Fix the spdx bug (#194)

dd-jy · web-flow · commit 29a03988a09b · 2024-10-08T13:21:28.000+09:00
Signed-off-by: jiyeong.seok &lt;jiyeong.seok@lge.com&gt;
diff --git a/src/fosslight_util/oss_item.py b/src/fosslight_util/oss_item.py
@@ -5,6 +5,7 @@
 
 import logging
 import os
+import hashlib
 from fosslight_util.constant import LOGGER_NAME, FOSSLIGHT_SCANNER
 from fosslight_util.cover import CoverItem
 from typing import List, Dict
@@ -171,6 +172,22 @@ def get_print_json(self):
         return items
 
 
+def get_checksum_sha1(source_name_or_path) -> str:
+    checksum = CHECKSUM_NULL
+    try:
+        checksum = str(hashlib.sha1(source_name_or_path.encode()).hexdigest())
+    except Exception:
+        try:
+            f = open(source_name_or_path, "rb")
+            byte = f.read()
+            checksum = str(hashlib.sha1(byte).hexdigest())
+            f.close()
+        except Exception as ex:
+            _logger.info(f"(Error) Get_checksum: {ex}")
+
+    return checksum
+
+
 def invalid(cmd):
     _logger.info('[{}] is invalid'.format(cmd))
 
diff --git a/src/fosslight_util/write_spdx.py b/src/fosslight_util/write_spdx.py
@@ -12,6 +12,7 @@
 from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
 from fosslight_util.constant import (LOGGER_NAME, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SCANNER,
                                      FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE)
+from fosslight_util.oss_item import CHECKSUM_NULL, get_checksum_sha1
 import traceback
 
 logger = logging.getLogger(LOGGER_NAME)
@@ -85,6 +86,14 @@ def write_spdx(output_file_without_ext, output_extension, scan_item, spdx_versio
                 for file_item in file_items:
                     file = ''  # file의 license, copyright은 oss item에서 append
                     if scanner_name in [FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE]:
+                        if file_item.exclude:
+                            continue
+                        if file_item.checksum == CHECKSUM_NULL:
+                            if os.path.exists(file_item.source_name_or_path):
+                                file_item.checksum = get_checksum_sha1(file_item.source_name_or_path)
+                            if file_item.checksum == CHECKSUM_NULL:
+                                logger.info(f'Failed to get checksum, Skip: {file_item.source_name_or_path}')
+                                continue
                         file_id += 1
                         file = File(name=file_item.source_name_or_path,
                                     spdx_id=f'SPDXRef-File{file_id}',
