Check for proper case in boolean tag/values

Fixes #52 Signed-off-by: Gary O'Neall <[email protected]>
spdx · Dec 17, 2023 · 11a7e2f · 11a7e2f
1 parent dc0e5a0
commit 11a7e2f
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 2 deletions.
diff --git a/src/main/java/org/spdx/tag/BuildDocument.java b/src/main/java/org/spdx/tag/BuildDocument.java
@@ -1079,10 +1079,16 @@ private void buildPackage(SpdxPackage pkg, String tag, String value, int lineNum
 			}
 			pkg.setPrimaryPurpose(purpose);
 		} else if (tag.equals(constants.getProperty("PROP_PACKAGE_FILES_ANALYZED"))) {
-			if ("TRUE".equals(value.toUpperCase())) {
+			if ("true".equals(value.toLowerCase())) {
 				pkg.setFilesAnalyzed(true);
-			} else if ("FALSE".equals(value.toUpperCase())) {
+				if (!"true".equals(value)) {
+					this.warningMessages.add("Warning: Invalid case for boolean value.  Expected 'true', found '"+value+"'");
+				}
+			} else if ("false".equals(value.toLowerCase())) {
 				pkg.setFilesAnalyzed(false);
+				if (!"false".equals(value)) {
+					this.warningMessages.add("Warning: Invalid case for boolean value.  Expected 'false', found '"+value+"'");
+				}
 			} else {
 				throw(new InvalidSpdxTagFileException("Invalid value for files analyzed.  Must be 'true' or 'false'.  Found value: "+value+" at line number "+lineNumber));
 			}

diff --git a/src/test/java/org/spdx/tagvaluestore/TagValueStoreTest.java b/src/test/java/org/spdx/tagvaluestore/TagValueStoreTest.java
@@ -46,6 +46,7 @@ public class TagValueStoreTest extends TestCase {
 
 	static final String TAG_VALUE_FILE_PATH = "testResources" + File.separator + "SPDXTagExample-v2.3.spdx";
 	private static final String ARTIFACT_OF_FILE_PATH = "testResources" + File.separator + "artifactof.spdx";
+	private static final String CASE_FILE_PATH = "testResources" + File.separator + "case.spdx";
 
 
 	/* (non-Javadoc)
@@ -119,5 +120,15 @@ public void testArtifactOf() throws InvalidSPDXAnalysisException, IOException {
 		SpdxPackage relatedPackage = (SpdxPackage)(relationships[0].getRelatedSpdxElement().get());
 		assertEquals("AcmeTest", relatedPackage.getName().get());
 	}
+
+	public void testCaseWarning() throws InvalidSPDXAnalysisException, IOException {
+		File tagValueFile = new File(CASE_FILE_PATH);
+		TagValueStore tvs = new TagValueStore(new InMemSpdxStore());
+		String docUri = null;
+		try (InputStream tagValueInput = new FileInputStream(tagValueFile)) {
+			docUri = tvs.deSerialize(tagValueInput, false);
+		}
+		assertEquals(1, tvs.getWarnings().size());
+	}
 
 }
diff --git a/testResources/case.spdx b/testResources/case.spdx
@@ -0,0 +1,57 @@
+SPDXVersion: SPDX-2.2
+DataLicense: CC0-1.0
+SPDXID: SPDXRef-DOCUMENT
+DocumentName: hello
+DocumentNamespace: https://swinslow.net/spdx-examples/example1/hello-v3
+Creator: Person: Steve Winslow ([email protected])
+Creator: Tool: github.com/spdx/tools-golang/builder
+Creator: Tool: github.com/spdx/tools-golang/idsearcher
+Created: 2021-08-26T01:46:00Z
+
+##### Package: hello
+
+PackageName: hello
+SPDXID: SPDXRef-Package-hello
+PackageDownloadLocation: git+https://github.com/swinslow/spdx-examples.git#example1/content
+FilesAnalyzed: TRUE
+PackageVerificationCode: 9d20237bb72087e87069f96afb41c6ca2fa2a342
+PackageLicenseConcluded: GPL-3.0-or-later
+PackageLicenseInfoFromFiles: GPL-3.0-or-later
+PackageLicenseDeclared: GPL-3.0-or-later
+PackageCopyrightText: NOASSERTION
+
+Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-hello
+
+FileName: ./build/hello
+SPDXID: SPDXRef-hello-binary
+FileType: BINARY
+FileChecksum: SHA1: 20291a81ef065ff891b537b64d4fdccaf6f5ac02
+FileChecksum: SHA256: 83a33ff09648bb5fc5272baca88cf2b59fd81ac4cc6817b86998136af368708e
+FileChecksum: MD5: 08a12c966d776864cc1eb41fd03c3c3d
+LicenseConcluded: GPL-3.0-or-later
+LicenseInfoInFile: NOASSERTION
+FileCopyrightText: NOASSERTION
+
+FileName: ./src/Makefile
+SPDXID: SPDXRef-Makefile
+FileType: SOURCE
+FileChecksum: SHA1: 69a2e85696fff1865c3f0686d6c3824b59915c80
+FileChecksum: SHA256: 5da19033ba058e322e21c90e6d6d859c90b1b544e7840859c12cae5da005e79c
+FileChecksum: MD5: 559424589a4f3f75fd542810473d8bc1
+LicenseConcluded: GPL-3.0-or-later
+LicenseInfoInFile: GPL-3.0-or-later
+FileCopyrightText: NOASSERTION
+
+FileName: ./src/hello.c
+SPDXID: SPDXRef-hello-src
+FileType: SOURCE
+FileChecksum: SHA1: 20862a6d08391d07d09344029533ec644fac6b21
+FileChecksum: SHA256: b4e5ca56d1f9110ca94ed0bf4e6d9ac11c2186eb7cd95159c6fdb50e8db5a823
+FileChecksum: MD5: 935054fe899ca782e11003bbae5e166c
+LicenseConcluded: GPL-3.0-or-later
+LicenseInfoInFile: GPL-3.0-or-later
+FileCopyrightText: Copyright Contributors to the spdx-examples project.
+
+Relationship: SPDXRef-hello-binary GENERATED_FROM SPDXRef-hello-src
+Relationship: SPDXRef-hello-binary GENERATED_FROM SPDXRef-Makefile
+Relationship: SPDXRef-Makefile BUILD_TOOL_OF SPDXRef-Package-hello