 +0200 Subject: [PATCH 06/12] tests: rearranged tests Signed-off-by: Jan Kowalleck --- .../.editorconfig | 11 ++ .../.gitattributes | 2 + .../README.md | 6 + .../licenses/richtext.rtf} | Bin .../licenses/utf-16be_withBOM.txt | Bin 0 -> 94 bytes .../licenses/utf-16le_withBOM.txt | Bin 0 -> 86 bytes .../licenses/utf-8_noBOM.txt | 4 + .../licenses/utf-8_withBOM.txt | 4 + .../pyproject.toml | 16 +++ .../badlicdepends/.gitattributes | 2 - .../badlicdepends/GoodLicense.txt | 2 - .../badlicdepends/UTF16License.txt | Bin 124 -> 0 bytes .../badlicdepends/init.py | 66 --------- .../badlicdepends/pyproject.toml | 11 -- .../with-license-bad-file-recoverable/init.py | 66 --------- .../pyproject.toml | 9 -- .../environment/with-license-pep639/init.py | 2 + .../with-license-pep639/pyproject.toml | 24 ++-- ...h-license-bad-file-recoverable_1.0.xml.bin | 10 -- ...h-license-bad-file-recoverable_1.1.xml.bin | 26 ---- ...-license-bad-file-recoverable_1.2.json.bin | 73 ---------- ...h-license-bad-file-recoverable_1.2.xml.bin | 50 ------- ...-license-bad-file-recoverable_1.3.json.bin | 79 ----------- ...h-license-bad-file-recoverable_1.3.xml.bin | 53 ------- ...-license-bad-file-recoverable_1.4.json.bin | 114 --------------- ...h-license-bad-file-recoverable_1.4.xml.bin | 80 ----------- ...-license-bad-file-recoverable_1.5.json.bin | 128 ----------------- ...h-license-bad-file-recoverable_1.5.xml.bin | 90 ------------ ...-license-bad-file-recoverable_1.6.json.bin | 131 ------------------ ...h-license-bad-file-recoverable_1.6.xml.bin | 90 ------------ ...p639-texts_with-license-pep639_1.0.xml.bin | 5 + ...p639-texts_with-license-pep639_1.1.xml.bin | 32 +++++ ...639-texts_with-license-pep639_1.2.json.bin | 49 ++++++- ...p639-texts_with-license-pep639_1.2.xml.bin | 34 +++++ ...639-texts_with-license-pep639_1.3.json.bin | 49 ++++++- ...p639-texts_with-license-pep639_1.3.xml.bin | 34 +++++ ...639-texts_with-license-pep639_1.4.json.bin | 49 ++++++- ...p639-texts_with-license-pep639_1.4.xml.bin | 34 +++++ ...639-texts_with-license-pep639_1.5.json.bin | 49 ++++++- ...p639-texts_with-license-pep639_1.5.xml.bin | 34 +++++ ...639-texts_with-license-pep639_1.6.json.bin | 52 ++++++- ...p639-texts_with-license-pep639_1.6.xml.bin | 34 +++++ .../pep639_with-license-pep639_1.0.xml.bin | 5 + .../pep639_with-license-pep639_1.1.xml.bin | 10 ++ .../pep639_with-license-pep639_1.2.json.bin | 19 ++- .../pep639_with-license-pep639_1.2.xml.bin | 12 ++ .../pep639_with-license-pep639_1.3.json.bin | 19 ++- .../pep639_with-license-pep639_1.3.xml.bin | 12 ++ .../pep639_with-license-pep639_1.4.json.bin | 19 ++- .../pep639_with-license-pep639_1.4.xml.bin | 12 ++ .../pep639_with-license-pep639_1.5.json.bin | 19 ++- .../pep639_with-license-pep639_1.5.xml.bin | 12 ++ .../pep639_with-license-pep639_1.6.json.bin | 19 ++- .../pep639_with-license-pep639_1.6.xml.bin | 12 ++ .../plain_with-license-pep639_1.0.xml.bin | 5 + .../plain_with-license-pep639_1.1.xml.bin | 10 ++ .../plain_with-license-pep639_1.2.json.bin | 19 ++- .../plain_with-license-pep639_1.2.xml.bin | 12 ++ .../plain_with-license-pep639_1.3.json.bin | 19 ++- .../plain_with-license-pep639_1.3.xml.bin | 12 ++ .../plain_with-license-pep639_1.4.json.bin | 19 ++- .../plain_with-license-pep639_1.4.xml.bin | 12 ++ .../plain_with-license-pep639_1.5.json.bin | 19 ++- .../plain_with-license-pep639_1.5.xml.bin | 12 ++ .../plain_with-license-pep639_1.6.json.bin | 19 ++- .../plain_with-license-pep639_1.6.xml.bin | 12 ++ .../texts_with-license-pep639_1.0.xml.bin | 5 + .../texts_with-license-pep639_1.1.xml.bin | 10 ++ .../texts_with-license-pep639_1.2.json.bin | 19 ++- .../texts_with-license-pep639_1.2.xml.bin | 12 ++ .../texts_with-license-pep639_1.3.json.bin | 19 ++- .../texts_with-license-pep639_1.3.xml.bin | 12 ++ .../texts_with-license-pep639_1.4.json.bin | 19 ++- .../texts_with-license-pep639_1.4.xml.bin | 12 ++ .../texts_with-license-pep639_1.5.json.bin | 19 ++- .../texts_with-license-pep639_1.5.xml.bin | 12 ++ .../texts_with-license-pep639_1.6.json.bin | 19 ++- .../texts_with-license-pep639_1.6.xml.bin | 12 ++ tests/integration/test_cli_environment.py | 16 --- 79 files changed, 1003 insertions(+), 1127 deletions(-) create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.gitattributes create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/README.md rename tests/_data/infiles/{environment/with-license-bad-file-recoverable/badlicdepends/License.rtf => _helpers/local_pckages/with-license-pep639_regression-issue868/licenses/richtext.rtf} (100%) create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16be_withBOM.txt create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16le_withBOM.txt create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_noBOM.txt create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_withBOM.txt create mode 100644 tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/pyproject.toml delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/.gitattributes delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/GoodLicense.txt delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/UTF16License.txt delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py delete mode 100644 tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin delete mode 100644 tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig new file mode 100644 index 00000000..603ddb7d --- /dev/null +++ b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig @@ -0,0 +1,11 @@ +# EditorConfig is awesome: https://editorconfig.org + +[licenses/utf-8*] +charset = utf-8 + +[licenses/utf-16le*] +charset = utf-16le + +[licenses/utf-16be*] +charset = utf-16be + diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.gitattributes b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.gitattributes new file mode 100644 index 00000000..e2462c37 --- /dev/null +++ b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.gitattributes @@ -0,0 +1,2 @@ +Licenses/* binary +Licenses/*.txt binary diff=txt diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/README.md b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/README.md new file mode 100644 index 00000000..94e9b731 --- /dev/null +++ b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/README.md @@ -0,0 +1,6 @@ +# PEP 639 - regression 868 + +see + +PEP-630 expects license gfiles to be UTF8 encoded text. +some license files may not be text, some may not be UTF8 encoded, but still be added as license files. diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/License.rtf b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/richtext.rtf similarity index 100% rename from tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/License.rtf rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/richtext.rtf diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16be_withBOM.txt b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16be_withBOM.txt new file mode 100644 index 0000000000000000000000000000000000000000..b030bead0d064ea06a4729e30f0d4c2b6129c4af GIT binary patch literal 94 zcmezOpP_^ygCUclm_dOd4M^uOqykwWJ}(0oLn%-;jX{^ekim>02`rP!kjIeBkk60; c$^z Y4pa%!ufX8M;LqR-6tTU*e26a=Rhyn`1oVB-z6vQrOWqM#rK{1jeZ-AIZzJa%WFmyVf*gDi4l!{Hg3 rbRpfuUS3T>NlrtBQPyhdxmbVC%Fq7Qsm~D@_Lf_8atHR<8&Z-F$=Vh0 diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py deleted file mode 100644 index 3213f1f8..00000000 --- a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/init.py +++ /dev/null @@ -1,66 +0,0 @@ -# This file is part of CycloneDX Python -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# Copyright (c) OWASP Foundation. All Rights Reserved. - -""" -initialize this testbed. -""" - -from os import name as os_name -from os.path import dirname, join -from subprocess import CompletedProcess, run # nosec:B404 -from sys import executable -from venv import EnvBuilder - -__all__ = ['main'] - -this_dir = dirname(__file__) -env_dir = join(this_dir, '.venv') - - -def pip_run(*args: str) -> CompletedProcess: - # pip is not API, but a CLI -- call it like that! - call = ( - executable, '-m', 'pip', - '--python', env_dir, - *args - ) - print('+ ', *call) - res = run(call, cwd=this_dir, shell=False) # nosec:B603 - if res.returncode != 0: - raise RuntimeError('process failed') - return res - - -def pip_install(*args: str) -> None: - pip_run( - 'install', '--require-virtualenv', '--no-input', '--progress-bar=off', '--no-color', - *args - ) - - -def main() -> None: - EnvBuilder( - system_site_packages=False, - symlinks=os_name != 'nt', - with_pip=False, - ).create(env_dir) - - pip_install(dirname(__file__)) - - -if __name__ == '__main__': - main() diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml b/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml deleted file mode 100644 index 1f74d3d1..00000000 --- a/tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends/pyproject.toml +++ /dev/null @@ -1,11 +0,0 @@ -[build-system] -# Known broken version -requires = ["setuptools == 78.1.0"] -build-backend = "setuptools.build_meta" - -[project] -name = "badlicdepends" -version = "0.1" -# UTF-16 is simply bad encoding -# RTF is technically 7-bit ASCII, but has application/rtf mimetype. -license-files = ["GoodLicense.txt", "License.rtf", "UTF16License.txt"] diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py b/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py deleted file mode 100644 index 2308343a..00000000 --- a/tests/_data/infiles/environment/with-license-bad-file-recoverable/init.py +++ /dev/null @@ -1,66 +0,0 @@ -# This file is part of CycloneDX Python -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# Copyright (c) OWASP Foundation. All Rights Reserved. - -""" -initialize this testbed. -""" - -from os import name as os_name -from os.path import dirname, join -from subprocess import CompletedProcess, run # nosec:B404 -from sys import executable -from venv import EnvBuilder - -__all__ = ['main'] - -this_dir = dirname(__file__) -env_dir = join(this_dir, '.venv') - - -def pip_run(*args: str) -> CompletedProcess: - # pip is not API, but a CLI -- call it like that! - call = ( - executable, '-m', 'pip', - '--python', env_dir, - *args - ) - print('+ ', *call) - res = run(call, cwd=this_dir, shell=False) # nosec:B603 - if res.returncode != 0: - raise RuntimeError('process failed') - return res - - -def pip_install(*args: str) -> None: - pip_run( - 'install', '--require-virtualenv', '--no-input', '--progress-bar=off', '--no-color', - *args - ) - - -def main() -> None: - EnvBuilder( - system_site_packages=False, - symlinks=os_name != 'nt', - with_pip=False, - ).create(env_dir) - pip_install(join(dirname(__file__), 'badlicdepends')) - pip_install(dirname(__file__)) - - -if __name__ == '__main__': - main() diff --git a/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml b/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml deleted file mode 100644 index a6e91e72..00000000 --- a/tests/_data/infiles/environment/with-license-bad-file-recoverable/pyproject.toml +++ /dev/null @@ -1,9 +0,0 @@ -[build-system] -# Known broken version -requires = ["setuptools == 78.1.0"] -build-backend = "setuptools.build_meta" - -[project] -name = "badlic" -version = "0.1" -dependencies = ["badlicdepends"] diff --git a/tests/_data/infiles/environment/with-license-pep639/init.py b/tests/_data/infiles/environment/with-license-pep639/init.py index 844ae25b..688da32d 100644 --- a/tests/_data/infiles/environment/with-license-pep639/init.py +++ b/tests/_data/infiles/environment/with-license-pep639/init.py @@ -73,6 +73,8 @@ def main() -> None: 'lxml', # with expression-like License AND License-File 'cryptography==43.0.1', # https://github.com/CycloneDX/cyclonedx-python/issues/826 + # with possibly unexpected license files + "../../_helpers/local_pckages/with-license-pep639_regression-issue868", # https://github.com/CycloneDX/cyclonedx-python/issues/868 ) diff --git a/tests/_data/infiles/environment/with-license-pep639/pyproject.toml b/tests/_data/infiles/environment/with-license-pep639/pyproject.toml index 0ca62575..17083690 100644 --- a/tests/_data/infiles/environment/with-license-pep639/pyproject.toml +++ b/tests/_data/infiles/environment/with-license-pep639/pyproject.toml @@ -4,14 +4,16 @@ name = "with-extras" version = "0.1.0" description = "depenndencies with license declaration accoring to PEP 639" -dependencies = [ - # with License-Expression - "attrs", - # with License-File - "boolean.py", - "jsonpointer", - "license_expression", - "lxml", - # with expression-like License AND License-File - "cryptography", -] +[project.dependencies] +# with License-Expression +"attrs" = { } +# with License-File +"boolean.py" = { } +"jsonpointer" = { } +"license_expression" = { } +"lxml" = { } +# with expression-like License AND License-File +"cryptography" = { } +# with possibly unexpected license files +"regression-issue868" = { path = "../../_helpers/local_pckages/with-license-pep639_regression-issue868" } + diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin deleted file mode 100644 index e595b9fd..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.0.xml.bin +++ /dev/null @@ -1,10 +0,0 @@ - - - - - badlicdepends - 0.1 - false - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin deleted file mode 100644 index 570e7c6a..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.1.xml.bin +++ /dev/null @@ -1,26 +0,0 @@ - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin deleted file mode 100644 index 10870318..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.json.bin +++ /dev/null @@ -1,73 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "licenses": [ - { - "license": { - "name": "declared license file: GoodLicense.txt", - "text": { - "content": "A simple license.\nDo what you want.", - "contentType": "text/plain" - } - } - }, - { - "license": { - "name": "declared license file: License.rtf", - "text": { - "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", - "contentType": "application/msword", - "encoding": "base64" - } - } - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "tools": [ - { - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.2" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin deleted file mode 100644 index eca0bd29..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.2.xml.bin +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - badlic - 0.1 - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin deleted file mode 100644 index 2b7ce31f..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.json.bin +++ /dev/null @@ -1,79 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "licenses": [ - { - "license": { - "name": "declared license file: GoodLicense.txt", - "text": { - "content": "A simple license.\nDo what you want.", - "contentType": "text/plain" - } - } - }, - { - "license": { - "name": "declared license file: License.rtf", - "text": { - "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", - "contentType": "application/msword", - "encoding": "base64" - } - } - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": [ - { - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.3" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin deleted file mode 100644 index b85b7eb9..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.3.xml.bin +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin deleted file mode 100644 index b2fcc041..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.json.bin +++ /dev/null @@ -1,114 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "licenses": [ - { - "license": { - "name": "declared license file: GoodLicense.txt", - "text": { - "content": "A simple license.\nDo what you want.", - "contentType": "text/plain" - } - } - }, - { - "license": { - "name": "declared license file: License.rtf", - "text": { - "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", - "contentType": "application/msword", - "encoding": "base64" - } - } - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": [ - { - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "externalReferences": [ ], - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.4" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin deleted file mode 100644 index 4ea47a9c..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.4.xml.bin +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin deleted file mode 100644 index b1f42db1..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.json.bin +++ /dev/null @@ -1,128 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "licenses": [ - { - "license": { - "name": "declared license file: GoodLicense.txt", - "text": { - "content": "A simple license.\nDo what you want.", - "contentType": "text/plain" - } - } - }, - { - "license": { - "name": "declared license file: License.rtf", - "text": { - "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", - "contentType": "application/msword", - "encoding": "base64" - } - } - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": { - "components": [ - { - "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "group": "CycloneDX", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "name": "cyclonedx-py", - "type": "application", - "version": "thisVersion-testing" - }, - { - "description": "stripped", - "externalReferences": [ ], - "group": "CycloneDX", - "licenses": [ ], - "name": "cyclonedx-python-lib", - "type": "library", - "version": "libVersion-testing" - } - ] - } - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin deleted file mode 100644 index 811fe811..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.5.xml.bin +++ /dev/null @@ -1,90 +0,0 @@ - - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments - - - Apache-2.0 - - - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin deleted file mode 100644 index 92f9c42e..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.json.bin +++ /dev/null @@ -1,131 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "licenses": [ - { - "license": { - "acknowledgement": "declared", - "name": "declared license file: GoodLicense.txt", - "text": { - "content": "A simple license.\nDo what you want.", - "contentType": "text/plain" - } - } - }, - { - "license": { - "acknowledgement": "declared", - "name": "declared license file: License.rtf", - "text": { - "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", - "contentType": "application/msword", - "encoding": "base64" - } - } - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": { - "components": [ - { - "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "group": "CycloneDX", - "licenses": [ - { - "license": { - "acknowledgement": "declared", - "id": "Apache-2.0" - } - } - ], - "name": "cyclonedx-py", - "type": "application", - "version": "thisVersion-testing" - }, - { - "description": "stripped", - "externalReferences": [ ], - "group": "CycloneDX", - "licenses": [ ], - "name": "cyclonedx-python-lib", - "type": "library", - "version": "libVersion-testing" - } - ] - } - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.6" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin b/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin deleted file mode 100644 index d8359374..00000000 --- a/tests/_data/snapshots/environment/badlic-texts_with-license-bad-file-recoverable_1.6.xml.bin +++ /dev/null @@ -1,90 +0,0 @@ - - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments - - - Apache-2.0 - - - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - declared license file: GoodLicense.txt - A simple license. -Do what you want. - - - declared license file: License.rtf - e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - - - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.0.xml.bin index 54603ea9..0fd15f6d 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.0.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.0.xml.bin @@ -43,5 +43,10 @@ pkg:pypi/lxml@5.3.0 false + + regression-issue868 + 0.1 + false + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin index fb79f308..b84fd673 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin @@ -1005,5 +1005,37 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin index 783eb806..4fd4ebbd 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin @@ -305,6 +305,49 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: licenses/richtext.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/rtf", + "encoding": "base64" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_noBOM.txt", + "text": { + "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_withBOM.txt", + "text": { + "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -329,6 +372,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -336,7 +382,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin index 82c17ece..1eafb93a 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin @@ -1024,6 +1024,38 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -1034,6 +1066,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + @@ -1041,6 +1074,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin index e4a1a8ff..8f556ed2 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin @@ -336,6 +336,49 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: licenses/richtext.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/rtf", + "encoding": "base64" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_noBOM.txt", + "text": { + "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_withBOM.txt", + "text": { + "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -360,6 +403,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -367,7 +413,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin index 9b24df2c..9c87de68 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin @@ -1275,6 +1275,38 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -1285,6 +1317,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + @@ -1292,6 +1325,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin index 86a8bff2..d2ba7044 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin @@ -336,6 +336,49 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: licenses/richtext.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/rtf", + "encoding": "base64" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_noBOM.txt", + "text": { + "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_withBOM.txt", + "text": { + "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -360,6 +403,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -367,7 +413,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin index 0715f363..01dd6449 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin @@ -1302,6 +1302,38 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -1312,6 +1344,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + @@ -1319,6 +1352,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin index 0f124276..eb155157 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin @@ -336,6 +336,49 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "licenses": [ + { + "license": { + "name": "declared license file: licenses/richtext.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/rtf", + "encoding": "base64" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_noBOM.txt", + "text": { + "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: licenses/utf-8_withBOM.txt", + "text": { + "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -360,6 +403,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -367,7 +413,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin index 5df63646..53af11eb 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin @@ -1312,6 +1312,38 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -1322,6 +1354,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + @@ -1329,6 +1362,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin index 59233be0..8d2c9dd3 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin @@ -360,6 +360,52 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "licenses": [ + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: licenses/richtext.rtf", + "text": { + "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", + "contentType": "application/rtf", + "encoding": "base64" + } + } + }, + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: licenses/utf-8_noBOM.txt", + "text": { + "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: licenses/utf-8_withBOM.txt", + "text": { + "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -384,6 +430,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -391,7 +440,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin index 256567cf..24fd5f4f 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin @@ -1312,6 +1312,38 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + + regression-issue868 + 0.1 + + + declared license file: licenses/richtext.rtf + e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + + declared license file: licenses/utf-8_noBOM.txt + this file is +utf-8 encoded +without BOM +πŸ˜ƒ + + + + declared license file: licenses/utf-8_withBOM.txt + ο»Ώthis file is +utf-8 encoded +with BOM +πŸ˜ƒ + + + + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -1322,6 +1354,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + @@ -1329,6 +1362,7 @@ The isoschematron implementation uses several XSL and RelaxNG resources: + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.0.xml.bin index 54603ea9..0fd15f6d 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.0.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.0.xml.bin @@ -43,5 +43,10 @@ pkg:pypi/lxml@5.3.0 false + + regression-issue868 + 0.1 + false + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.1.xml.bin index 90bf13ba..4e48511f 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.1.xml.bin @@ -144,5 +144,15 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.json.bin index a490f228..60dbfb7c 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.xml.bin index ad110407..7f84c211 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.2.xml.bin @@ -163,6 +163,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -173,6 +183,7 @@ + @@ -180,6 +191,7 @@ + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.json.bin index 2f0fca0f..149dde3a 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.xml.bin index 1ef1b888..24d43c9a 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.3.xml.bin @@ -166,6 +166,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -176,6 +186,7 @@ + @@ -183,6 +194,7 @@ + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.json.bin index 80bc8b12..e8cfac9c 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.xml.bin index 461d8e5b..d279b4ed 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.4.xml.bin @@ -193,6 +193,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -203,6 +213,7 @@ + @@ -210,6 +221,7 @@ + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.json.bin index 1167224c..80f7c603 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.xml.bin index 3a0a7dbb..cf0b8929 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.5.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.json.bin index a2325d5b..ef04c126 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.json.bin @@ -196,6 +196,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -220,6 +233,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -227,7 +243,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.xml.bin index 45626504..ad29652f 100644 --- a/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/pep639_with-license-pep639_1.6.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin index 54603ea9..0fd15f6d 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin @@ -43,5 +43,10 @@ pkg:pypi/lxml@5.3.0 false + + regression-issue868 + 0.1 + false + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin index 90bf13ba..4e48511f 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin @@ -144,5 +144,15 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin index a490f228..60dbfb7c 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin index ad110407..7f84c211 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin @@ -163,6 +163,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -173,6 +183,7 @@ + @@ -180,6 +191,7 @@ + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin index 2f0fca0f..149dde3a 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin index 1ef1b888..24d43c9a 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin @@ -166,6 +166,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -176,6 +186,7 @@ + @@ -183,6 +194,7 @@ + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin index 80bc8b12..e8cfac9c 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin index 461d8e5b..d279b4ed 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin @@ -193,6 +193,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -203,6 +213,7 @@ + @@ -210,6 +221,7 @@ + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin index 1167224c..80f7c603 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin index 3a0a7dbb..cf0b8929 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin index a2325d5b..ef04c126 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin @@ -196,6 +196,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -220,6 +233,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -227,7 +243,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin index 45626504..ad29652f 100644 --- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin index 54603ea9..0fd15f6d 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin @@ -43,5 +43,10 @@ pkg:pypi/lxml@5.3.0 false + + regression-issue868 + 0.1 + false + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin index 90bf13ba..4e48511f 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin @@ -144,5 +144,15 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin index a490f228..60dbfb7c 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin index ad110407..7f84c211 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin @@ -163,6 +163,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -173,6 +183,7 @@ + @@ -180,6 +191,7 @@ + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin index 2f0fca0f..149dde3a 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin index 1ef1b888..24d43c9a 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin @@ -166,6 +166,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -176,6 +186,7 @@ + @@ -183,6 +194,7 @@ + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin index 80bc8b12..e8cfac9c 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin index 461d8e5b..d279b4ed 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin @@ -193,6 +193,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -203,6 +213,7 @@ + @@ -210,6 +221,7 @@ + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin index 1167224c..80f7c603 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin @@ -188,6 +188,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -212,6 +225,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -219,7 +235,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin index 3a0a7dbb..cf0b8929 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin index a2325d5b..ef04c126 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin @@ -196,6 +196,19 @@ "purl": "pkg:pypi/lxml@5.3.0", "type": "library", "version": "5.3.0" + }, + { + "bom-ref": "regression-issue868==0.1", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868" + } + ], + "name": "regression-issue868", + "type": "library", + "version": "0.1" } ], "dependencies": [ @@ -220,6 +233,9 @@ { "ref": "lxml==5.3.0" }, + { + "ref": "regression-issue868==0.1" + }, { "dependsOn": [ "attrs==23.2.0", @@ -227,7 +243,8 @@ "cryptography==43.0.1", "jsonpointer==2.4", "license-expression==30.3.0", - "lxml==5.3.0" + "lxml==5.3.0", + "regression-issue868==0.1" ], "ref": "root-component" } diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin index 45626504..ad29652f 100644 --- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin @@ -203,6 +203,16 @@ + + regression-issue868 + 0.1 + + + file://.../tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868 + PackageSource: Local + + + @@ -213,6 +223,7 @@ + @@ -220,6 +231,7 @@ + diff --git a/tests/integration/test_cli_environment.py b/tests/integration/test_cli_environment.py index 0a627ff8..09e8b13e 100644 --- a/tests/integration/test_cli_environment.py +++ b/tests/integration/test_cli_environment.py @@ -203,22 +203,6 @@ def test_texts_as_expected(self, projectdir: str, sv: SchemaVersion, of: OutputF self.assertEqual(0, res, err) self.assertEqualSnapshot(out, 'texts', projectdir, sv, of) - @named_data(*test_data_file_filter('with-license-bad-file-recoverable')) - def test_bad_license_file_recover_as_expected(self, projectdir: str, sv: SchemaVersion, of: OutputFormat) -> None: - res, out, err = run_cli( - 'environment', - '-vvv', - '--sv', sv.to_version(), - '--of', of.name, - '--output-reproducible', - '--outfile=-', - '--PEP-639', - '--pyproject', join(projectdir, 'pyproject.toml'), - '--gather-license-texts', - join(projectdir, '.venv')) - self.assertEqual(0, res, err) - self.assertEqualSnapshot(out, 'badlic-texts', projectdir, sv, of) - def assertEqualSnapshot( # noqa:N802 self, actual: str, purpose: str, From 62559a79c1307e64394dfa239de4e760d9c366c9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 11:50:55 +0200 Subject: [PATCH 07/12] tests: rearranged tests Signed-off-by: Jan Kowalleck --- .../.editorconfig | 6 +++--- .../{licenses => my_licenses}/richtext.rtf | Bin .../{licenses => my_licenses}/utf-16be_withBOM.txt | Bin .../{licenses => my_licenses}/utf-16le_withBOM.txt | Bin .../{licenses => my_licenses}/utf-8_noBOM.txt | 0 .../{licenses => my_licenses}/utf-8_withBOM.txt | 0 .../pyproject.toml | 2 +- .../pep639-texts_with-license-pep639_1.1.xml.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.2.json.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.2.xml.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.3.json.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.3.xml.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.4.json.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.4.xml.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.5.json.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.5.xml.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.6.json.bin | 6 +++--- .../pep639-texts_with-license-pep639_1.6.xml.bin | 6 +++--- 18 files changed, 37 insertions(+), 37 deletions(-) rename tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/{licenses => my_licenses}/richtext.rtf (100%) rename tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/{licenses => my_licenses}/utf-16be_withBOM.txt (100%) rename tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/{licenses => my_licenses}/utf-16le_withBOM.txt (100%) rename tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/{licenses => my_licenses}/utf-8_noBOM.txt (100%) rename tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/{licenses => my_licenses}/utf-8_withBOM.txt (100%) diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig index 603ddb7d..a860ebad 100644 --- a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig +++ b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/.editorconfig @@ -1,11 +1,11 @@ # EditorConfig is awesome: https://editorconfig.org -[licenses/utf-8*] +[my_licenses/utf-8*] charset = utf-8 -[licenses/utf-16le*] +[my_licenses/utf-16le*] charset = utf-16le -[licenses/utf-16be*] +[my_licenses/utf-16be*] charset = utf-16be diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/richtext.rtf b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/richtext.rtf similarity index 100% rename from tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/richtext.rtf rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/richtext.rtf diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16be_withBOM.txt b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-16be_withBOM.txt similarity index 100% rename from tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16be_withBOM.txt rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-16be_withBOM.txt diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16le_withBOM.txt b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-16le_withBOM.txt similarity index 100% rename from tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-16le_withBOM.txt rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-16le_withBOM.txt diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_noBOM.txt b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-8_noBOM.txt similarity index 100% rename from tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_noBOM.txt rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-8_noBOM.txt diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_withBOM.txt b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-8_withBOM.txt similarity index 100% rename from tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/licenses/utf-8_withBOM.txt rename to tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/my_licenses/utf-8_withBOM.txt diff --git a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/pyproject.toml b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/pyproject.toml index 992027da..6c66a343 100644 --- a/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/pyproject.toml +++ b/tests/_data/infiles/_helpers/local_pckages/with-license-pep639_regression-issue868/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta" [project] name = "regression-issue868" version = "0.1" -license-files = ["licenses/*"] +license-files = ["my_licenses/*"] readme = "README.md" [tool.setuptools] diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin index b84fd673..e188a2e0 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin @@ -1010,11 +1010,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1022,7 +1022,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin index 4fd4ebbd..a604e31c 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin @@ -318,7 +318,7 @@ "licenses": [ { "license": { - "name": "declared license file: licenses/richtext.rtf", + "name": "declared license file: my_licenses/richtext.rtf", "text": { "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", "contentType": "application/rtf", @@ -328,7 +328,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_noBOM.txt", + "name": "declared license file: my_licenses/utf-8_noBOM.txt", "text": { "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", "contentType": "text/plain" @@ -337,7 +337,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_withBOM.txt", + "name": "declared license file: my_licenses/utf-8_withBOM.txt", "text": { "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", "contentType": "text/plain" diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin index 1eafb93a..91d636de 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin @@ -1029,11 +1029,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1041,7 +1041,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin index 8f556ed2..7541ed14 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin @@ -349,7 +349,7 @@ "licenses": [ { "license": { - "name": "declared license file: licenses/richtext.rtf", + "name": "declared license file: my_licenses/richtext.rtf", "text": { "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", "contentType": "application/rtf", @@ -359,7 +359,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_noBOM.txt", + "name": "declared license file: my_licenses/utf-8_noBOM.txt", "text": { "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", "contentType": "text/plain" @@ -368,7 +368,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_withBOM.txt", + "name": "declared license file: my_licenses/utf-8_withBOM.txt", "text": { "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", "contentType": "text/plain" diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin index 9c87de68..d8e87749 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin @@ -1280,11 +1280,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1292,7 +1292,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin index d2ba7044..961b451d 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin @@ -349,7 +349,7 @@ "licenses": [ { "license": { - "name": "declared license file: licenses/richtext.rtf", + "name": "declared license file: my_licenses/richtext.rtf", "text": { "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", "contentType": "application/rtf", @@ -359,7 +359,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_noBOM.txt", + "name": "declared license file: my_licenses/utf-8_noBOM.txt", "text": { "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", "contentType": "text/plain" @@ -368,7 +368,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_withBOM.txt", + "name": "declared license file: my_licenses/utf-8_withBOM.txt", "text": { "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", "contentType": "text/plain" diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin index 01dd6449..9bf1df86 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin @@ -1307,11 +1307,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1319,7 +1319,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin index eb155157..41da1dff 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin @@ -349,7 +349,7 @@ "licenses": [ { "license": { - "name": "declared license file: licenses/richtext.rtf", + "name": "declared license file: my_licenses/richtext.rtf", "text": { "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", "contentType": "application/rtf", @@ -359,7 +359,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_noBOM.txt", + "name": "declared license file: my_licenses/utf-8_noBOM.txt", "text": { "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", "contentType": "text/plain" @@ -368,7 +368,7 @@ }, { "license": { - "name": "declared license file: licenses/utf-8_withBOM.txt", + "name": "declared license file: my_licenses/utf-8_withBOM.txt", "text": { "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", "contentType": "text/plain" diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin index 53af11eb..ef2e71dc 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin @@ -1317,11 +1317,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1329,7 +1329,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin index 8d2c9dd3..1bf0e896 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin @@ -374,7 +374,7 @@ { "license": { "acknowledgement": "declared", - "name": "declared license file: licenses/richtext.rtf", + "name": "declared license file: my_licenses/richtext.rtf", "text": { "content": "e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA=", "contentType": "application/rtf", @@ -385,7 +385,7 @@ { "license": { "acknowledgement": "declared", - "name": "declared license file: licenses/utf-8_noBOM.txt", + "name": "declared license file: my_licenses/utf-8_noBOM.txt", "text": { "content": "this file is\nutf-8 encoded\nwithout BOM\n\ud83d\ude03\n", "contentType": "text/plain" @@ -395,7 +395,7 @@ { "license": { "acknowledgement": "declared", - "name": "declared license file: licenses/utf-8_withBOM.txt", + "name": "declared license file: my_licenses/utf-8_withBOM.txt", "text": { "content": "\ufeffthis file is\nutf-8 encoded\nwith BOM\n\ud83d\ude03\n", "contentType": "text/plain" diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin index 24fd5f4f..a9a8ce68 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin @@ -1317,11 +1317,11 @@ The isoschematron implementation uses several XSL and RelaxNG resources: 0.1 - declared license file: licenses/richtext.rtf + declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= - declared license file: licenses/utf-8_noBOM.txt + declared license file: my_licenses/utf-8_noBOM.txt this file is utf-8 encoded without BOM @@ -1329,7 +1329,7 @@ without BOM - declared license file: licenses/utf-8_withBOM.txt + declared license file: my_licenses/utf-8_withBOM.txt ο»Ώthis file is utf-8 encoded with BOM From 78133ab09770b2caa8427708dc9dd3741d42e5f5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 11:54:34 +0200 Subject: [PATCH 08/12] tests: rearranged tests Signed-off-by: Jan Kowalleck --- ...h-license-bad-file-recoverable_1.0.xml.bin | 10 -- ...h-license-bad-file-recoverable_1.1.xml.bin | 15 --- ...-license-bad-file-recoverable_1.2.json.bin | 52 --------- ...h-license-bad-file-recoverable_1.2.xml.bin | 39 ------- ...-license-bad-file-recoverable_1.3.json.bin | 58 ---------- ...h-license-bad-file-recoverable_1.3.xml.bin | 42 ------- ...-license-bad-file-recoverable_1.4.json.bin | 93 --------------- ...h-license-bad-file-recoverable_1.4.xml.bin | 69 ----------- ...-license-bad-file-recoverable_1.5.json.bin | 107 ----------------- ...h-license-bad-file-recoverable_1.5.xml.bin | 79 ------------- ...-license-bad-file-recoverable_1.6.json.bin | 108 ------------------ ...h-license-bad-file-recoverable_1.6.xml.bin | 79 ------------- 12 files changed, 751 deletions(-) delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin delete mode 100644 tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin deleted file mode 100644 index e595b9fd..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.0.xml.bin +++ /dev/null @@ -1,10 +0,0 @@ - - - - - badlicdepends - 0.1 - false - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin deleted file mode 100644 index c1878300..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.1.xml.bin +++ /dev/null @@ -1,15 +0,0 @@ - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin deleted file mode 100644 index 31fcff38..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.json.bin +++ /dev/null @@ -1,52 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "tools": [ - { - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.2" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin deleted file mode 100644 index d71df43c..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.2.xml.bin +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - badlic - 0.1 - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin deleted file mode 100644 index ce1680e3..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.json.bin +++ /dev/null @@ -1,58 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": [ - { - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.3" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin deleted file mode 100644 index 91b20f16..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.3.xml.bin +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin deleted file mode 100644 index dd3cfaed..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.json.bin +++ /dev/null @@ -1,93 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": [ - { - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "name": "cyclonedx-py", - "vendor": "CycloneDX", - "version": "thisVersion-testing" - }, - { - "externalReferences": [ ], - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "libVersion-testing" - } - ] - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.4" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin deleted file mode 100644 index a8c84db8..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.4.xml.bin +++ /dev/null @@ -1,69 +0,0 @@ - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin deleted file mode 100644 index ef180b45..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.json.bin +++ /dev/null @@ -1,107 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": { - "components": [ - { - "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "group": "CycloneDX", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "name": "cyclonedx-py", - "type": "application", - "version": "thisVersion-testing" - }, - { - "description": "stripped", - "externalReferences": [ ], - "group": "CycloneDX", - "licenses": [ ], - "name": "cyclonedx-python-lib", - "type": "library", - "version": "libVersion-testing" - } - ] - } - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin deleted file mode 100644 index ebea94f6..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.5.xml.bin +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments - - - Apache-2.0 - - - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin deleted file mode 100644 index d75dcf27..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.json.bin +++ /dev/null @@ -1,108 +0,0 @@ -{ - "components": [ - { - "bom-ref": "badlicdepends==0.1", - "externalReferences": [ - { - "comment": "PackageSource: Local", - "type": "distribution", - "url": "file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends" - } - ], - "name": "badlicdepends", - "type": "library", - "version": "0.1" - } - ], - "dependencies": [ - { - "ref": "badlicdepends==0.1" - }, - { - "dependsOn": [ - "badlicdepends==0.1" - ], - "ref": "root-component" - } - ], - "metadata": { - "component": { - "bom-ref": "root-component", - "name": "badlic", - "type": "application", - "version": "0.1" - }, - "properties": [ - { - "name": "cdx:reproducible", - "value": "true" - } - ], - "tools": { - "components": [ - { - "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-bom/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-bom-tool.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python/" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" - } - ], - "group": "CycloneDX", - "licenses": [ - { - "license": { - "acknowledgement": "declared", - "id": "Apache-2.0" - } - } - ], - "name": "cyclonedx-py", - "type": "application", - "version": "thisVersion-testing" - }, - { - "description": "stripped", - "externalReferences": [ ], - "group": "CycloneDX", - "licenses": [ ], - "name": "cyclonedx-python-lib", - "type": "library", - "version": "libVersion-testing" - } - ] - } - }, - "version": 1, - "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.6" -} \ No newline at end of file diff --git a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin deleted file mode 100644 index b176a5a1..00000000 --- a/tests/_data/snapshots/environment/plain_with-license-bad-file-recoverable_1.6.xml.bin +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - CycloneDX - cyclonedx-py - thisVersion-testing - CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments - - - Apache-2.0 - - - - - https://github.com/CycloneDX/cyclonedx-python/actions - - - https://pypi.org/project/cyclonedx-bom/ - - - https://cyclonedx-bom-tool.readthedocs.io/ - - - https://github.com/CycloneDX/cyclonedx-python/issues - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE - - - https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md - - - https://github.com/CycloneDX/cyclonedx-python/ - - - https://github.com/CycloneDX/cyclonedx-python/#readme - - - - - CycloneDX - cyclonedx-python-lib - libVersion-testing - - - - - - - - badlic - 0.1 - - - true - - - - - badlicdepends - 0.1 - - - file://.../tests/_data/infiles/environment/with-license-bad-file-recoverable/badlicdepends - PackageSource: Local - - - - - - - - - - - From d2aa2babd43100d63b68c644d487b52784393fd8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 13:02:37 +0200 Subject: [PATCH 09/12] fix: try to detect licensetexts, or pass silently Signed-off-by: Jan Kowalleck --- cyclonedx_py/_internal/utils/bytes.py | 28 ++++ cyclonedx_py/_internal/utils/io.py | 10 +- cyclonedx_py/_internal/utils/pep639.py | 132 ++++++------------ .../environment/with-license-pep639/init.py | 3 +- ...p639-texts_with-license-pep639_1.1.xml.bin | 16 +++ ...639-texts_with-license-pep639_1.2.json.bin | 18 +++ ...p639-texts_with-license-pep639_1.2.xml.bin | 16 +++ ...639-texts_with-license-pep639_1.3.json.bin | 18 +++ ...p639-texts_with-license-pep639_1.3.xml.bin | 16 +++ ...639-texts_with-license-pep639_1.4.json.bin | 18 +++ ...p639-texts_with-license-pep639_1.4.xml.bin | 16 +++ ...639-texts_with-license-pep639_1.5.json.bin | 18 +++ ...p639-texts_with-license-pep639_1.5.xml.bin | 16 +++ ...639-texts_with-license-pep639_1.6.json.bin | 20 +++ ...p639-texts_with-license-pep639_1.6.xml.bin | 16 +++ 15 files changed, 263 insertions(+), 98 deletions(-) create mode 100644 cyclonedx_py/_internal/utils/bytes.py diff --git a/cyclonedx_py/_internal/utils/bytes.py b/cyclonedx_py/_internal/utils/bytes.py new file mode 100644 index 00000000..39699e88 --- /dev/null +++ b/cyclonedx_py/_internal/utils/bytes.py @@ -0,0 +1,28 @@ +# This file is part of CycloneDX Python +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. + +from sys import getdefaultencoding + +from chardet import detect as chardetect + + +def bytes2str(data: bytes, *, errors: str = 'strict') -> str: + # see https://docs.python.org/3/library/codecs.html#standard-encodings + encoding = (chardetect(data)['encoding'] or getdefaultencoding()).replace( + # replace Windows-encoding with code-page + 'Windows-', 'cp') + return data.decode(encoding, errors) diff --git a/cyclonedx_py/_internal/utils/io.py b/cyclonedx_py/_internal/utils/io.py index e0c1de93..50e6051d 100644 --- a/cyclonedx_py/_internal/utils/io.py +++ b/cyclonedx_py/_internal/utils/io.py @@ -15,20 +15,14 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. -from sys import getdefaultencoding from tempfile import NamedTemporaryFile from typing import BinaryIO -from chardet import detect as chardetect +from .bytes import bytes2str def io2str(io: BinaryIO, *, errors: str = 'strict') -> str: - data = io.read() - # see https://docs.python.org/3/library/codecs.html#standard-encodings - encoding = (chardetect(data)['encoding'] or getdefaultencoding()).replace( - # replace Windows-encoding with code-page - 'Windows-', 'cp') - return data.decode(encoding, errors) + return bytes2str(io.read(), errors=errors) def io2file(io: BinaryIO, *, errors: str = 'strict') -> str: diff --git a/cyclonedx_py/_internal/utils/pep639.py b/cyclonedx_py/_internal/utils/pep639.py index 83abfd7a..c95a0e4b 100644 --- a/cyclonedx_py/_internal/utils/pep639.py +++ b/cyclonedx_py/_internal/utils/pep639.py @@ -23,13 +23,13 @@ from base64 import b64encode from os.path import join -from typing import TYPE_CHECKING, Generator, Set, Union +from typing import TYPE_CHECKING, Generator from cyclonedx.factory.license import LicenseFactory from cyclonedx.model import AttachedText, Encoding from cyclonedx.model.license import DisjunctiveLicense, LicenseAcknowledgement -from .io import io2str +from .bytes import bytes2str from .mimetypes import guess_type if TYPE_CHECKING: # pragma: no cover @@ -38,89 +38,9 @@ from cyclonedx.model.license import License - -def _try_load(dist: 'Distribution', metadir: str, filename: str) -> Union[str, None]: - # Might raise NotImplementedError in theory - # but nothing we can do in that case. - try: - candidate = dist.locate_file(join(metadir, filename)) - except NotImplementedError: - return None - - if not candidate: - return None - - try: - with open(str(candidate), 'rb') as fin: - return io2str(fin) - except FileNotFoundError: - pass - return None - - -def handle_bad_license_file_encoding( - dist: 'Distribution', - lfile: str, - logger: 'Logger' -) -> Union[str, None]: - # Distribution has no method to find the actual metadata dir, - # e.g. dist-info or egg-info. - # So we mimic the logic in PathDistribution and check both subdirs - content: Union[str, None] = None - for metadir in ('.dist-info', '.egg-info'): - content = _try_load(dist, metadir, lfile) - if content: - break - - if content is None: - logger.debug('Error: license file %r for dist %r is not UTF-8 encoded', - lfile, dist.metadata['Name']) - return content - - -def gather_license_texts( - dist: 'Distribution', - lfiles: Set[str], - logger: 'Logger' -) -> Generator['License', None, None]: - lack = LicenseAcknowledgement.DECLARED - for mlfile in lfiles: - # see spec: https://peps.python.org/pep-0639/#add-license-file-field - # latest spec rev: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020 # noqa: E501 - - # per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. - # but in practice, other locations are used, too. - # loop over the candidate location and pick the first one found. - content = None - for loc in ('licenses', 'license_files', '.'): - path = join(loc, mlfile) - try: - content = dist.read_text(path) - except UnicodeDecodeError: - # Malformed, try harder - content = handle_bad_license_file_encoding(dist, path, logger) - - if content is not None: - break - else: - logger.debug('Error: failed to read license file %r for dist %r', - mlfile, dist.metadata['Name']) - continue - - encoding = None - content_type = guess_type(mlfile) or AttachedText.DEFAULT_CONTENT_TYPE - # per default, license files are human-readable texts. - if not content_type.startswith('text/'): - encoding = Encoding.BASE_64 - content = b64encode(content.encode('utf-8')).decode('ascii') - yield DisjunctiveLicense( - name=f'declared license file: {mlfile}', - acknowledgement=lack, - text=AttachedText( - content=content, - encoding=encoding, - content_type=content_type - )) +# per spec > license files are stored in the `.dist-info/licenses/` subdirectory of the produced wheel. +# but in practice, other locations are used, too. +_LICENSE_LOCATIONS = ('licenses', 'license_files', '') def dist2licenses( @@ -128,12 +48,46 @@ def dist2licenses( gather_text: bool, logger: 'Logger' ) -> Generator['License', None, None]: + lfac = LicenseFactory() + lack = LicenseAcknowledgement.DECLARED metadata = dist.metadata # see https://packaging.python.org/en/latest/specifications/core-metadata/ if (lexp := metadata['License-Expression']) is not None: - lfac = LicenseFactory() - lack = LicenseAcknowledgement.DECLARED # see spec: https://peps.python.org/pep-0639/#add-license-expression-field yield lfac.make_from_string(lexp, license_acknowledgement=lack) - if gather_text and (lfiles := set(fn for fn in metadata.get_all('License-File', ()))): - yield from gather_license_texts(dist, lfiles, logger) + if gather_text: + for mlfile in set(metadata.get_all('License-File', ())): + # see spec: https://peps.python.org/pep-0639/#add-license-file-field + # latest spec rev: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020 # noqa: E501 + content = None + for mlpath in _LICENSE_LOCATIONS: + try: + content = dist.read_text(join(mlpath, mlfile)) + except UnicodeDecodeError as err: + try: + content = bytes2str(err.object) + except UnicodeDecodeError: + pass + else: + break # for-loop + else: + if content is not None: + break # for-loop + if content is None: # pragma: no cover + logger.debug('Error: failed to read license file %r for dist %r', + mlfile, metadata['Name']) + continue + encoding = None + content_type = guess_type(mlfile) or AttachedText.DEFAULT_CONTENT_TYPE + # per default, license files are human-readable texts. + if not content_type.startswith('text/'): + encoding = Encoding.BASE_64 + content = b64encode(content.encode('utf-8')).decode('ascii') + yield DisjunctiveLicense( + name=f'declared license file: {mlfile}', + acknowledgement=lack, + text=AttachedText( + content=content, + encoding=encoding, + content_type=content_type + )) diff --git a/tests/_data/infiles/environment/with-license-pep639/init.py b/tests/_data/infiles/environment/with-license-pep639/init.py index 688da32d..8a849857 100644 --- a/tests/_data/infiles/environment/with-license-pep639/init.py +++ b/tests/_data/infiles/environment/with-license-pep639/init.py @@ -74,7 +74,8 @@ def main() -> None: # with expression-like License AND License-File 'cryptography==43.0.1', # https://github.com/CycloneDX/cyclonedx-python/issues/826 # with possibly unexpected license files - "../../_helpers/local_pckages/with-license-pep639_regression-issue868", # https://github.com/CycloneDX/cyclonedx-python/issues/868 + # https://github.com/CycloneDX/cyclonedx-python/issues/868 + "../../_helpers/local_pckages/with-license-pep639_regression-issue868", ) diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin index e188a2e0..afe85637 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.1.xml.bin @@ -1013,6 +1013,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin index a604e31c..b50bf7d0 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.json.bin @@ -326,6 +326,24 @@ } } }, + { + "license": { + "name": "declared license file: my_licenses/utf-16be_withBOM.txt", + "text": { + "content": "this file is\r\nutf-16be encoded\r\nwith BOM\r\n\ud83d\ude03\r\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: my_licenses/utf-16le_withBOM.txt", + "text": { + "content": "this file is\nutf-16le encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, { "license": { "name": "declared license file: my_licenses/utf-8_noBOM.txt", diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin index 91d636de..b04e1589 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.2.xml.bin @@ -1032,6 +1032,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin index 7541ed14..2ed3df25 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.json.bin @@ -357,6 +357,24 @@ } } }, + { + "license": { + "name": "declared license file: my_licenses/utf-16be_withBOM.txt", + "text": { + "content": "this file is\r\nutf-16be encoded\r\nwith BOM\r\n\ud83d\ude03\r\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: my_licenses/utf-16le_withBOM.txt", + "text": { + "content": "this file is\nutf-16le encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, { "license": { "name": "declared license file: my_licenses/utf-8_noBOM.txt", diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin index d8e87749..f08f41b6 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.3.xml.bin @@ -1283,6 +1283,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin index 961b451d..246ae8d2 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.json.bin @@ -357,6 +357,24 @@ } } }, + { + "license": { + "name": "declared license file: my_licenses/utf-16be_withBOM.txt", + "text": { + "content": "this file is\r\nutf-16be encoded\r\nwith BOM\r\n\ud83d\ude03\r\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: my_licenses/utf-16le_withBOM.txt", + "text": { + "content": "this file is\nutf-16le encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, { "license": { "name": "declared license file: my_licenses/utf-8_noBOM.txt", diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin index 9bf1df86..72074d83 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.4.xml.bin @@ -1310,6 +1310,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin index 41da1dff..094a59f8 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.json.bin @@ -357,6 +357,24 @@ } } }, + { + "license": { + "name": "declared license file: my_licenses/utf-16be_withBOM.txt", + "text": { + "content": "this file is\r\nutf-16be encoded\r\nwith BOM\r\n\ud83d\ude03\r\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "name": "declared license file: my_licenses/utf-16le_withBOM.txt", + "text": { + "content": "this file is\nutf-16le encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, { "license": { "name": "declared license file: my_licenses/utf-8_noBOM.txt", diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin index ef2e71dc..7916b625 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.5.xml.bin @@ -1320,6 +1320,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin index 1bf0e896..d380fdb3 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.json.bin @@ -382,6 +382,26 @@ } } }, + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: my_licenses/utf-16be_withBOM.txt", + "text": { + "content": "this file is\r\nutf-16be encoded\r\nwith BOM\r\n\ud83d\ude03\r\n", + "contentType": "text/plain" + } + } + }, + { + "license": { + "acknowledgement": "declared", + "name": "declared license file: my_licenses/utf-16le_withBOM.txt", + "text": { + "content": "this file is\nutf-16le encoded\nwith BOM\n\ud83d\ude03\n", + "contentType": "text/plain" + } + } + }, { "license": { "acknowledgement": "declared", diff --git a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin index a9a8ce68..28cea090 100644 --- a/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin +++ b/tests/_data/snapshots/environment/pep639-texts_with-license-pep639_1.6.xml.bin @@ -1320,6 +1320,22 @@ The isoschematron implementation uses several XSL and RelaxNG resources: declared license file: my_licenses/richtext.rtf e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcbm91aWNvbXBhdFxkZWZsYW5nMTAzMXtcZm9udHRibHtcZjBcZm5pbFxmY2hhcnNldDAgQ2FsaWJyaTt9fQp7XCpcZ2VuZXJhdG9yIFJpY2hlZDIwIDEwLjAuMTkwNDF9XHZpZXdraW5kNFx1YzEgClxwYXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcZjBcZnMyMlxsYW5nNyBSVEYgTGljZW5zZSBGaWxlXHBhcgp9CgA= + + declared license file: my_licenses/utf-16be_withBOM.txt + this file is +utf-16be encoded +with BOM +πŸ˜ƒ + + + + declared license file: my_licenses/utf-16le_withBOM.txt + this file is +utf-16le encoded +with BOM +πŸ˜ƒ + + declared license file: my_licenses/utf-8_noBOM.txt this file is From f4ea6709ee1c1614b2dc2180094dad97581e0a3c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 14:52:18 +0200 Subject: [PATCH 10/12] tidy Signed-off-by: Jan Kowalleck --- tests/_data/infiles/environment/with-license-pep639/init.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/_data/infiles/environment/with-license-pep639/init.py b/tests/_data/infiles/environment/with-license-pep639/init.py index 8a849857..80afe967 100644 --- a/tests/_data/infiles/environment/with-license-pep639/init.py +++ b/tests/_data/infiles/environment/with-license-pep639/init.py @@ -75,7 +75,7 @@ def main() -> None: 'cryptography==43.0.1', # https://github.com/CycloneDX/cyclonedx-python/issues/826 # with possibly unexpected license files # https://github.com/CycloneDX/cyclonedx-python/issues/868 - "../../_helpers/local_pckages/with-license-pep639_regression-issue868", + '../../_helpers/local_pckages/with-license-pep639_regression-issue868', ) From 3be391dbb7feeeec19c690b35ba2ae4de102f96f Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Thu, 24 Apr 2025 16:20:22 +0200 Subject: [PATCH 11/12] Add better rtf mimetype Signed-off-by: Michael Schlenker --- cyclonedx_py/_internal/utils/mimetypes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cyclonedx_py/_internal/utils/mimetypes.py b/cyclonedx_py/_internal/utils/mimetypes.py index 6ac49b08..0d447c42 100644 --- a/cyclonedx_py/_internal/utils/mimetypes.py +++ b/cyclonedx_py/_internal/utils/mimetypes.py @@ -29,6 +29,7 @@ '.md': 'text/markdown', '.txt': 'text/plain', '.rst': 'text/prs.fallenstein.rst', + '.rtf': 'application/rtf', '.xml': 'text/xml', # not `application/xml` -- our scope is text! # license-specific files '.license': _MIME_TEXT_PLAIN, From 29f0488b1785d85481651b47a7ab5cd028fcfffe Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Thu, 24 Apr 2025 16:27:13 +0200 Subject: [PATCH 12/12] Revert "Add better rtf mimetype" This reverts commit 3be391dbb7feeeec19c690b35ba2ae4de102f96f. --- cyclonedx_py/_internal/utils/mimetypes.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cyclonedx_py/_internal/utils/mimetypes.py b/cyclonedx_py/_internal/utils/mimetypes.py index 0d447c42..6ac49b08 100644 --- a/cyclonedx_py/_internal/utils/mimetypes.py +++ b/cyclonedx_py/_internal/utils/mimetypes.py @@ -29,7 +29,6 @@ '.md': 'text/markdown', '.txt': 'text/plain', '.rst': 'text/prs.fallenstein.rst', - '.rtf': 'application/rtf', '.xml': 'text/xml', # not `application/xml` -- our scope is text! # license-specific files '.license': _MIME_TEXT_PLAIN,