diff --git a/src/main/java/org/spdx/maven/Annotation.java b/src/main/java/org/spdx/maven/Annotation.java index 2fb1f0d..0f6281e 100644 --- a/src/main/java/org/spdx/maven/Annotation.java +++ b/src/main/java/org/spdx/maven/Annotation.java @@ -23,9 +23,8 @@ * Simple class to hold an SPDX Annotation. * * @author Gary O'Neall - * @see org.spdx.library.model.Annotation - * @see AnnotationType */ +@SuppressWarnings("unused") public class Annotation { private static final Logger LOG = LoggerFactory.getLogger( Annotation.class ); @@ -122,7 +121,6 @@ public void setAnnotationComment( String annotationComment ) public void logInfo() { - LOG.debug( - "Annotator: " + this.annotator + ", Date: " + this.annotationDate + ", Type: " + this.annotationType ); + LOG.debug( "Annotator: {}, Date: {}, Type: {}", this.annotator, this.annotationDate, this.annotationType ); } } \ No newline at end of file diff --git a/src/main/java/org/spdx/maven/Checksum.java b/src/main/java/org/spdx/maven/Checksum.java index d86bba1..17dde3c 100644 --- a/src/main/java/org/spdx/maven/Checksum.java +++ b/src/main/java/org/spdx/maven/Checksum.java @@ -55,6 +55,7 @@ public String getAlgorithm() /** * @param algorithm the algorithm to set */ + @SuppressWarnings("unused") public void setAlgorithm( String algorithm ) { this.algorithm = algorithm; diff --git a/src/main/java/org/spdx/maven/CreateSpdxMojo.java b/src/main/java/org/spdx/maven/CreateSpdxMojo.java index 7974f25..400a1b2 100644 --- a/src/main/java/org/spdx/maven/CreateSpdxMojo.java +++ b/src/main/java/org/spdx/maven/CreateSpdxMojo.java @@ -57,13 +57,8 @@ import java.io.File; import java.net.URI; import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; +import java.util.*; import java.util.Map.Entry; -import java.util.Set; /** * NOTE: Currently this is a prototype plugin for supporting SPDX in a Maven build. @@ -91,6 +86,7 @@ *

* Additional SPDX fields are supplied as configuration parameters to this plugin. */ +@SuppressWarnings({"unused", "DefaultAnnotationParam"}) @Mojo( name = "createSPDX", defaultPhase = LifecyclePhase.VERIFY, requiresOnline = true, @@ -567,7 +563,7 @@ public void execute() throws MojoExecutionException // check errors List spdxErrors = builder.verify(); - if ( spdxErrors != null && spdxErrors.size() > 0 ) + if ( spdxErrors != null && !spdxErrors.isEmpty() ) { getLog().warn( "The following errors were found in the SPDX file:\n " + String.join( "\n ", spdxErrors ) ); } @@ -597,6 +593,7 @@ private OutputFormat prepareOutput() throw new MojoExecutionException( "Invalid path for SPDX output file. " + "Specify a configuration parameter spdxFile with a valid directory path to resolve." ); } + //noinspection ResultOfMethodCallIgnored outputDir.mkdirs(); return outputFormatEnum; } @@ -622,12 +619,12 @@ private AbstractDocumentBuilder initSpdxDocumentBuilder( OutputFormat outputForm URI namespaceUri = new URI( spdxDocumentNamespace ); if ( SpdxMajorVersion.VERSION_3.equals( outputFormatEnum.getSpecVersion() ) ) { builder = new SpdxV3DocumentBuilder( mavenProject, generatePurls, spdxFile, namespaceUri, - this.matchLicensesOnCrossReferenceUrls, outputFormatEnum ); + outputFormatEnum ); } else { builder = new SpdxV2DocumentBuilder( mavenProject, generatePurls, spdxFile, namespaceUri, - this.matchLicensesOnCrossReferenceUrls, outputFormatEnum ); + outputFormatEnum ); } } @@ -662,8 +659,8 @@ private AbstractDocumentBuilder initSpdxDocumentBuilder( OutputFormat outputForm * Collect dependency information from Maven dependencies and adds it to the builder SPDX document * * @param builder SPDX document builder - * @throws LicenseMapperException - * @throws InvalidSPDXAnalysisException + * @throws LicenseMapperException on errors related to mapping Maven licenses to SPDX licenses + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private void buildSpdxDependencyInformation( AbstractDocumentBuilder builder, OutputFormat outputFormatEnum ) throws LicenseMapperException, InvalidSPDXAnalysisException, DependencyGraphBuilderException @@ -708,19 +705,16 @@ private void logFileSpecificInfo( HashMap fi /** * Get the patch specific information * - * @param projectDefault - * @param spdxDoc SPDX document containing any extracted license infos - * @return - * @throws MojoExecutionException + * @param projectDefault default file information if no path specific overrides are present + * @return map path to project specific SPDX parameters */ - private HashMap getPathSpecificInfoFromParameters( SpdxDefaultFileInformation projectDefault ) throws MojoExecutionException - { + private HashMap getPathSpecificInfoFromParameters( SpdxDefaultFileInformation projectDefault ) { HashMap retval = new HashMap<>(); if ( this.pathsWithSpecificSpdxInfo != null ) { for ( PathSpecificSpdxInfo spdxInfo : this.pathsWithSpecificSpdxInfo ) { - SpdxDefaultFileInformation value = null; + SpdxDefaultFileInformation value; value = spdxInfo.getDefaultFileInformation( projectDefault ); if ( retval.containsKey( spdxInfo.getPath() ) ) { @@ -735,7 +729,7 @@ private HashMap getPathSpecificInfoFromParam /** * Primarily for debugging purposes - logs nonStandardLicenses as info * - * @param nonStandardLicenses + * @param nonStandardLicenses non standard licenses to log */ private void logNonStandardLicenses( NonStandardLicense[] nonStandardLicenses ) { @@ -763,7 +757,7 @@ private void logNonStandardLicenses( NonStandardLicense[] nonStandardLicenses ) /** * Primarily for debugging purposes - logs includedDirectories as info * - * @param includedDirectories + * @param includedDirectories included directory fileSet to log */ private void logIncludedDirectories( List includedDirectories ) { @@ -792,12 +786,9 @@ private void logIncludedDirectories( List includedDirectories ) } /** - * @param spdxDoc SPDX Document containing any extracted license infos * @return default file information from the plugin parameters - * @throws MojoExecutionException */ - private SpdxDefaultFileInformation getDefaultFileInfoFromParameters() throws MojoExecutionException - { + private SpdxDefaultFileInformation getDefaultFileInfoFromParameters() { SpdxDefaultFileInformation retval; retval = new SpdxDefaultFileInformation(); retval.setComment( defaultFileComment ); @@ -823,17 +814,16 @@ private SpdxDefaultFileInformation getDefaultFileInfoFromParameters() throws Moj * " is prepended * * @param builder SPDX document builder - * @return - * @throws MojoExecutionException + * @return SPDX project level information */ - private SpdxProjectInformation getSpdxProjectInfoFromParameters( AbstractDocumentBuilder builder ) throws MojoExecutionException, InvalidSPDXAnalysisException + private SpdxProjectInformation getSpdxProjectInfoFromParameters( AbstractDocumentBuilder builder ) throws InvalidSPDXAnalysisException { SpdxProjectInformation retval = new SpdxProjectInformation(); if ( this.documentComment != null ) { retval.setDocumentComment( this.documentComment ); } - String declaredLicense = null; + String declaredLicense; if ( this.licenseDeclared == null ) { List mavenLicenses = mavenProject.getLicenses(); @@ -851,7 +841,7 @@ private SpdxProjectInformation getSpdxProjectInfoFromParameters( AbstractDocumen { declaredLicense = this.licenseDeclared.trim(); } - String concludedLicense = null; + String concludedLicense; if ( this.licenseConcluded == null ) { concludedLicense = declaredLicense; @@ -866,7 +856,7 @@ private SpdxProjectInformation getSpdxProjectInfoFromParameters( AbstractDocumen { this.creators = new String[0]; } - String[] allCreators = (String[]) Arrays.copyOf( creators, creators.length + 1 ); + String[] allCreators = Arrays.copyOf( creators, creators.length + 1 ); allCreators[allCreators.length - 1] = CREATOR_TOOL_MAVEN_PLUGIN; retval.setCreators( allCreators ); retval.setCopyrightText( this.copyrightText ); @@ -955,7 +945,7 @@ private SpdxProjectInformation getSpdxProjectInfoFromParameters( AbstractDocumen /** * Get the default project name if no project name is specified in the POM * - * @return + * @return the default project name if no project name is specified in the POM */ private String getDefaultProjectName() { @@ -1010,10 +1000,7 @@ private Set getChecksumAlgorithms() algorithms.add( "SHA1" ); if ( checksumAlgorithms != null ) { - for ( String checksumAlgorithm : checksumAlgorithms ) - { - algorithms.add( checksumAlgorithm ); - } + Collections.addAll( algorithms, checksumAlgorithms ); } return algorithms; } diff --git a/src/main/java/org/spdx/maven/ExternalReference.java b/src/main/java/org/spdx/maven/ExternalReference.java index 0de1ed5..37e778b 100644 --- a/src/main/java/org/spdx/maven/ExternalReference.java +++ b/src/main/java/org/spdx/maven/ExternalReference.java @@ -20,10 +20,9 @@ * enumerations, asset identifiers, or downloadable content believed to be relevant to the Package. * * @author Gary O'Neall - * @see ExternalRef - * @see ReferenceType - * @see ReferenceCategory + * */ +@SuppressWarnings("unused") public class ExternalReference { private String category; diff --git a/src/main/java/org/spdx/maven/NonStandardLicense.java b/src/main/java/org/spdx/maven/NonStandardLicense.java index 78dd59d..7749cd9 100644 --- a/src/main/java/org/spdx/maven/NonStandardLicense.java +++ b/src/main/java/org/spdx/maven/NonStandardLicense.java @@ -16,9 +16,10 @@ package org.spdx.maven; import java.net.URL; +import java.util.Objects; /** - * Non-standard license (e.g. license which is not in the SPDX standard license list http://spdx.org/licenses) + * Non-standard license (e.g. license which is not in the SPDX standard license list) * * @author Gary O'Neall */ @@ -94,11 +95,7 @@ public String getName() */ public String getComment() { - if ( comment == null ) - { - return ""; - } - return comment; + return Objects.requireNonNullElse( comment, "" ); } /** diff --git a/src/main/java/org/spdx/maven/OutputFormat.java b/src/main/java/org/spdx/maven/OutputFormat.java index 4efc299..d4c2c57 100644 --- a/src/main/java/org/spdx/maven/OutputFormat.java +++ b/src/main/java/org/spdx/maven/OutputFormat.java @@ -35,8 +35,8 @@ public enum OutputFormat private final String fileType; private final SpdxMajorVersion specVersion; - private OutputFormat(final String value, final String artifactType, final String fileType, - final SpdxMajorVersion specVersion) + OutputFormat( final String value, final String artifactType, final String fileType, + final SpdxMajorVersion specVersion ) { this.value = value; this.artifactType = artifactType; diff --git a/src/main/java/org/spdx/maven/Packaging.java b/src/main/java/org/spdx/maven/Packaging.java index cadefe2..153b7c3 100644 --- a/src/main/java/org/spdx/maven/Packaging.java +++ b/src/main/java/org/spdx/maven/Packaging.java @@ -37,7 +37,7 @@ public enum Packaging private final Purpose v2Purpose; private final SoftwarePurpose softwarePurpose; - private Packaging(final String name, final Purpose v2purpose, final SoftwarePurpose v3softwarePurpose) + Packaging( final String name, final Purpose v2purpose, final SoftwarePurpose v3softwarePurpose ) { this.name = name; this.v2Purpose = v2purpose; diff --git a/src/main/java/org/spdx/maven/PathSpecificSpdxInfo.java b/src/main/java/org/spdx/maven/PathSpecificSpdxInfo.java index 06fe049..1035d61 100644 --- a/src/main/java/org/spdx/maven/PathSpecificSpdxInfo.java +++ b/src/main/java/org/spdx/maven/PathSpecificSpdxInfo.java @@ -24,6 +24,7 @@ * * @author Gary O'Neall */ +@SuppressWarnings("unused") public class PathSpecificSpdxInfo { /** @@ -82,7 +83,7 @@ public class PathSpecificSpdxInfo * or (d) NOASSERTION, if the SPDX file creator has not examined the contents of the actual file or the SPDX file * creator has intentionally provided no information (no meaning should be implied by doing so). For a license set, * when there is a choice between licenses (“disjunctive license”), they should be separated with “or” and enclosed - * in brackets. Similarly when multiple licenses need to be applied (“conjunctive license”), they should be + * in brackets. Similarly, when multiple licenses need to be applied (“conjunctive license”), they should be * separated with “and” and enclosed in parentheses. */ private String licenseInformationInFile; @@ -101,10 +102,8 @@ public PathSpecificSpdxInfo() * Get the default file information to be used with this file path * * @param defaults Default file information to use if the parameter was not specified for this file path - * @param spdxDoc SPDX document containing any extracted license infos that may be needed for concluded or declared - * licenses + * @return default file information to be used with this file path - * @throws InvalidSPDXAnalysisException */ public SpdxDefaultFileInformation getDefaultFileInformation( SpdxDefaultFileInformation defaults ) { diff --git a/src/main/java/org/spdx/maven/SnippetInfo.java b/src/main/java/org/spdx/maven/SnippetInfo.java index a0620a1..60c3a31 100644 --- a/src/main/java/org/spdx/maven/SnippetInfo.java +++ b/src/main/java/org/spdx/maven/SnippetInfo.java @@ -57,26 +57,26 @@ public void logInfo() LOG.debug( "Snippet information follows:" ); if ( this.name != null ) { - LOG.debug( "Name: " + this.name ); + LOG.debug( "Name: {}", this.name ); } - LOG.debug( "Byte range: " + this.byteRange ); + LOG.debug( "Byte range: {}", this.byteRange ); if ( this.comment != null ) { - LOG.debug( "Comment: " + this.comment ); + LOG.debug( "Comment: {}", this.comment ); } - LOG.debug( "Concluded license: " + this.concludedLicense ); + LOG.debug( "Concluded license: {}", this.concludedLicense ); if ( this.copyrightText != null ) { - LOG.debug( "Copyright: " + this.copyrightText ); + LOG.debug( "Copyright: {}", this.copyrightText ); } if ( this.licenseComment != null ) { - LOG.debug( "License comment: " + this.licenseComment ); + LOG.debug( "License comment: {}", this.licenseComment ); } - LOG.debug( "License info in Snippet: " + this.licenseInfoInSnippet ); + LOG.debug( "License info in Snippet: {}", this.licenseInfoInSnippet ); if ( this.lineRange != null ) { - LOG.debug( "Line range: " + this.lineRange ); + LOG.debug( "Line range: {}", this.lineRange ); } } diff --git a/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java b/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java index fee8344..04b0a9b 100644 --- a/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java +++ b/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java @@ -27,7 +27,7 @@ /** * Contains information about package dependencies collected from the Maven dependencies. - * + *

* Subclasses implement dependency information specific to SPDX spec major versions * * @author Gary O'Neall @@ -107,7 +107,7 @@ abstract void addMavenDependency( CoreModelObject parentPackage, DependencyNode if ( versionFilter == null || versionFilter.equals( of.getSpecVersion() )) { File retval = getFileWithDifferentType( file, of.getFileType() ); - if ( retval != null && retval.exists() ) { + if ( retval.exists() ) { return retval; } } @@ -131,8 +131,7 @@ private File getFileWithDifferentType( File file, String type ) filePath = filePath.substring( 0, indexOfDot + 1 ); } filePath = filePath + type; - File retval = new File( filePath ); - return retval; + return new File( filePath ); } private void logDependencies( List dependencies ) @@ -157,15 +156,14 @@ private void logDependencies( List dependencies ) Artifact dependency = node.getArtifact(); String filePath = dependency.getFile() != null ? dependency.getFile().getAbsolutePath() : "[NONE]"; String scope = dependency.getScope() != null ? dependency.getScope() : "[NONE]"; - LOG.debug( - "ArtifactId: " + dependency.getArtifactId() + ", file path: " + filePath + ", Scope: " + scope ); + LOG.debug("ArtifactId: {}, file path: {}, Scope: {}", dependency.getArtifactId(), filePath, scope); } } /** * Make an external document reference ID valid by replacing any invalid characters with dashes * - * @param externalRefId + * @param externalRefId ID for external reference * @return valid external ref ID */ protected String fixExternalRefId( String externalRefId ) diff --git a/src/main/java/org/spdx/maven/utils/AbstractDocumentBuilder.java b/src/main/java/org/spdx/maven/utils/AbstractDocumentBuilder.java index bb066d3..107bb21 100644 --- a/src/main/java/org/spdx/maven/utils/AbstractDocumentBuilder.java +++ b/src/main/java/org/spdx/maven/utils/AbstractDocumentBuilder.java @@ -24,7 +24,7 @@ /** * Abstract class to create SPDX documents. - * + *

* Subclasses of this class implement specific SPDX specification versions of the document * * @author Gary O'Neall @@ -38,7 +38,6 @@ public abstract class AbstractDocumentBuilder protected boolean generatePurls; protected File spdxFile; protected OutputFormat outputFormatEnum; - protected boolean matchLicensesOnCrossReferenceUrls; protected ISerializableModelStore modelStore; protected ModelCopyManager copyManager; protected DateFormat format = new SimpleDateFormat( SpdxConstantsCompatV2.SPDX_DATE_FORMAT ); @@ -104,7 +103,7 @@ public AbstractDocumentBuilder( MavenProject project, boolean generatePurls, Fil * @param baseDir project base directory used to construct the relative paths for the SPDX * files * @param pathSpecificInformation Map of path to file information used to override the default file information - * @param algorithms algorithms to use to generate checksums + * @param checksumAlgorithms algorithms to use to generate checksums * @throws SpdxBuilderException on errors collecting files */ public abstract void collectSpdxFileInformation( List sources, String baseDir, @@ -120,7 +119,7 @@ public abstract void collectSpdxFileInformation( List sources, String b public abstract void saveSpdxDocumentToFile() throws SpdxBuilderException; /** - * @param nonStandardLicenses + * @param nonStandardLicenses non standard licenses to add */ public abstract void addNonStandardLicenses( NonStandardLicense[] nonStandardLicenses ) throws SpdxBuilderException; diff --git a/src/main/java/org/spdx/maven/utils/AbstractFileCollector.java b/src/main/java/org/spdx/maven/utils/AbstractFileCollector.java index 5393255..944d832 100644 --- a/src/main/java/org/spdx/maven/utils/AbstractFileCollector.java +++ b/src/main/java/org/spdx/maven/utils/AbstractFileCollector.java @@ -13,7 +13,6 @@ import java.util.Collection; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.Map; import java.util.Properties; import java.util.Set; @@ -28,7 +27,7 @@ /** * Collects SPDX file information from directories. - * + *

* Concrete subclasses implement specific SPDX spec specific formats * * @author Gary O'Neall @@ -77,26 +76,19 @@ private static void loadFileExtensionConstants() return; } prop.load( is ); - Iterator> iter = prop.entrySet().iterator(); - while ( iter.hasNext() ) - { - Entry entry = iter.next(); - String fileTypeStr = (String)entry.getKey(); - FileType fileType = FileType.valueOf( fileTypeStr ); - String[] extensions = ((String)entry.getValue()).split( "," ); - for ( String extension:extensions ) - { - try - { + for (Entry entry : prop.entrySet()) { + String fileTypeStr = (String) entry.getKey(); + FileType fileType = FileType.valueOf(fileTypeStr); + String[] extensions = ((String) entry.getValue()).split(","); + for (String extension : extensions) { + try { String trimmedExtension = extension.toUpperCase().trim(); - if ( EXT_TO_FILE_TYPE.containsKey( trimmedExtension ) ) - { - LOG.warn( "Duplicate file extension: "+trimmedExtension ); + if (EXT_TO_FILE_TYPE.containsKey(trimmedExtension)) { + LOG.warn("Duplicate file extension: {}", trimmedExtension); } - EXT_TO_FILE_TYPE.put( trimmedExtension, fileType ); - } - catch ( Exception ex ) { - LOG.error( "Error adding file extensions to filetype map", ex ); + EXT_TO_FILE_TYPE.put(trimmedExtension, fileType); + } catch (Exception ex) { + LOG.error("Error adding file extensions to filetype map", ex); } } } @@ -123,7 +115,7 @@ public String getExtension( File file ) } /** - * @param fileTypes + * @param fileTypes list of file types for the file * @return true if the fileTypes contain a source file type */ protected boolean isSourceFile( Collection fileTypes ) @@ -143,7 +135,7 @@ protected boolean isSourceFile( Collection fileTypes ) * * @param filePath system specific file path relative to the top of the archive root to the top of the archive * directory where the file is stored. - * @return + * @return valid SPDX file name per the spec */ public String convertFilePathToSpdxFileName( String filePath ) { @@ -164,8 +156,8 @@ protected static FileType extensionToFileType( String fileExtension ) /** * Converts an array of bytes to a string compliant with the SPDX sha1 representation * - * @param digestBytes - * @return + * @param digestBytes result of a checksum digest calculation + * @return string representation of the checksum per the SPDX specification */ public static String convertChecksumToString( byte[] digestBytes ) { @@ -187,10 +179,9 @@ public static String convertChecksumToString( byte[] digestBytes ) * {@code SpdxFileCollector.generateChecksum(file, "SHA-1")}. * * @param file file to generate checksum for - * @param builder Builder for the SPDX document that will contain the checksum * @return SHA1 checksum of the input file * @throws SpdxCollectionException if the algorithm is unavailable or the file cannot be read - * @throws InvalidSPDXAnalysisException + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ public static Checksum generateSha1( File file ) throws SpdxCollectionException, InvalidSPDXAnalysisException { @@ -206,7 +197,7 @@ public static Checksum generateSha1( File file ) throws SpdxCollectionException, * @param algorithms algorithms to generate the checksums * @return {@code Set} of checksums for file using each algorithm specified * @throws SpdxCollectionException if the input algorithm is invalid or unavailable or if the file cannot be read - * @throws InvalidSPDXAnalysisException + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ public static Set generateChecksum( File file, Set algorithms ) throws SpdxCollectionException, InvalidSPDXAnalysisException { diff --git a/src/main/java/org/spdx/maven/utils/LicenseManagerException.java b/src/main/java/org/spdx/maven/utils/LicenseManagerException.java index 0e576ac..61957dc 100644 --- a/src/main/java/org/spdx/maven/utils/LicenseManagerException.java +++ b/src/main/java/org/spdx/maven/utils/LicenseManagerException.java @@ -29,28 +29,28 @@ public class LicenseManagerException extends Exception private static final long serialVersionUID = 1672757028355331818L; /** - * @param arg0 + * @param msg message */ - public LicenseManagerException( String arg0 ) + public LicenseManagerException( String msg ) { - super( arg0 ); + super( msg ); } /** - * @param arg0 + * @param inner inner exception */ - public LicenseManagerException( Throwable arg0 ) + public LicenseManagerException( Throwable inner ) { - super( arg0 ); + super( inner ); } /** - * @param arg0 - * @param arg1 + * @param msg message + * @param inner inner exception */ - public LicenseManagerException( String arg0, Throwable arg1 ) + public LicenseManagerException( String msg, Throwable inner ) { - super( arg0, arg1 ); + super( msg, inner ); } } diff --git a/src/main/java/org/spdx/maven/utils/LicenseMapperException.java b/src/main/java/org/spdx/maven/utils/LicenseMapperException.java index b6ee99c..2f4ba0e 100644 --- a/src/main/java/org/spdx/maven/utils/LicenseMapperException.java +++ b/src/main/java/org/spdx/maven/utils/LicenseMapperException.java @@ -37,7 +37,7 @@ public LicenseMapperException() } /** - * @param message + * @param message message */ public LicenseMapperException( String message ) { @@ -45,7 +45,7 @@ public LicenseMapperException( String message ) } /** - * @param cause + * @param cause inner exception */ public LicenseMapperException( Throwable cause ) { @@ -53,8 +53,8 @@ public LicenseMapperException( Throwable cause ) } /** - * @param message - * @param cause + * @param message message + * @param cause inner exception */ public LicenseMapperException( String message, Throwable cause ) { diff --git a/src/main/java/org/spdx/maven/utils/MavenToSpdxLicenseMapper.java b/src/main/java/org/spdx/maven/utils/MavenToSpdxLicenseMapper.java index 507c61a..dee3991 100644 --- a/src/main/java/org/spdx/maven/utils/MavenToSpdxLicenseMapper.java +++ b/src/main/java/org/spdx/maven/utils/MavenToSpdxLicenseMapper.java @@ -66,7 +66,7 @@ public class MavenToSpdxLicenseMapper private static final String LISTED_LICENSE_JSON_PATH = "resources/licenses.json"; static volatile MavenToSpdxLicenseMapper instance; - private static Object instanceMutex = new Object(); + private static final Object instanceMutex = new Object(); private Map urlStringToSpdxLicenseId; private MavenToSpdxLicenseMapper() throws LicenseMapperException @@ -94,6 +94,12 @@ private MavenToSpdxLicenseMapper() throws LicenseMapperException is = SpdxV2LicenseManager.class.getClassLoader().getResourceAsStream( LISTED_LICENSE_JSON_PATH ); } + if ( is == null ) + { + LOG.error( "Could not load the resource {}", LISTED_LICENSE_JSON_PATH); + throw new LicenseMapperException( "Unable to load the listed licenses file" ); + } + try (BufferedReader reader = new BufferedReader( new InputStreamReader( is, Charset.defaultCharset() ) )) { initializeUrlMap( reader ); @@ -134,7 +140,7 @@ public String urlToSpdxId( String url ) * Initialize the urlStringToSpdxLicense map with the SPDX listed licenses * * @param jsonReader Reader for the JSON input file containing the listed licenses - * @throws LicenseMapperException + * @throws LicenseMapperException on errors accessing the listed license or parsing errors */ private void initializeUrlMap( BufferedReader jsonReader ) throws LicenseMapperException { @@ -209,8 +215,8 @@ private void addManualMappings() * * @param licenseList list of licenses * @param spdxDoc SPDX document which will hold the licenses - * @return - * @throws InvalidSPDXAnalysisException + * @return SPDX license which matches the list of maven licenses + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ public AnyLicenseInfo mavenLicenseListToSpdxV2License( List licenseList, SpdxDocument spdxDoc ) throws InvalidSPDXAnalysisException { @@ -227,7 +233,7 @@ public AnyLicenseInfo mavenLicenseListToSpdxV2License( List licenseList spdxLicenses.add( listedLicense ); } } - if ( spdxLicenses.size() < 1 ) + if (spdxLicenses.isEmpty()) { return new SpdxNoAssertionLicense(); } @@ -237,8 +243,7 @@ else if ( spdxLicenses.size() == 1 ) } else { - AnyLicenseInfo conjunctiveLicense = spdxDoc.createConjunctiveLicenseSet( spdxLicenses ); - return conjunctiveLicense; + return spdxDoc.createConjunctiveLicenseSet( spdxLicenses ); } } @@ -274,10 +279,10 @@ private SpdxListedLicense mavenLicenseToSpdxV2ListedLicense( License license ) * SpdxNoAssertion is returned. If multiple licenses are supplied, a conjunctive license is returned containing all * mapped SPDX licenses. * - * @param licenseList list of licenses + * @param licenseList list of Maven licenses * @param spdxDoc SPDX document which will hold the licenses - * @return - * @throws InvalidSPDXAnalysisException + * @return SPDX version 3 license equivalent to the list of Maven licenses + * @throws InvalidSPDXAnalysisException On SPDX parsing errors */ public org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo mavenLicenseListToSpdxV3License( List licenseList, Element spdxDoc ) throws InvalidSPDXAnalysisException @@ -295,7 +300,7 @@ public org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo mavenLicense spdxLicenses.add( listedLicense ); } } - if ( spdxLicenses.size() < 1 ) + if (spdxLicenses.isEmpty()) { return new NoAssertionLicense(); } diff --git a/src/main/java/org/spdx/maven/utils/SpdxBuilderException.java b/src/main/java/org/spdx/maven/utils/SpdxBuilderException.java index f5ccf93..bf53eab 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxBuilderException.java +++ b/src/main/java/org/spdx/maven/utils/SpdxBuilderException.java @@ -31,7 +31,7 @@ public class SpdxBuilderException extends MojoExecutionException private static final long serialVersionUID = 1L; /** - * @param message + * @param message message */ public SpdxBuilderException( String message ) { @@ -39,8 +39,8 @@ public SpdxBuilderException( String message ) } /** - * @param message - * @param cause + * @param message message + * @param cause inner exception */ public SpdxBuilderException( String message, Throwable cause ) { diff --git a/src/main/java/org/spdx/maven/utils/SpdxCollectionException.java b/src/main/java/org/spdx/maven/utils/SpdxCollectionException.java index 1d5d8ca..cc78566 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxCollectionException.java +++ b/src/main/java/org/spdx/maven/utils/SpdxCollectionException.java @@ -37,7 +37,7 @@ public SpdxCollectionException() } /** - * @param message + * @param message message */ public SpdxCollectionException( String message ) { @@ -45,7 +45,7 @@ public SpdxCollectionException( String message ) } /** - * @param cause + * @param cause inner exception */ public SpdxCollectionException( Throwable cause ) { @@ -53,8 +53,8 @@ public SpdxCollectionException( Throwable cause ) } /** - * @param message - * @param cause + * @param message message + * @param cause inner exception */ public SpdxCollectionException( String message, Throwable cause ) { diff --git a/src/main/java/org/spdx/maven/utils/SpdxDefaultFileInformation.java b/src/main/java/org/spdx/maven/utils/SpdxDefaultFileInformation.java index 625380c..5fc5120 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxDefaultFileInformation.java +++ b/src/main/java/org/spdx/maven/utils/SpdxDefaultFileInformation.java @@ -139,17 +139,17 @@ public void setSnippets( List snippets ) */ public void logInfo() { - LOG.debug( "Default File Comment: " + getComment() ); - LOG.debug( "Default File Copyright: " + getCopyright() ); - LOG.debug( "Default File License Comment: " + getLicenseComment() ); - LOG.debug( "Default File Notice: " + getNotice() ); - LOG.debug( "Default File Concluded License: " + getConcludedLicense().toString() ); - LOG.debug( "Default File Declared License: " + getDeclaredLicense().toString() ); + LOG.debug("Default File Comment: {}", getComment()); + LOG.debug("Default File Copyright: {}", getCopyright()); + LOG.debug("Default File License Comment: {}", getLicenseComment()); + LOG.debug("Default File Notice: {}", getNotice()); + LOG.debug("Default File Concluded License: {}", getConcludedLicense()); + LOG.debug("Default File Declared License: {}", getDeclaredLicense()); if ( contributors != null ) { for ( String contributor : contributors ) { - LOG.debug( "Default File Contributors: " + contributor ); + LOG.debug("Default File Contributors: {}", contributor); } } if ( this.snippets != null ) diff --git a/src/main/java/org/spdx/maven/utils/SpdxProjectInformation.java b/src/main/java/org/spdx/maven/utils/SpdxProjectInformation.java index 6840f60..bbad242 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxProjectInformation.java +++ b/src/main/java/org/spdx/maven/utils/SpdxProjectInformation.java @@ -338,21 +338,21 @@ public void logInfo() if ( !LOG.isDebugEnabled() ) { return; } - LOG.debug( "SPDX Project Name: " + this.getName() ); - LOG.debug( "SPDX Document comment: " + this.getDocumentComment() ); - LOG.debug( "SPDX Creator comment: " + this.getCreatorComment() ); - LOG.debug( "SPDX Description: " + this.getDescription() ); - LOG.debug( "SPDX License comment: " + this.getLicenseComment() ); - LOG.debug( "SPDX Originator: " + this.getOriginator() ); - LOG.debug( "SPDX PackageArchiveFileName: " + this.getPackageArchiveFileName() ); - LOG.debug( "SPDX Short description: " + this.getShortDescription() ); - LOG.debug( "SPDX Supplier: " + this.getSupplier() ); - LOG.debug( "SPDX Source Info: " + this.getSourceInfo() ); - LOG.debug( "SPDX Version info: " + this.getVersionInfo() ); - LOG.debug( "SPDX Concluded license: " + this.getConcludedLicense().toString() ); - LOG.debug( "SPDX Declared license: " + this.getDeclaredLicense().toString() ); - LOG.debug( "SPDX Download URL: " + this.getDownloadUrl() ); - LOG.debug( "SPDX Home page: " + this.getHomePage() ); + LOG.debug("SPDX Project Name: {}", this.getName()); + LOG.debug("SPDX Document comment: {}", this.getDocumentComment()); + LOG.debug("SPDX Creator comment: {}", this.getCreatorComment()); + LOG.debug("SPDX Description: {}", this.getDescription()); + LOG.debug("SPDX License comment: {}", this.getLicenseComment()); + LOG.debug("SPDX Originator: {}", this.getOriginator()); + LOG.debug("SPDX PackageArchiveFileName: {}", this.getPackageArchiveFileName()); + LOG.debug("SPDX Short description: {}", this.getShortDescription()); + LOG.debug("SPDX Supplier: {}", this.getSupplier()); + LOG.debug("SPDX Source Info: {}", this.getSourceInfo()); + LOG.debug("SPDX Version info: {}", this.getVersionInfo()); + LOG.debug("SPDX Concluded license: {}", this.getConcludedLicense()); + LOG.debug("SPDX Declared license: {}", this.getDeclaredLicense()); + LOG.debug("SPDX Download URL: {}", this.getDownloadUrl()); + LOG.debug("SPDX Home page: {}", this.getHomePage()); if ( this.documentAnnotations != null && this.documentAnnotations.length > 0 ) { LOG.debug( "Document annotations: " ); @@ -373,22 +373,21 @@ public void logInfo() { for ( String creator : creators ) { - LOG.debug( "SPDX Creator: " + creator ); + LOG.debug("SPDX Creator: {}", creator); } } if ( this.externalRefs != null ) { for ( ExternalReference externalReference : externalRefs ) { - LOG.debug( String.format( "External Ref: %s %s %s", externalReference.getCategory(), - externalReference.getType(), externalReference.getLocator()) ); + LOG.debug("External Ref: {} {} {}", externalReference.getCategory(), externalReference.getType(), externalReference.getLocator()); } } - if ( checksums != null && checksums.size() > 0 ) + if ( checksums != null && !checksums.isEmpty()) { for ( Checksum checksum : checksums ) { - LOG.debug( "SPDX " + checksum.getAlgorithm() + ": " + checksum.getValue() ); + LOG.debug("SPDX {}: {}", checksum.getAlgorithm(), checksum.getValue()); } } } diff --git a/src/main/java/org/spdx/maven/utils/SpdxSourceFileParser.java b/src/main/java/org/spdx/maven/utils/SpdxSourceFileParser.java index 8462c46..1c376af 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxSourceFileParser.java +++ b/src/main/java/org/spdx/maven/utils/SpdxSourceFileParser.java @@ -67,7 +67,7 @@ public static List parseTextForSpdxLicenses( String text ) throws SpdxSo String matchingLine = match.group( 1 ).trim(); if ( matchingLine.startsWith( "(" ) ) { - // This could be a multi-line expression, so we need to parse until we get to the last ) + // This could be a multi-line expression, so we need to parse until we get to the last ")" int parenCount = 1; StringBuilder sb = new StringBuilder( "(" ); pos = match.start( 1 ) + 1; diff --git a/src/main/java/org/spdx/maven/utils/SpdxSourceParserException.java b/src/main/java/org/spdx/maven/utils/SpdxSourceParserException.java index 4a3e599..19bb83f 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxSourceParserException.java +++ b/src/main/java/org/spdx/maven/utils/SpdxSourceParserException.java @@ -18,39 +18,28 @@ public class SpdxSourceParserException extends Exception private static final long serialVersionUID = 1L; /** - * @param arg0 + * @param msg message */ - public SpdxSourceParserException( String arg0 ) + public SpdxSourceParserException( String msg ) { - super( arg0 ); + super( msg ); } /** - * @param arg0 + * @param cause inner exception */ - public SpdxSourceParserException( Throwable arg0 ) + public SpdxSourceParserException( Throwable cause ) { - super( arg0 ); + super( cause ); } /** - * @param arg0 - * @param arg1 + * @param msg message + * @param cause inner exception */ - public SpdxSourceParserException( String arg0, Throwable arg1 ) + public SpdxSourceParserException( String msg, Throwable cause ) { - super( arg0, arg1 ); - } - - /** - * @param arg0 - * @param arg1 - * @param arg2 - * @param arg3 - */ - public SpdxSourceParserException( String arg0, Throwable arg1, boolean arg2, boolean arg3 ) - { - super( arg0, arg1, arg2, arg3 ); + super( msg, cause ); } } diff --git a/src/main/java/org/spdx/maven/utils/SpdxV2DependencyBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxV2DependencyBuilder.java index 6129301..f8101b9 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV2DependencyBuilder.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV2DependencyBuilder.java @@ -97,15 +97,10 @@ protected static SpdxDocument spdxDocumentFromFile( String path ) throws FileNot } finally { - if ( modelStore != null ) { - try - { - modelStore.close(); - } - catch ( Exception e ) - { - LOG.error( "Error closing SPDX model store", e ); - } + try { + modelStore.close(); + } catch (Exception e) { + LOG.error("Error closing SPDX model store", e); } } } @@ -124,7 +119,7 @@ protected static SpdxPackage findMatchingDescribedPackage( SpdxDocument external for ( SpdxElement item : externalSpdxDoc.getDocumentDescribes() ) { Optional name = item.getName(); - if ( item instanceof SpdxPackage && name.isPresent() && item.getName().get().equals( artifactId ) ) + if ( item instanceof SpdxPackage && name.isPresent() && item.getName().orElse( "" ).equals( artifactId ) ) { itemDescribed = item; break; @@ -132,7 +127,7 @@ protected static SpdxPackage findMatchingDescribedPackage( SpdxDocument external } if ( itemDescribed == null ) { // Find the first package - LOG.warn( "Could not find matching artifact ID in SPDX file for "+artifactId+". Using the first package found in SPDX file." ); + LOG.warn("Could not find matching artifact ID in SPDX file for {}. Using the first package found in SPDX file.", artifactId); for ( SpdxElement item : externalSpdxDoc.getDocumentDescribes() ) { if ( item instanceof SpdxPackage ) @@ -151,10 +146,9 @@ protected static SpdxPackage findMatchingDescribedPackage( SpdxDocument external /** * Map of namespaces to ExternalDocumentRefs */ - private Map externalDocuments = new HashMap<>(); - private List documentAnnotations = new ArrayList<>(); - private SpdxDocument spdxDoc; - private SpdxV2LicenseManager licenseManager; + private final Map externalDocuments = new HashMap<>(); + private final SpdxDocument spdxDoc; + private final SpdxV2LicenseManager licenseManager; /** * @param builder The document builder @@ -180,8 +174,7 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode { if ( !(parentPackage instanceof SpdxPackage) ) { - LOG.error( String.format( "Invalid type for parent package. Expected 'SpdxPackage', found %s", - parentPackage.getClass().getName() ) ); + LOG.error("Invalid type for parent package. Expected 'SpdxPackage', found {}", parentPackage.getClass().getName()); return; } Artifact dependency = dependencyNode.getArtifact(); @@ -189,8 +182,7 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode RelationshipType relType = scopeToRelationshipType( scope, dependency.isOptional() ); if ( relType == RelationshipType.OTHER ) { - LOG.warn( - "Could not determine the SPDX relationship type for dependency artifact ID " + dependency.getArtifactId() + " scope " + scope ); + LOG.warn("Could not determine the SPDX relationship type for dependency artifact ID {} scope {}", dependency.getArtifactId(), scope); } SpdxElement dependencyPackage = createSpdxPackage( dependency, mavenProjectBuilder, session, @@ -202,13 +194,13 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode { ((SpdxPackage)parentPackage).addRelationship( spdxDoc.createRelationship( dependencyPackage, relType, "Relationship created based on Maven POM information" ) ); - LOG.debug( "Added relationship of type " + relType + " for " + dependencyPackage.getName() ); + LOG.debug("Added relationship of type {} for {}", relType, dependencyPackage.getName()); } else { ((SpdxPackage)parentPackage).addRelationship(spdxDoc.createRelationship( (SpdxPackage)parentPackage, RelationshipType.OTHER, "This relationship is the inverse of " + relType + " to an external document reference." ) ); - LOG.debug( "Could not create proper to relationships for external element " + dependencyPackage.getId() ); + LOG.debug("Could not create proper to relationships for external element {}", dependencyPackage.getId()); } } else @@ -225,9 +217,9 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode /** * Translate the scope to the SPDX relationship type * - * @param scope Maven Dependency Scope (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope) + * @param scope Maven Dependency Scope (see Maven dependency scope documentation) * @param optional True if this is an optional dependency - * @return SPDX Relationship type based on the scope + * @return SPDX Relationship type based on the scope */ private RelationshipType scopeToRelationshipType( String scope, boolean optional ) { @@ -259,7 +251,6 @@ else if ( scope.equals( "test" ) ) * @param project Maven project * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used * @return SPDX Package generated from the metadata in the Maven Project - * @throws IOException On errors reading Maven file information * @throws SpdxCollectionException On errors with SPDX collections * @throws NoSuchAlgorithmException if no checksum algorithm was found * @throws LicenseMapperException on errors mapping or creating SPDX custom licenses @@ -320,7 +311,7 @@ packageName, new SpdxNoAssertionLicense(), copyright, declaredLicense ) try { retval.setHomepage( project.getUrl() ); } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( "Invalid homepage for dependency " + project.getArtifactId() + ": " + project.getUrl() ); + LOG.warn("Invalid homepage for dependency {}: {}", project.getArtifactId(), project.getUrl()); } } return retval; @@ -342,14 +333,14 @@ private SpdxElement createSpdxPackage( Artifact artifact, ProjectBuilder mavenProjectBuilder, MavenSession session, MavenProject mavenProject, boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException { - LOG.debug( "Creating SPDX package for artifact " + artifact.getArtifactId() ); + LOG.debug("Creating SPDX package for artifact {}", artifact.getArtifactId()); if ( artifact.getFile() == null ) { LOG.debug( "Artifact file is null" ); } else { - LOG.debug( "Artifact file name = " + artifact.getFile().getName() ); + LOG.debug("Artifact file name = {}", artifact.getFile().getName()); } File spdxFile = null; if ( artifact.getFile() != null ) @@ -358,12 +349,10 @@ private SpdxElement createSpdxPackage( Artifact artifact, } if ( spdxFile != null && spdxFile.exists() ) { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Looking for SPDX file " + spdxFile.getAbsolutePath() ); + LOG.debug("Dependency {}Looking for SPDX file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath()); try { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Dependency information collected from SPDX file " + spdxFile.getAbsolutePath() ); + LOG.debug("Dependency {}Dependency information collected from SPDX file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath()); SpdxDocument externalSpdxDoc = spdxDocumentFromFile( spdxFile.getPath() ); if ( createExternalRefs ) @@ -373,34 +362,28 @@ private SpdxElement createSpdxPackage( Artifact artifact, } else { - return copyPackageInfoFromExternalDoc( externalSpdxDoc, artifact.getGroupId(), - artifact.getArtifactId(), artifact.getVersion() ); + return copyPackageInfoFromExternalDoc( externalSpdxDoc, artifact.getArtifactId() ); } } catch ( IOException e ) { - LOG.warn( - "IO error reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn("IO error reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage()); } catch ( SpdxInvalidIdException e ) { - LOG.warn( - "Invalid SPDX ID exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn("Invalid SPDX ID exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage()); } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( - "Invalid SPDX analysis exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn("Invalid SPDX analysis exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage()); } catch ( SpdxCollectionException e ) { - LOG.warn( - "Unable to create file checksum for external SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn("Unable to create file checksum for external SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage()); } catch ( Exception e ) { - LOG.warn( - "Unknown error processing SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn("Unknown error processing SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage()); } } try @@ -408,40 +391,34 @@ private SpdxElement createSpdxPackage( Artifact artifact, ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() ); request.setRemoteRepositories( mavenProject.getRemoteArtifactRepositories() ); for ( ArtifactRepository ar : request.getRemoteRepositories() ) { - LOG.debug( "request Remote repository ID: " + ar.getId() ); + LOG.debug("request Remote repository ID: {}", ar.getId()); } for ( ArtifactRepository ar : mavenProject.getRemoteArtifactRepositories() ) { - LOG.debug( "Project Remote repository ID: " + ar.getId() ); + LOG.debug("Project Remote repository ID: {}", ar.getId()); } ProjectBuildingResult build = mavenProjectBuilder.build( artifact, request ); MavenProject depProject = build.getProject(); - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Collecting information from project metadata for " + depProject.getArtifactId() ); + LOG.debug("Dependency {}Collecting information from project metadata for {}", artifact.getArtifactId(), depProject.getArtifactId()); return createSpdxPackage( depProject, useArtifactID ); } catch ( SpdxCollectionException e ) { - LOG.error( - "SPDX File Collection Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error("SPDX File Collection Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage()); } catch ( NoSuchAlgorithmException e ) { - LOG.error( - "Verification Code Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error("Verification Code Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage()); } catch ( ProjectBuildingException e ) { - LOG.error( - "Maven Project Build Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error("Maven Project Build Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage()); } - LOG.warn( - "Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ". A minimal SPDX package will be created." ); + LOG.warn("Error creating SPDX package for dependency artifact ID {}. A minimal SPDX package will be created.", artifact.getArtifactId()); // Create a minimal SPDX package from dependency // Name will be the artifact ID - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package" ); - SpdxPackage pkg = spdxDoc.createPackage( spdxDoc.getModelStore().getNextId( IdType.SpdxId ), - artifact.getArtifactId(), new SpdxNoAssertionLicense(), "NOASSERTION", + LOG.debug("Dependency {}Using only artifact information to create dependent package", artifact.getArtifactId()); + return spdxDoc.createPackage( spdxDoc.getModelStore().getNextId( IdType.SpdxId ), + artifact.getArtifactId(), new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxNoAssertionLicense() ) .setComment( "This package was created for a Maven dependency. No SPDX or license information could be found in the Maven POM file." ) .setVersionInfo( artifact.getBaseVersion() ) @@ -449,7 +426,6 @@ private SpdxElement createSpdxPackage( Artifact artifact, .setDownloadLocation( "NOASSERTION" ) .setExternalRefs( SpdxExternalRefBuilder.getDefaultExternalRefs( spdxDoc, generatePurls, mavenProject ) ) .build(); - return pkg; } /** @@ -461,8 +437,8 @@ private SpdxElement createSpdxPackage( Artifact artifact, * @param artifactId Artifact ID for the external artifact * @param version version for the external artifact * @return created SPDX element - * @throws SpdxCollectionException - * @throws InvalidSPDXAnalysisException + * @throws SpdxCollectionException on incompatible types for collections + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private SpdxElement createExternalSpdxPackageReference( SpdxDocument externalSpdxDoc, File spdxFile, @@ -480,7 +456,7 @@ private SpdxElement createExternalSpdxPackageReference( SpdxDocument externalSpd if ( externalRef == null ) { String externalRefDocId = SpdxConstantsCompatV2.EXTERNAL_DOC_REF_PRENUM + fixExternalRefId( fullArtifactId ); - LOG.debug( "Creating external document ref " + externalDocNamespace ); + LOG.debug("Creating external document ref {}", externalDocNamespace); org.spdx.maven.Checksum mavenChecksum = AbstractFileCollector.generateSha1( spdxFile ); Checksum cksum = spdxDoc.createChecksum( ChecksumAlgorithm.valueOf( mavenChecksum.getAlgorithm() ), mavenChecksum.getValue() ); @@ -491,9 +467,8 @@ private SpdxElement createExternalSpdxPackageReference( SpdxDocument externalSpd format.format( new Date() ), "External document ref '"+externalRefDocId+"' created for artifact "+fullArtifactId ); spdxDoc.getAnnotations().add( docRefAddedAnnotation ); - this.documentAnnotations.add( docRefAddedAnnotation ); this.externalDocuments.put( externalDocNamespace, externalRef ); - LOG.debug( "Created external document ref " + externalRefDocId ); + LOG.debug("Created external document ref {}", externalRefDocId); } SpdxPackage pkg = findMatchingDescribedPackage( externalSpdxDoc, artifactId ); return new ExternalSpdxElement( spdxDoc.getModelStore(), spdxDoc.getDocumentUri(), @@ -502,26 +477,23 @@ private SpdxElement createExternalSpdxPackageReference( SpdxDocument externalSpd /** * Copies the closest matching described package in the externalSpdxDoc to the returned element - * @param externalSpdxDoc - * @param groupId Group ID of the artifact + * @param externalSpdxDoc SPDX document to copy from * @param artifactId Artifact ID to search for - * @param version Version of the artifact * @return SPDX Package with values copied from the externalSpdxDoc - * @throws InvalidSPDXAnalysisException + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ - private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc, String groupId, - String artifactId, String version ) throws InvalidSPDXAnalysisException + private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc, String artifactId ) throws InvalidSPDXAnalysisException { SpdxPackage source = findMatchingDescribedPackage( externalSpdxDoc, artifactId ); Optional downloadLocation = source.getDownloadLocation(); Optional name = source.getName(); SpdxPackage dest = spdxDoc.createPackage( spdxDoc.getModelStore().getNextId( IdType.SpdxId ), - name.isPresent() ? name.get() : "NONE", source.getLicenseConcluded(), source.getCopyrightText(), + name.orElse("NONE"), source.getLicenseConcluded(), source.getCopyrightText(), source.getLicenseDeclared() ) .setFilesAnalyzed( false ) .setAnnotations( source.getAnnotations() ) .setChecksums( source.getChecksums() ) - .setDownloadLocation( downloadLocation.isPresent() ? downloadLocation.get() : "NOASSERTION" ) + .setDownloadLocation(downloadLocation.orElse("NOASSERTION")) .setExternalRefs( source.getExternalRefs() ) .build(); // We don't want to copy any of the properties which have other elements since it @@ -603,10 +575,9 @@ private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc * Convert a list of Maven licenses to an SPDX License * * @param mavenLicenses List of maven licenses to map - * @return - * @throws LicenseMapperException - * @throws InvalidSPDXAnalysisException - * @throws LicenseManagerException + * @return SPDX license equivalent to the list of Maven licenses + * @throws LicenseMapperException on errors accessing either the SPDX listed licenses or local extracted licenses + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private AnyLicenseInfo mavenLicensesToSpdxLicense( List mavenLicenses ) throws LicenseMapperException, InvalidSPDXAnalysisException { diff --git a/src/main/java/org/spdx/maven/utils/SpdxV2DocumentBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxV2DocumentBuilder.java index 2b754f1..3ddf6d8 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV2DocumentBuilder.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV2DocumentBuilder.java @@ -15,7 +15,6 @@ import java.util.Date; import java.util.HashMap; import java.util.List; -import java.util.Objects; import java.util.Set; import org.apache.maven.model.License; @@ -79,12 +78,9 @@ public class SpdxV2DocumentBuilder * @param generatePurls If true, generated Package URLs for all package references * @param spdxFile File to store the SPDX document results * @param spdxDocumentNamespace SPDX Document namespace - must be unique - * @param useStdLicenseSourceUrls if true, map any SPDX standard license source URL to license ID. Note: - * significant performance degradation - * @param outputFormatEnum + * @param outputFormatEnum output format to use for storing the SPDX file */ public SpdxV2DocumentBuilder( MavenProject mavenProject, boolean generatePurls, File spdxFile, URI spdxDocumentNamespace, - boolean useStdLicenseSourceUrls, OutputFormat outputFormatEnum ) throws SpdxBuilderException, LicenseMapperException { super( mavenProject, generatePurls, spdxFile, outputFormatEnum ); @@ -106,7 +102,7 @@ public SpdxV2DocumentBuilder( MavenProject mavenProject, boolean generatePurls, } // process the licenses - licenseManager = new SpdxV2LicenseManager( spdxDoc, useStdLicenseSourceUrls ); + licenseManager = new SpdxV2LicenseManager( spdxDoc); } /** @@ -155,7 +151,7 @@ private Collection toSpdxAnnotations( org.spdx.maven.Annotation[] an for ( org.spdx.maven.Annotation annotation: annotations ) { - AnnotationType annotationType = AnnotationType.OTHER; + @SuppressWarnings("UnusedAssignment") AnnotationType annotationType = AnnotationType.OTHER; try { annotationType = AnnotationType.valueOf( annotation.getAnnotationType() ); @@ -183,7 +179,7 @@ private Collection toSpdxAnnotations( org.spdx.maven.Annotation[] an * Fill in the creator information to the SPDX document * * @param projectInformation project level information including the creators - * @throws InvalidSPDXAnalysisException + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private void fillCreatorInfo( SpdxProjectInformation projectInformation ) throws InvalidSPDXAnalysisException { @@ -198,8 +194,7 @@ private void fillCreatorInfo( SpdxProjectInformation projectInformation ) throws } else { - LOG.warn( - "Invalid creator string ( " + verify + " ), " + parameterCreator + " will be skipped." ); + LOG.warn("Invalid creator string ( {} ), {} will be skipped.", verify, parameterCreator); } } SpdxCreatorInformation spdxCreator = spdxDoc.createCreationInfo( creators, format.format( new Date() ) ); @@ -223,7 +218,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation } else { - LOG.warn( "Invalid download location in POM file: " + projectInformation.getDownloadUrl() ); + LOG.warn("Invalid download location in POM file: {}", projectInformation.getDownloadUrl()); } if ( downloadUrl == null ) { @@ -232,7 +227,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation SpdxPackageVerificationCode nullPackageVerificationCode; try { - nullPackageVerificationCode = spdxDoc.createPackageVerificationCode( NULL_SHA1, new ArrayList() ); + nullPackageVerificationCode = spdxDoc.createPackageVerificationCode( NULL_SHA1, new ArrayList<>() ); } catch ( InvalidSPDXAnalysisException e ) { @@ -300,7 +295,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation } catch( InvalidSPDXAnalysisException ex ) { - LOG.warn( "Invalid URL in project POM file: "+projectInformation.getHomePage() ); + LOG.warn("Invalid URL in project POM file: {}", projectInformation.getHomePage()); } } @@ -347,14 +342,14 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation { for ( Checksum checksum : projectInformation.getChecksums() ) { - final ChecksumAlgorithm algorithm = ChecksumAlgorithm.valueOf( checksum.getAlgorithm() ); - if ( Objects.isNull( algorithm )) + try { - LOG.error( String.format( "Invalid checksum algorithm %s", checksum.getAlgorithm() ) ); + final ChecksumAlgorithm algorithm = ChecksumAlgorithm.valueOf( checksum.getAlgorithm() ); + pkg.getChecksums().add( spdxDoc.createChecksum( algorithm, checksum.getValue() )); } - else + catch ( IllegalArgumentException | NullPointerException e1 ) { - pkg.getChecksums().add( spdxDoc.createChecksum( algorithm, checksum.getValue() )); + LOG.error("Invalid checksum algorithm {}", checksum.getAlgorithm()); } } } @@ -366,7 +361,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation } // external references ExternalReference[] externalRefs = projectInformation.getExternalRefs(); - if ( externalRefs != null && externalRefs.length > 0 ) + if (externalRefs != null) { for ( ExternalReference externalRef : externalRefs ) { @@ -460,7 +455,7 @@ public void addNonStandardLicenses( NonStandardLicense[] nonStandardLicenses ) t public ExternalRef convertExternalRef( ExternalReference externalReference ) throws MojoExecutionException { - ReferenceCategory cat = null; + ReferenceCategory cat; try { cat = ReferenceCategory.valueOf( externalReference.getCategory().replaceAll( "-", "_" ) ); @@ -469,7 +464,7 @@ public ExternalRef convertExternalRef( ExternalReference externalReference ) thr { throw new MojoExecutionException("External reference category " + externalReference.getCategory() + " is not recognized as a valid, standard category." ); } - ReferenceType refType = null; + ReferenceType refType; try { refType = ListedReferenceTypes.getListedReferenceTypes().getListedReferenceTypeByName( externalReference.getType() ); diff --git a/src/main/java/org/spdx/maven/utils/SpdxV2FileCollector.java b/src/main/java/org/spdx/maven/utils/SpdxV2FileCollector.java index 030b67b..0bf5cbe 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV2FileCollector.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV2FileCollector.java @@ -40,6 +40,8 @@ import org.spdx.maven.SnippetInfo; import org.spdx.storage.IModelStore.IdType; +import javax.annotation.Nullable; + /** * Collects SPDX file information from directories in SPDX Spec version 2 format @@ -51,6 +53,7 @@ */ public class SpdxV2FileCollector extends AbstractFileCollector { + private static final String DEFAULT_SHA1_VALUE = "0000000000000000000000000000000000000000"; Set licensesFromFiles = new HashSet<>(); /** * Map of fileName, SPDXFile for all files in the SPDX document @@ -78,13 +81,14 @@ public SpdxV2FileCollector() * @param projectPackage Package to which the files belong * @param spdxDoc SPDX document which contains the extracted license infos that may be needed for license parsing * - * @throws SpdxCollectionException + * @throws SpdxCollectionException on incompatible types in an SPDX collection */ - public void collectFiles( List fileSets, String baseDir, - SpdxDefaultFileInformation defaultFileInformation, - Map pathSpecificInformation, - SpdxPackage projectPackage, RelationshipType relationshipType, - SpdxDocument spdxDoc, Set algorithms ) throws SpdxCollectionException + @SuppressWarnings("DuplicateExpressions") + public void collectFiles(List fileSets, String baseDir, + SpdxDefaultFileInformation defaultFileInformation, + Map pathSpecificInformation, + SpdxPackage projectPackage, RelationshipType relationshipType, + SpdxDocument spdxDoc, Set algorithms ) throws SpdxCollectionException { for ( FileSet fileSet : fileSets ) { @@ -118,13 +122,13 @@ public void collectFiles( List fileSets, String baseDir, /** * Find the most appropriate file information based on the lowest level match (closed to file) * - * @param filePath - * @param pathSpecificInformation - * @return + * @param filePath file path for possible file path specific information + * @param pathSpecificInformation information to be applied to the file path + * @return default SPDX parameters for a given file path or null if package level defaults are to be used */ - private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, Map pathSpecificInformation ) + private @Nullable SpdxDefaultFileInformation findDefaultFileInformation(String filePath, Map pathSpecificInformation ) { - LOG.debug( "Checking for file path " + filePath ); + LOG.debug("Checking for file path {}", filePath); SpdxDefaultFileInformation retval = pathSpecificInformation.get( filePath ); if ( retval != null ) { @@ -133,7 +137,7 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, } // see if any of the parent directories contain default information which should be used String parentPath = filePath; - int parentPathIndex = 0; + int parentPathIndex; do { parentPathIndex = parentPath.lastIndexOf( "/" ); @@ -145,7 +149,7 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, } while ( retval == null && parentPathIndex > 0 ); if ( retval != null ) { - LOG.debug( "Found directory containing file path for path specific information. File path: " + parentPath ); + LOG.debug("Found directory containing file path for path specific information. File path: {}", parentPath); } return retval; } @@ -153,13 +157,13 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, /** * Collect SPDX information for a specific file * - * @param file + * @param file File to collect SPDX information about * @param outputFileName Path to the output file name relative to the root of the output archive file * @param relationshipType Type of relationship to the project package * @param projectPackage Package to which the files belong * @param spdxDoc SPDX Document which will contain the files * @param algorithms algorithms to use to generate checksums - * @throws SpdxCollectionException + * @throws SpdxCollectionException on incompatible type errors in an SPDX collection */ private void collectFile( File file, String outputFileName, SpdxDefaultFileInformation fileInfo, RelationshipType relationshipType, SpdxPackage projectPackage, @@ -222,12 +226,12 @@ private void collectFile( File file, String outputFileName, SpdxDefaultFileInfor /** * Create an SpdxSnippet from the snippet information provided - * @param snippet - * @param spdxFile - * @param spdxDoc - * @return - * @throws SpdxBuilderException - * @throws InvalidSPDXAnalysisException + * @param snippet snippet to collect SPDX information about + * @param spdxFile SPDX file containing the snippet + * @param spdxDoc SPDX document containing the SPDX file + * @return SPDX Snippet based on the information collected + * @throws SpdxBuilderException on errors building the snippet + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private SpdxSnippet convertToSpdxSnippet( SnippetInfo snippet, SpdxFile spdxFile, SpdxDocument spdxDoc ) throws SpdxBuilderException, InvalidSPDXAnalysisException { @@ -251,13 +255,13 @@ private SpdxSnippet convertToSpdxSnippet( SnippetInfo snippet, SpdxFile spdxFile } /** - * @param file + * @param file File to be to convert to SPDX file metadata * @param outputFileName Path to the output file name relative to the root of the output archive file * @param defaultFileInformation Information on default SPDX field data for the files * @param algorithms algorithms to use to generate checksums * @param spdxDoc SPDX document which will contain the SPDX file - * @return - * @throws SpdxCollectionException + * @return SPDX file based on file and default file information + * @throws SpdxCollectionException on incompatible class types in an SPDX collection */ private SpdxFile convertToSpdxFile( File file, String outputFileName, SpdxDefaultFileInformation defaultFileInformation, @@ -276,7 +280,7 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, { throw new SpdxCollectionException( "Unable to generate checksum for file "+file.getName() ); } - AnyLicenseInfo concludedLicense = null; + AnyLicenseInfo concludedLicense; AnyLicenseInfo license = null; String licenseComment = defaultFileInformation.getLicenseComment(); if ( isSourceFile( fileTypes ) && file.length() < SpdxSourceFileParser.MAXIMUM_SOURCE_FILE_LENGTH ) @@ -290,7 +294,7 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, { LOG.error( "Error parsing for SPDX license ID's", ex ); } - if ( fileSpdxLicenses != null && fileSpdxLicenses.size() > 0 ) + if ( fileSpdxLicenses != null && !fileSpdxLicenses.isEmpty()) { // The file has declared licenses of the form SPDX-License-Identifier: licenseId try @@ -311,18 +315,21 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, } catch ( InvalidSPDXAnalysisException e ) { - LOG.error( "Invalid license expressions found in source file "+file.getName(), e ); + LOG.error("Invalid license expressions found in source file {}", file.getName(), e); } if ( licenseComment == null ) { licenseComment = ""; } - else if ( licenseComment.length() > 0 ) + else if ( !licenseComment.isEmpty() ) { licenseComment = licenseComment.concat( "; " ); } licenseComment = licenseComment.concat( "This file contains SPDX-License-Identifiers for " ); - licenseComment = licenseComment.concat( license.toString() ); + if ( license != null ) + { + licenseComment = licenseComment.concat( license.toString() ); + } } } if ( license == null ) @@ -353,30 +360,34 @@ else if ( licenseComment.length() > 0 ) contributors = new ArrayList<>(); } - SpdxFile retval = null; + SpdxFile retval; //TODO: Add annotation try { List seenLicenses = new ArrayList<>(); seenLicenses.add( license ); - Checksum sha1 = null; + String sha1Value = null; for ( Checksum checksum:checksums ) { if (ChecksumAlgorithm.SHA1.toString().equals( checksum.getAlgorithm() )) { - sha1 = checksum; + sha1Value = checksum.getValue(); break; } } + if ( sha1Value == null ) + { + LOG.error( "No SHA1 checksum was found for file {}", file.getName() ); + sha1Value = DEFAULT_SHA1_VALUE; + } retval = spdxDoc.createSpdxFile( spdxDoc.getModelStore().getNextId( IdType.SpdxId ), relativePath, concludedLicense, seenLicenses, copyright, - spdxDoc.createChecksum( ChecksumAlgorithm.SHA1, sha1.getValue() ) ) + spdxDoc.createChecksum( ChecksumAlgorithm.SHA1, sha1Value ) ) .setComment( comment ) .setLicenseComments( licenseComment ) .setFileTypes( fileTypes ) .setFileContributors( contributors ) .build(); - retval.setNoticeText( notice ); } @@ -430,10 +441,7 @@ public SpdxPackageVerificationCode getVerificationCode( String spdxFilePath, Spd if ( spdxFilePath != null && spdxFiles.containsKey( spdxFilePath ) ) { Optional excludedFileName = spdxFiles.get( spdxFilePath ).getName(); - if ( excludedFileName.isPresent() ) - { - excludedFileNamesFromVerificationCode.add( excludedFileName.get() ); - } + excludedFileName.ifPresent(excludedFileNamesFromVerificationCode::add); } SpdxPackageVerificationCode verificationCode; verificationCode = calculatePackageVerificationCode( spdxFiles.values(), @@ -447,9 +455,9 @@ public SpdxPackageVerificationCode getVerificationCode( String spdxFilePath, Spd * @param spdxFiles Files used to calculate the verification code * @param excludedFileNamesFromVerificationCode List of file names to exclude * @param spdxDoc SPDX document which will contain the Package Verification Code - * @return - * @throws NoSuchAlgorithmException - * @throws InvalidSPDXAnalysisException + * @return Generated SPDX Package Verification Code + * @throws NoSuchAlgorithmException in the unlikely event the encryption algorithm could not be found + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private SpdxPackageVerificationCode calculatePackageVerificationCode( Collection spdxFiles, List excludedFileNamesFromVerificationCode, @@ -459,7 +467,7 @@ private SpdxPackageVerificationCode calculatePackageVerificationCode( Collection for ( SpdxFile file : spdxFiles ) { Optional filename = file.getName(); - if ( filename.isPresent() && includeInVerificationCode( file.getName().get(), excludedFileNamesFromVerificationCode ) ) + if ( filename.isPresent() && includeInVerificationCode( filename.get(), excludedFileNamesFromVerificationCode ) ) { fileChecksums.add( file.getSha1() ); } diff --git a/src/main/java/org/spdx/maven/utils/SpdxV2LicenseManager.java b/src/main/java/org/spdx/maven/utils/SpdxV2LicenseManager.java index eccbd51..a80f3f8 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV2LicenseManager.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV2LicenseManager.java @@ -49,7 +49,7 @@ public class SpdxV2LicenseManager * SPDX document containing the license information collected. All extracted licenses are added to the SPDX * document */ - SpdxDocument spdxDoc = null; + SpdxDocument spdxDoc; /** * Maps URLs to SPDX license ID's. The SPDX licenses could be an SPDX listed license or an extracted license. @@ -66,11 +66,9 @@ public class SpdxV2LicenseManager * mapping uses the license URL to uniquely identify the licenses. * * @param spdxDoc SPDX document to add any extracted licenses - * @param useStdLicenseSourceUrls if true, map any SPDX listed license source URL to license ID. Note: significant - * performance degradation - * @throws LicenseMapperException + * @throws LicenseMapperException on errors accessing SPDX listed or local licenses */ - public SpdxV2LicenseManager( SpdxDocument spdxDoc, boolean useStdLicenseSourceUrls ) throws LicenseMapperException + public SpdxV2LicenseManager( SpdxDocument spdxDoc ) throws LicenseMapperException { this.spdxDoc = spdxDoc; initializeUrlMap(); @@ -79,7 +77,7 @@ public SpdxV2LicenseManager( SpdxDocument spdxDoc, boolean useStdLicenseSourceUr /** * Initialize the URL map from the SPDX listed licenses * - * @throws LicenseMapperException + * @throws LicenseMapperException on errors accessing SPDX listed or local licenses */ private void initializeUrlMap() throws LicenseMapperException { @@ -90,8 +88,8 @@ private void initializeUrlMap() throws LicenseMapperException * Add a non-listed license to the SPDX document. Once added, the non-listed license can be referenced by the * license ID * - * @param license - * @throws LicenseManagerException + * @param license extracted license to add + * @throws LicenseManagerException on errors accessing SPDX listed or local licenses */ public void addExtractedLicense( NonStandardLicense license ) throws LicenseManagerException { @@ -129,11 +127,9 @@ public void addExtractedLicense( NonStandardLicense license ) throws LicenseMana if ( this.urlStringToSpdxLicenseId.containsKey( url ) ) { String oldLicenseId = urlStringToSpdxLicenseId.get( url ); - LOG.warn( - "Duplicate URL for SPDX extracted license. Replacing " + oldLicenseId + " with " - + license.getLicenseId() + " for " + url ); + LOG.warn("Duplicate URL for SPDX extracted license. Replacing {} with {} for {}", oldLicenseId, license.getLicenseId(), url); } - LOG.debug( "Adding URL mapping for non-standard license " + spdxLicense.getLicenseId() ); + LOG.debug("Adding URL mapping for non-standard license {}", spdxLicense.getLicenseId()); this.urlStringToSpdxLicenseId.put( url, spdxLicense.getLicenseId() ); } } @@ -146,8 +142,11 @@ public void addExtractedLicense( NonStandardLicense license ) throws LicenseMana * returned. if a single license is supplied, the mapped SPDX license is returned. If multiple licenses are * supplied, a conjunctive license is returned containing all mapped SPDX licenses. * - * @return - * @throws LicenseManagerException + * @return If no licenses are supplied, SpdxNoAssertion license is + * returned. if a single license is supplied, the mapped SPDX license is returned. + * If multiple licenses are supplied, a conjunctive license is returned containing + * all mapped SPDX licenses. + * @throws LicenseManagerException on errors accessing SPDX listed or local licenses */ public AnyLicenseInfo mavenLicenseListToSpdxLicense( List licenseList ) throws LicenseManagerException { @@ -161,7 +160,7 @@ public AnyLicenseInfo mavenLicenseListToSpdxLicense( List licenseList ) { spdxLicenses.add( mavenLicenseToSpdxLicense( license ) ); } - if ( spdxLicenses.size() < 1 ) + if (spdxLicenses.isEmpty()) { return new SpdxNoAssertionLicense(); } @@ -224,9 +223,9 @@ public AnyLicenseInfo mavenLicenseToSpdxLicense( License mavenLicense ) throws L /** * Create a Maven license from the SPDX license * - * @param spdxLicense - * @return - * @throws LicenseManagerException + * @param spdxLicense SPDX license to convert + * @return a Maven license from the SPDX license + * @throws LicenseManagerException on errors accessing SPDX listed or local licenses */ public License spdxLicenseToMavenLicense( AnyLicenseInfo spdxLicense ) throws LicenseManagerException { @@ -270,9 +269,8 @@ private License spdxStdLicenseToMavenLicense( SpdxListedLicense spdxLicense ) th } if ( spdxLicense.getSeeAlso().size() > 1 ) { - LOG.warn( - "SPDX license " + spdxLicense.getLicenseId() - + " contains multiple URLs. Only the first URL will be preserved in the Maven license created." ); + //noinspection LoggingSimilarMessage + LOG.warn("SPDX license {} contains multiple URLs. Only the first URL will be preserved in the Maven license created.", spdxLicense.getLicenseId()); } return retval; } catch ( InvalidSPDXAnalysisException e ) @@ -306,9 +304,8 @@ private License spdxNonStdLicenseToMavenLicense( ExtractedLicenseInfo spdxLicens } if ( spdxLicense.getSeeAlso().size() > 1 ) { - LOG.warn( - "SPDX license " + spdxLicense.getLicenseId() - + " contains multiple URLs. Only the first URL will be preserved in the Maven license created." ); + //noinspection LoggingSimilarMessage + LOG.warn("SPDX license {} contains multiple URLs. Only the first URL will be preserved in the Maven license created.", spdxLicense.getLicenseId()); } return retval; } diff --git a/src/main/java/org/spdx/maven/utils/SpdxV3DependencyBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxV3DependencyBuilder.java index a453597..cc8be18 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV3DependencyBuilder.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV3DependencyBuilder.java @@ -71,11 +71,12 @@ * @author Gary O'Neall * */ +@SuppressWarnings("LoggingSimilarMessage") public class SpdxV3DependencyBuilder extends AbstractDependencyBuilder { - private SpdxDocument spdxDoc; - private SpdxV3LicenseManager licenseManager; + private final SpdxDocument spdxDoc; + private final SpdxV3LicenseManager licenseManager; /** * @param builder The document builder @@ -101,8 +102,7 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode { if ( !(parentPackage instanceof SpdxPackage) ) { - LOG.error( String.format( "Invalid type for parent package. Expected 'SpdxPackage', found %s", - parentPackage.getClass().getName() ) ); + LOG.error("Invalid type for parent package. Expected 'SpdxPackage', found {}", parentPackage.getClass().getName()); return; } Artifact dependency = dependencyNode.getArtifact(); @@ -110,8 +110,7 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode RelationshipType relType = scopeToRelationshipType( scope, dependency.isOptional() ); if ( relType == RelationshipType.OTHER ) { - LOG.warn( - "Could not determine the SPDX relationship type for dependency artifact ID " + dependency.getArtifactId() + " scope " + scope ); + LOG.warn( "Could not determine the SPDX relationship type for dependency artifact ID {} scope {}", dependency.getArtifactId(), scope ); } Element dependencyPackage = createSpdxPackage( dependency, mavenProjectBuilder, session, @@ -125,7 +124,7 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode .setScope( scopeToLifecycleScope( scope ) ) .setComment( "Relationship created based on Maven POM information" ) .build(); - LOG.debug( "Added relationship of type " + relType + " for " + dependencyPackage.getName() ); + LOG.debug( "Added relationship of type {} for {}", relType, dependencyPackage.getName() ); if ( includeTransitiveDependencies ) { addMavenDependencies( mavenProjectBuilder, session, mavenProject, dependencyNode, dependencyPackage ); @@ -135,9 +134,9 @@ protected void addMavenDependency( CoreModelObject parentPackage, DependencyNode /** * Translate the scope to the SPDX relationship type * - * @param scope Maven Dependency Scope (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope) + * @param scope Maven Dependency Scope (see Maven dependency scope documentation) * @param optional True if this is an optional dependency - * @return SPDX Relationship type based on the scope + * @return SPDX Relationship type based on the scope */ private RelationshipType scopeToRelationshipType( String scope, boolean optional ) { @@ -188,7 +187,6 @@ else if ( scope.equals( "test" ) ) * @param project Maven project * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used * @return SPDX Package generated from the metadata in the Maven Project - * @throws IOException On errors reading Maven file information * @throws SpdxCollectionException On errors with SPDX collections * @throws NoSuchAlgorithmException if no checksum algorithm was found * @throws LicenseMapperException on errors mapping or creating SPDX custom licenses @@ -270,7 +268,7 @@ private SpdxPackage createSpdxPackage( MavenProject project, boolean useArtifact try { retval.setHomePage( project.getUrl() ); } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( "Invalid homepage for dependency " + project.getArtifactId() + ": " + project.getUrl() ); + LOG.warn( "Invalid homepage for dependency {}: {}", project.getArtifactId(), project.getUrl() ); } } return retval; @@ -292,14 +290,14 @@ private Element createSpdxPackage( Artifact artifact, ProjectBuilder mavenProjectBuilder, MavenSession session, MavenProject mavenProject, boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException { - LOG.debug( "Creating SPDX package for artifact " + artifact.getArtifactId() ); + LOG.debug( "Creating SPDX package for artifact {}", artifact.getArtifactId() ); if ( artifact.getFile() == null ) { LOG.debug( "Artifact file is null" ); } else { - LOG.debug( "Artifact file name = " + artifact.getFile().getName() ); + LOG.debug( "Artifact file name = {}", artifact.getFile().getName() ); } File spdxFile = null; if ( artifact.getFile() != null ) @@ -309,12 +307,10 @@ private Element createSpdxPackage( Artifact artifact, Element retval = null; if ( spdxFile != null && spdxFile.exists() ) { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Looking for SPDX file " + spdxFile.getAbsolutePath() ); + LOG.debug( "Dependency {}Looking for SPDX file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath() ); try { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Dependency information collected from SPDX spec version 3 file " + spdxFile.getAbsolutePath() ); + LOG.debug( "Dependency {}Dependency information collected from SPDX spec version 3 file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath() ); SpdxDocument externalSpdxDoc = spdxDocumentFromFile( spdxFile.getPath() ); if ( createExternalRefs ) @@ -324,34 +320,28 @@ private Element createSpdxPackage( Artifact artifact, } else { - retval = copyPackageInfoFromExternalDoc( externalSpdxDoc, artifact.getGroupId(), - artifact.getArtifactId(), artifact.getVersion() ); + retval = copyPackageInfoFromExternalDoc( externalSpdxDoc, artifact.getArtifactId() ); } } catch ( IOException e ) { - LOG.warn( - "IO error reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "IO error reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( SpdxInvalidIdException e ) { - LOG.warn( - "Invalid SPDX ID exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Invalid SPDX ID exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( - "Invalid SPDX analysis exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Invalid SPDX analysis exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( SpdxCollectionException e ) { - LOG.warn( - "Unable to create file checksum for external SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Unable to create file checksum for external SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( Exception e ) { - LOG.warn( - "Unknown error processing SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Unknown error processing SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } } if ( retval != null ) @@ -362,35 +352,28 @@ private Element createSpdxPackage( Artifact artifact, spdxFile = artifactFileToSpdxFile( artifact.getFile(), SpdxMajorVersion.VERSION_2 ); if ( spdxFile != null && spdxFile.exists() ) { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Looking for SPDX spec version 2 file " + spdxFile.getAbsolutePath() ); + LOG.debug( "Dependency {}Looking for SPDX spec version 2 file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath() ); try { - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Dependency information collected from SPDX spec version 2 file " + spdxFile.getAbsolutePath() ); + LOG.debug( "Dependency {}Dependency information collected from SPDX spec version 2 file {}", artifact.getArtifactId(), spdxFile.getAbsolutePath() ); - retval = copyPackageInfoFromV2File( spdxFile.getPath(), artifact.getGroupId(), - artifact.getArtifactId(), artifact.getVersion() ); + retval = copyPackageInfoFromV2File( spdxFile.getPath(), artifact.getArtifactId() ); } catch ( IOException e ) { - LOG.warn( - "IO error reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "IO error reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( SpdxInvalidIdException e ) { - LOG.warn( - "Invalid SPDX ID exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Invalid SPDX ID exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( - "Invalid SPDX analysis exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Invalid SPDX analysis exception reading SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } catch ( Exception e ) { - LOG.warn( - "Unknown error processing SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ". Using POM file information for creating SPDX package data." ); + LOG.warn( "Unknown error processing SPDX document for dependency artifact ID {}:{}. Using POM file information for creating SPDX package data.", artifact.getArtifactId(), e.getMessage() ); } } if ( retval != null ) @@ -402,42 +385,36 @@ private Element createSpdxPackage( Artifact artifact, ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() ); request.setRemoteRepositories( mavenProject.getRemoteArtifactRepositories() ); for ( ArtifactRepository ar : request.getRemoteRepositories() ) { - LOG.debug( "request Remote repository ID: " + ar.getId() ); + LOG.debug( "request Remote repository ID: {}", ar.getId() ); } for ( ArtifactRepository ar : mavenProject.getRemoteArtifactRepositories() ) { - LOG.debug( "Project Remote repository ID: " + ar.getId() ); + LOG.debug( "Project Remote repository ID: {}", ar.getId() ); } ProjectBuildingResult build = mavenProjectBuilder.build( artifact, request ); MavenProject depProject = build.getProject(); - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Collecting information from project metadata for " + depProject.getArtifactId() ); + LOG.debug( "Dependency {}Collecting information from project metadata for {}", artifact.getArtifactId(), depProject.getArtifactId() ); retval = createSpdxPackage( depProject, useArtifactID ); } catch ( SpdxCollectionException e ) { - LOG.error( - "SPDX File Collection Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error( "SPDX File Collection Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage() ); } catch ( NoSuchAlgorithmException e ) { - LOG.error( - "Verification Code Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error( "Verification Code Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage() ); } catch ( ProjectBuildingException e ) { - LOG.error( - "Maven Project Build Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() ); + LOG.error( "Maven Project Build Error creating SPDX package for dependency artifact ID {}:{}", artifact.getArtifactId(), e.getMessage() ); } if ( retval != null ) { return retval; } - LOG.warn( - "Error creating SPDX package for dependency artifact ID " + artifact.getArtifactId() + ". A minimal SPDX package will be created." ); + LOG.warn( "Error creating SPDX package for dependency artifact ID {}. A minimal SPDX package will be created.", artifact.getArtifactId() ); // Create a minimal SPDX package from dependency // Name will be the artifact ID - LOG.debug( - "Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package" ); + LOG.debug( "Dependency {}Using only artifact information to create dependent package", artifact.getArtifactId() ); SpdxPackage pkg = spdxDoc.createSpdxPackage( spdxDoc.getIdPrefix() + spdxDoc.getModelStore().getNextId( IdType.SpdxId ) ) .setName( artifact.getArtifactId() ) .setComment( "This package was created for a Maven dependency. No SPDX or license information could be found in the Maven POM file." ) @@ -463,16 +440,14 @@ private Element createSpdxPackage( Artifact artifact, /** * Creates a copy from an SPDX version 2 file - * @param path - * @param groupId - * @param artifactId - * @param version - * @return - * @throws InvalidSPDXAnalysisException - * @throws IOException - * @throws FileNotFoundException + * @param path Path to the SPDX spec version 2 file + * @param artifactId Maven artifact ID for the file + * @return SPDX V3 compliant element for the SPDX package represented by the arttifactId in the SPDX file + * @throws InvalidSPDXAnalysisException on SPDX parsing errors + * @throws IOException on errors reading from the SPDX V2 document file + * @throws FileNotFoundException on the SPDX V2 document file not being found */ - private Element copyPackageInfoFromV2File( String path, String groupId, String artifactId, String version ) throws FileNotFoundException, IOException, InvalidSPDXAnalysisException + private Element copyPackageInfoFromV2File( String path, String artifactId ) throws FileNotFoundException, IOException, InvalidSPDXAnalysisException { org.spdx.library.model.v2.SpdxDocument v2Doc = SpdxV2DependencyBuilder.spdxDocumentFromFile( path ); org.spdx.library.model.v2.SpdxPackage source = SpdxV2DependencyBuilder.findMatchingDescribedPackage( v2Doc, artifactId ); @@ -481,9 +456,9 @@ private Element copyPackageInfoFromV2File( String path, String groupId, String a Optional name = source.getName(); SpdxPackage dest = spdxDoc.createSpdxPackage( spdxDoc.getIdPrefix() + spdxDoc.getModelStore().getNextId( IdType.SpdxId ) ) - .setName( name.isPresent() ? name.get() : "NONE" ) + .setName(name.orElse("NONE")) .setCopyrightText( source.getCopyrightText() != null ? source.getCopyrightText() : "NOASSERTION" ) - .setDownloadLocation( downloadLocation.isPresent() ? downloadLocation.get() : "NOASSERTION" ) + .setDownloadLocation(downloadLocation.orElse("NOASSERTION")) .build(); Optional pvc = source.getPackageVerificationCode(); @@ -516,10 +491,12 @@ private Element copyPackageInfoFromV2File( String path, String groupId, String a .setCreationInfo( creationInfo ) .build(); } - Optional licenseListVersion = v2Doc.getCreationInfo().getLicenseListVersion(); + org.spdx.library.model.v2.license.AnyLicenseInfo v2Declared = source.getLicenseDeclared(); LicenseExpression declaredLicense = dest.createLicenseExpression( dest.getIdPrefix() + dest.getModelStore().getNextId( IdType.SpdxId ) ) - .setLicenseExpression( source.getLicenseDeclared().toString() ) + .setLicenseExpression( v2Declared == null ? "NOASSERTION" : v2Declared.toString() ) .build(); + Optional licenseListVersion = v2Doc.getCreationInfo() == null ? Optional.empty() : + v2Doc.getCreationInfo().getLicenseListVersion(); if ( licenseListVersion.isPresent() ) { declaredLicense.setLicenseListVersion( licenseListVersion.get() ); @@ -562,7 +539,7 @@ private Element copyPackageInfoFromV2File( String path, String groupId, String a } } - else if ( licenseComments.isEmpty() ) + else if ( licenseComments.isPresent() ) { dest.setComment( "License Comments: " + licenseComments.get() ); } @@ -579,7 +556,10 @@ else if ( licenseComments.isEmpty() ) Optional originator = source.getOriginator(); if ( originator.isPresent() ) { - dest.getOriginatedBys().add( Spdx2to3Converter.stringToAgent( originator.get(), dest.getCreationInfo() ) ); + // we know the creationInfo is not null since it is copied from the SPDX package when initially created + //noinspection DataFlowIssue + dest.getOriginatedBys().add( Spdx2to3Converter.stringToAgent( originator.get(), + dest.getCreationInfo() ) ); } Optional pkgFileName = source.getPackageFileName(); if ( pkgFileName.isPresent() ) @@ -623,6 +603,8 @@ else if ( licenseComments.isEmpty() ) } Optional supplier = source.getSupplier(); if ( supplier.isPresent() ) { + // we know the creationInfo is not null since it is copied from the SPDX package when initially created + //noinspection DataFlowIssue dest.setSuppliedBy( Spdx2to3Converter.stringToAgent( supplier.get(), dest.getCreationInfo() ) ); } Optional validUntil = source.getValidUntilDate(); @@ -741,7 +723,7 @@ private SpdxDocument spdxDocumentFromFile( String path ) throws FileNotFoundExce try ( InputStream inputStream = new FileInputStream( path ) ) { CoreModelObject root = modelStore.deSerialize( inputStream, false ); - if ( root instanceof SpdxDocument ) + if ( root != null ) { root.setCopyManager( spdxDoc.getCopyManager() ); return (SpdxDocument)root; @@ -754,15 +736,10 @@ private SpdxDocument spdxDocumentFromFile( String path ) throws FileNotFoundExce } finally { - if ( modelStore != null ) { - try - { - modelStore.close(); - } - catch ( Exception e ) - { - LOG.error( "Error closing SPDX model store", e ); - } + try { + modelStore.close(); + } catch (Exception e) { + LOG.error("Error closing SPDX model store", e); } } } @@ -770,23 +747,20 @@ private SpdxDocument spdxDocumentFromFile( String path ) throws FileNotFoundExce /** * Copies the closest matching described package in the externalSpdxDoc to the returned element * @param externalSpdxDoc SPDX document containing the described package - * @param groupId Group ID of the artifact * @param artifactId Artifact ID to search for - * @param version Version of the artifact * @return SPDX Package with values copied from the externalSpdxDoc * @throws InvalidSPDXAnalysisException on errors copying from the external document */ - private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc, String groupId, - String artifactId, String version ) throws InvalidSPDXAnalysisException + private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc, String artifactId ) throws InvalidSPDXAnalysisException { SpdxPackage source = findMatchingDescribedPackage( externalSpdxDoc, artifactId ); Optional downloadLocation = source.getDownloadLocation(); Optional name = source.getName(); SpdxPackage dest = spdxDoc.createSpdxPackage( spdxDoc.getIdPrefix() + spdxDoc.getModelStore().getNextId( IdType.SpdxId ) ) - .setName( name.isPresent() ? name.get() : "NONE" ) + .setName(name.orElse("NONE")) .setCopyrightText( source.getCopyrightText().orElse( "NOASSERTION" ) ) .addAllVerifiedUsing( source.getVerifiedUsings() ) - .setDownloadLocation( downloadLocation.isPresent() ? downloadLocation.get() : "NOASSERTION" ) + .setDownloadLocation(downloadLocation.orElse("NOASSERTION")) .addAllExternalIdentifier( source.getExternalIdentifiers() ) .addAllExternalRef( source.getExternalRefs() ) .addAllOriginatedBy( source.getOriginatedBys() ) @@ -802,7 +776,7 @@ private SpdxPackage copyPackageInfoFromExternalDoc( SpdxDocument externalSpdxDoc } catch ( InvalidSPDXAnalysisException e ) { - LOG.error( String.format( "Error copying relationships from SPDX file for artifact %s", artifactId ), e ); + LOG.error( "Error copying relationships from SPDX file for artifact {}", artifactId, e ); return false; } } ) @@ -921,7 +895,7 @@ else if ( root instanceof Sbom ) // If we got here, we didn't find the package in the SPDX document root or the SBOMs at the root of the SPDX document if ( firstFoundPackage != null ) { - LOG.warn( "Could not find matching artifact ID in SPDX file for "+artifactId+". Using the first package found in SPDX file." ); + LOG.warn( "Could not find matching artifact ID in SPDX file for {}. Using the first package found in SPDX file.", artifactId ); return firstFoundPackage; } if ( firstFoundSbom != null ) @@ -930,7 +904,7 @@ else if ( root instanceof Sbom ) { if ( sRoot instanceof SpdxPackage ) { - LOG.warn( "Could not find matching artifact ID in SPDX file for "+artifactId+". Using the first package found in Sbom." ); + LOG.warn( "Could not find matching artifact ID in SPDX file for {}. Using the first package found in Sbom.", artifactId ); return (SpdxPackage)sRoot; } } @@ -942,10 +916,9 @@ else if ( root instanceof Sbom ) * Convert a list of Maven licenses to an SPDX License * * @param mavenLicenses List of maven licenses to map - * @return - * @throws LicenseMapperException - * @throws InvalidSPDXAnalysisException - * @throws LicenseManagerException + * @return SPDX license represented by the maven license + * @throws LicenseMapperException thrown if no SPDX listed or extracted license exists with the same URL + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private AnyLicenseInfo mavenLicensesToSpdxLicense( List mavenLicenses ) throws LicenseMapperException, InvalidSPDXAnalysisException { diff --git a/src/main/java/org/spdx/maven/utils/SpdxV3DocumentBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxV3DocumentBuilder.java index 0475b81..47f471e 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV3DocumentBuilder.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV3DocumentBuilder.java @@ -55,6 +55,8 @@ import org.spdx.storage.simple.InMemSpdxStore; import org.spdx.v3jsonldstore.JsonLDStore; +import static java.util.Objects.requireNonNull; + /** * Builder for SPDX Spec version 3 SBOMs * @@ -80,13 +82,10 @@ public class SpdxV3DocumentBuilder * @param mavenProject Maven project * @param generatePurls If true, generated Package URLs for all package references * @param spdxFile File to store the SPDX document results - * @param namespaceUri Namspace prefix for generated SPDX URIs document - must be unique - * @param useStdLicenseSourceUrls if true, map any SPDX standard license source URL to license ID. Note: - * significant performance degradation - * @param outputFormatEnum + * @param namespaceUri Namespace prefix for generated SPDX URIs document - must be unique + * @param outputFormatEnum format for the SPDX document */ public SpdxV3DocumentBuilder( MavenProject mavenProject, boolean generatePurls, File spdxFile, URI namespaceUri, - boolean useStdLicenseSourceUrls, OutputFormat outputFormatEnum ) throws SpdxBuilderException, LicenseMapperException { super( mavenProject, generatePurls, spdxFile, outputFormatEnum ); @@ -115,7 +114,7 @@ public SpdxV3DocumentBuilder( MavenProject mavenProject, boolean generatePurls, } // process the licenses - licenseManager = new SpdxV3LicenseManager( spdxDoc, useStdLicenseSourceUrls ); + licenseManager = new SpdxV3LicenseManager( spdxDoc ); // TODO: if we want to support external custom licenses, we will need to add dictionary entries // to the customIdToUri } @@ -170,7 +169,7 @@ private void addSpdxAnnotations( org.spdx.maven.Annotation[] annotations, Elemen for ( org.spdx.maven.Annotation annotation: annotations ) { - AnnotationType annotationType = AnnotationType.OTHER; + AnnotationType annotationType; try { annotationType = Spdx2to3Converter.ANNOTATION_TYPE_MAP.get( @@ -209,11 +208,12 @@ private void addSpdxAnnotations( org.spdx.maven.Annotation[] annotations, Elemen * Fill in the creator information to the SPDX document * * @param projectInformation project level information including the creators - * @throws InvalidSPDXAnalysisException + * @throws InvalidSPDXAnalysisException on SPDX parsing errors */ private void fillCreatorInfo( SpdxProjectInformation projectInformation ) throws InvalidSPDXAnalysisException { CreationInfo creationInfo = spdxDoc.getCreationInfo(); + requireNonNull( creationInfo, "CreationInfo for the SPDX document must not be null" ); String[] parameterCreators = projectInformation.getCreators(); for ( String parameterCreator : parameterCreators ) { @@ -233,8 +233,7 @@ private void fillCreatorInfo( SpdxProjectInformation projectInformation ) throws } catch (InvalidSPDXAnalysisException e) { - LOG.warn( - "Invalid creator string, " + parameterCreator + " will be skipped." ); + LOG.warn( "Invalid creator string, {} will be skipped.", parameterCreator ); } } @@ -336,7 +335,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation final HashAlgorithm algorithm = Spdx2to3Converter.HASH_ALGORITH_MAP.get( ChecksumAlgorithm.valueOf( checksum.getAlgorithm() ) ); if ( Objects.isNull( algorithm )) { - LOG.error( String.format( "Invalid checksum algorithm %s", checksum.getAlgorithm() ) ); + LOG.error( "Invalid checksum algorithm {}", checksum.getAlgorithm() ); } else { @@ -370,7 +369,7 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation } catch( InvalidSPDXAnalysisException ex ) { - LOG.warn( "Invalid URL in project POM file: "+projectInformation.getHomePage() ); + LOG.warn( "Invalid URL in project POM file: {}", projectInformation.getHomePage() ); } } @@ -387,6 +386,8 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation // originator if ( projectInformation.getOriginator() != null ) { + // creationInfo can not be null due to the builder implementation in the SPDX core package + //noinspection DataFlowIssue pkg.getOriginatedBys().add( Spdx2to3Converter.stringToAgent( projectInformation.getOriginator(), pkg.getCreationInfo() ) ); } // short description @@ -397,6 +398,8 @@ private SpdxPackage createSpdxPackage( SpdxProjectInformation projectInformation // supplier if ( projectInformation.getSupplier() != null ) { + // creationInfo can not be null due to the builder implementation in the SPDX core package + //noinspection DataFlowIssue pkg.setSuppliedBy( Spdx2to3Converter.stringToAgent( projectInformation.getSupplier(), pkg.getCreationInfo() ) ); } // version info @@ -436,7 +439,7 @@ private void addExternalRefs( ExternalReference[] externalRefs, SoftwareArtifact } for ( ExternalReference externalRef : externalRefs ) { - ReferenceCategory cat = null; + ReferenceCategory cat; try { cat = ReferenceCategory.valueOf( externalRef.getCategory().replaceAll( "-", "_" ) ); @@ -445,7 +448,7 @@ private void addExternalRefs( ExternalReference[] externalRefs, SoftwareArtifact { throw new MojoExecutionException("External reference category " + externalRef.getCategory() + " is not recognized as a valid, standard category." ); } - ReferenceType refType = null; + ReferenceType refType; try { refType = ListedReferenceTypes.getListedReferenceTypes().getListedReferenceTypeByName( externalRef.getType() ); diff --git a/src/main/java/org/spdx/maven/utils/SpdxV3FileCollector.java b/src/main/java/org/spdx/maven/utils/SpdxV3FileCollector.java index faa3062..9b43024 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV3FileCollector.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV3FileCollector.java @@ -91,7 +91,7 @@ public class SpdxV3FileCollector extends AbstractFileCollector FileSetManager fileSetManager = new FileSetManager(); - private List customIdToUri; + private final List customIdToUri; /** * SpdxFileCollector collects SPDX file information for files @@ -114,7 +114,7 @@ public SpdxV3FileCollector( List customIdToUri) * @param projectPackage Package to which the files belong * @param spdxDoc SPDX document which contains the extracted license infos that may be needed for license parsing * - * @throws SpdxCollectionException + * @throws SpdxCollectionException on incompatible types in an SPDX collection */ public void collectFiles( List fileSets, String baseDir, SpdxDefaultFileInformation defaultFileInformation, @@ -154,13 +154,13 @@ public void collectFiles( List fileSets, String baseDir, /** * Find the most appropriate file information based on the lowest level match (closed to file) * - * @param filePath - * @param pathSpecificInformation - * @return + * @param filePath file path for possible file path specific information + * @param pathSpecificInformation information to be applied to the file path + * @return default SPDX parameters for a given file path or null if package level defaults are to be used */ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, Map pathSpecificInformation ) { - LOG.debug( "Checking for file path " + filePath ); + LOG.debug( "Checking for file path {}", filePath ); SpdxDefaultFileInformation retval = pathSpecificInformation.get( filePath ); if ( retval != null ) { @@ -169,7 +169,7 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, } // see if any of the parent directories contain default information which should be used String parentPath = filePath; - int parentPathIndex = 0; + int parentPathIndex; do { parentPathIndex = parentPath.lastIndexOf( "/" ); @@ -181,7 +181,7 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, } while ( retval == null && parentPathIndex > 0 ); if ( retval != null ) { - LOG.debug( "Found directory containing file path for path specific information. File path: " + parentPath ); + LOG.debug( "Found directory containing file path for path specific information. File path: {}", parentPath ); } return retval; } @@ -189,13 +189,13 @@ private SpdxDefaultFileInformation findDefaultFileInformation( String filePath, /** * Collect SPDX information for a specific file * - * @param file + * @param file File to collect SPDX information for * @param outputFileName Path to the output file name relative to the root of the output archive file * @param relationshipType Type of relationship to the project package * @param projectPackage Package to which the files belong * @param spdxDoc SPDX Document which will contain the files * @param algorithms algorithms to use to generate checksums - * @throws SpdxCollectionException + * @throws SpdxCollectionException on incompatible types in an SPDX collection */ private void collectFile( File file, String outputFileName, SpdxDefaultFileInformation fileInfo, RelationshipType relationshipType, SpdxPackage projectPackage, @@ -306,13 +306,13 @@ private Snippet convertToSpdxSnippet( SnippetInfo snippet, SpdxFile spdxFile ) t } /** - * @param file + * @param file File to convert to an SPDX file from * @param outputFileName Path to the output file name relative to the root of the output archive file * @param defaultFileInformation Information on default SPDX field data for the files * @param algorithms algorithms to use to generate checksums * @param spdxDoc SPDX document which will contain the SPDX file - * @return - * @throws SpdxCollectionException + * @return SPDX file based on file and default file information + * @throws SpdxCollectionException on incompatible class types in an SPDX collection */ private SpdxFile convertToSpdxFile( File file, String outputFileName, SpdxDefaultFileInformation defaultFileInformation, @@ -344,7 +344,7 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, { throw new SpdxCollectionException( "Unable to generate checksum for file "+file.getName() ); } - AnyLicenseInfo concludedLicense = null; + AnyLicenseInfo concludedLicense; AnyLicenseInfo license = null; String licenseComment = defaultFileInformation.getLicenseComment(); if ( SoftwarePurpose.SOURCE.equals( purpose ) && file.length() < SpdxSourceFileParser.MAXIMUM_SOURCE_FILE_LENGTH ) @@ -358,7 +358,7 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, { LOG.error( "Error parsing for SPDX license ID's", ex ); } - if ( fileSpdxLicenses != null && fileSpdxLicenses.size() > 0 ) + if ( fileSpdxLicenses != null && !fileSpdxLicenses.isEmpty() ) { // The file has declared licenses of the form SPDX-License-Identifier: licenseId try @@ -381,18 +381,21 @@ private SpdxFile convertToSpdxFile( File file, String outputFileName, } catch ( InvalidSPDXAnalysisException e ) { - LOG.error( "Invalid license expressions found in source file "+file.getName(), e ); + LOG.error( "Invalid license expressions found in source file {}", file.getName(), e ); } if ( licenseComment == null ) { licenseComment = ""; } - else if ( licenseComment.length() > 0 ) + else if ( !licenseComment.isEmpty() ) { licenseComment = licenseComment.concat( "; " ); } licenseComment = licenseComment.concat( "This file contains SPDX-License-Identifiers for " ); - licenseComment = licenseComment.concat( license.toString() ); + if ( license != null ) + { + licenseComment = licenseComment.concat( license.toString() ); + } } } if ( license == null ) @@ -439,7 +442,7 @@ else if ( licenseComment.length() > 0 ) } catch ( InvalidSPDXAnalysisException e ) { - LOG.warn( "Error creating contributor "+contributor+" for file "+file+". Skipping." ); + LOG.warn( "Error creating contributor {} for file {}. Skipping.", contributor, file ); } } } @@ -447,7 +450,7 @@ else if ( licenseComment.length() > 0 ) contributors = new ArrayList<>(); } - SpdxFile retval = null; + SpdxFile retval; //TODO: Add annotation try { diff --git a/src/main/java/org/spdx/maven/utils/SpdxV3LicenseManager.java b/src/main/java/org/spdx/maven/utils/SpdxV3LicenseManager.java index 870ad11..1356bb8 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxV3LicenseManager.java +++ b/src/main/java/org/spdx/maven/utils/SpdxV3LicenseManager.java @@ -51,7 +51,7 @@ public class SpdxV3LicenseManager * SPDX document containing the license information collected. All extracted licenses are added to the SPDX * document */ - SpdxDocument spdxDoc = null; + SpdxDocument spdxDoc; /** * Maps URLs to SPDX license ID's. The SPDX licenses could be an SPDX listed license or an extracted license. @@ -68,11 +68,9 @@ public class SpdxV3LicenseManager * mapping uses the license URL to uniquely identify the licenses. * * @param spdxDoc SPDX document to add any extracted licenses - * @param useStdLicenseSourceUrls if true, map any SPDX listed license source URL to license ID. Note: significant - * performance degradation - * @throws LicenseMapperException + * @throws LicenseMapperException on errors accessing SPDX listed or local licenses */ - public SpdxV3LicenseManager( SpdxDocument spdxDoc, boolean useStdLicenseSourceUrls ) throws LicenseMapperException + public SpdxV3LicenseManager( SpdxDocument spdxDoc ) throws LicenseMapperException { this.spdxDoc = spdxDoc; initializeUrlMap(); @@ -81,7 +79,7 @@ public SpdxV3LicenseManager( SpdxDocument spdxDoc, boolean useStdLicenseSourceUr /** * Initialize the URL map from the SPDX listed licenses * - * @throws LicenseMapperException + * @throws LicenseMapperException on errors accessing SPDX listed or local licenses */ private void initializeUrlMap() throws LicenseMapperException { @@ -92,8 +90,8 @@ private void initializeUrlMap() throws LicenseMapperException * Add a non-listed license to the SPDX document. Once added, the non-listed license can be referenced by the * license ID * - * @param license - * @throws LicenseManagerException + * @param license license to add to extracted license map + * @throws LicenseManagerException on errors accessing SPDX listed or local licenses */ public void addExtractedLicense( NonStandardLicense license ) throws LicenseManagerException { @@ -128,11 +126,9 @@ public void addExtractedLicense( NonStandardLicense license ) throws LicenseMana if ( this.urlStringToSpdxLicenseId.containsKey( url ) ) { String oldLicenseId = urlStringToSpdxLicenseId.get( url ); - LOG.warn( - "Duplicate URL for SPDX extracted license. Replacing " + oldLicenseId + " with " - + license.getLicenseId() + " for " + url ); + LOG.warn( "Duplicate URL for SPDX extracted license. Replacing {} with {} for {}", oldLicenseId, license.getLicenseId(), url ); } - LOG.debug( "Adding URL mapping for non-standard license " + license.getLicenseId() ); + LOG.debug( "Adding URL mapping for non-standard license {}", license.getLicenseId() ); this.urlStringToSpdxLicenseId.put( url, license.getLicenseId() ); } } @@ -145,8 +141,11 @@ public void addExtractedLicense( NonStandardLicense license ) throws LicenseMana * returned. if a single license is supplied, the mapped SPDX license is returned. If multiple licenses are * supplied, a conjunctive license is returned containing all mapped SPDX licenses. * - * @return - * @throws LicenseManagerException + * @return If no licenses are supplied, SpdxNoAssertion license is + * returned. if a single license is supplied, the mapped SPDX license is returned. + * If multiple licenses are supplied, a conjunctive license is returned containing + * all mapped SPDX licenses. + * @throws LicenseManagerException on errors accessing SPDX listed or local licenses */ public AnyLicenseInfo mavenLicenseListToSpdxLicense( List licenseList ) throws LicenseManagerException { @@ -221,9 +220,9 @@ public AnyLicenseInfo mavenLicenseToSpdxLicense( License mavenLicense ) throws L /** * Create a Maven license from the SPDX license * - * @param spdxLicense - * @return - * @throws LicenseManagerException + * @param spdxLicense source SPDX license to convert + * @return a Maven license from the SPDX license + * @throws LicenseManagerException thrown if no SPDX listed or extracted license exists with the same UR */ public License spdxLicenseToMavenLicense( AnyLicenseInfo spdxLicense ) throws LicenseManagerException { @@ -267,9 +266,7 @@ private License spdxStdLicenseToMavenLicense( ListedLicense spdxLicense ) throws } if ( spdxLicense.getSeeAlsos().size() > 1 ) { - LOG.warn( - "SPDX license " + SpdxListedLicenseModelStore.objectUriToLicenseOrExceptionId( spdxLicense.getObjectUri() ) - + " contains multiple URLs. Only the first URL will be preserved in the Maven license created." ); + LOG.warn( "SPDX license {} contains multiple URLs. Only the first URL will be preserved in the Maven license created.", SpdxListedLicenseModelStore.objectUriToLicenseOrExceptionId( spdxLicense.getObjectUri() ) ); } return retval; } catch ( InvalidSPDXAnalysisException e ) @@ -284,7 +281,8 @@ private License spdxNonStdLicenseToMavenLicense( CustomLicense spdxLicense ) thr { License retval = new License(); // license ID - String licenseId = spdxLicense.getObjectUri().substring( spdxLicense.getIdPrefix().length() ); + int prefixLen = spdxLicense.getIdPrefix() == null ? 0 : spdxLicense.getIdPrefix().length(); + String licenseId = spdxLicense.getObjectUri().substring( prefixLen ); // name if ( spdxLicense.getName().isPresent() && !spdxLicense.getName().get().isEmpty() ) { @@ -305,9 +303,7 @@ private License spdxNonStdLicenseToMavenLicense( CustomLicense spdxLicense ) thr } if ( spdxLicense.getSeeAlsos().size() > 1 ) { - LOG.warn( - "SPDX license " + licenseId - + " contains multiple URLs. Only the first URL will be preserved in the Maven license created." ); + LOG.warn( "SPDX license {} contains multiple URLs. Only the first URL will be preserved in the Maven license created.", licenseId ); } return retval; } diff --git a/src/test/java/org/spdx/maven/utils/TestSpdxV2LicenseManager.java b/src/test/java/org/spdx/maven/utils/TestSpdxV2LicenseManager.java index 1d822cc..57dd487 100644 --- a/src/test/java/org/spdx/maven/utils/TestSpdxV2LicenseManager.java +++ b/src/test/java/org/spdx/maven/utils/TestSpdxV2LicenseManager.java @@ -104,7 +104,7 @@ public void tearDown() throws Exception public void testLicenseManager() throws LicenseMapperException { @SuppressWarnings( "unused" ) - SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc, false ); + SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc); } /** @@ -118,7 +118,7 @@ public void testLicenseManager() throws LicenseMapperException @Test public void testAddNonStandardLicense() throws MalformedURLException, LicenseManagerException, InvalidSPDXAnalysisException, LicenseMapperException { - SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc, false ); + SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc); NonStandardLicense lic = new NonStandardLicense(); final String COMMENT = "comment"; final String[] CROSS_REF_STR = new String[] {"http://www.licenseRef1", "http://www.licenseref2"}; @@ -186,7 +186,7 @@ public void testMavenLicenseListToSpdxLicense() throws LicenseManagerException, licenseList.add( apache ); licenseList.add( apsl ); - SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc, true ); + SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc); AnyLicenseInfo result = licenseManager.mavenLicenseListToSpdxLicense( licenseList ); assertTrue( result instanceof ConjunctiveLicenseSet ); @@ -226,7 +226,7 @@ public void testMavenLicenseToSpdxLicense() throws LicenseManagerException, Malf License apache = new License(); apache.setName( LICENSE1_NAME ); apache.setUrl( APACHE_CROSS_REF_URL2 ); - SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc, true ); + SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc); AnyLicenseInfo result = licenseManager.mavenLicenseToSpdxLicense( apache ); assertTrue( result instanceof SpdxListedLicense ); @@ -271,7 +271,7 @@ public void testMavenLicenseToSpdxLicense() throws LicenseManagerException, Malf @Test public void testSpdxLicenseToMavenLicense() throws LicenseManagerException, LicenseMapperException, InvalidSPDXAnalysisException { - SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc, false ); + SpdxV2LicenseManager licenseManager = new SpdxV2LicenseManager( spdxDoc); // standard license AnyLicenseInfo licenseInfo = LicenseInfoFactory.parseSPDXLicenseStringCompatV2( APACHE_LICENSE_ID ); License result = licenseManager.spdxLicenseToMavenLicense( licenseInfo ); diff --git a/src/test/java/org/spdx/maven/utils/TestSpdxV3LicenseManager.java b/src/test/java/org/spdx/maven/utils/TestSpdxV3LicenseManager.java index 60da92f..8e45eda 100644 --- a/src/test/java/org/spdx/maven/utils/TestSpdxV3LicenseManager.java +++ b/src/test/java/org/spdx/maven/utils/TestSpdxV3LicenseManager.java @@ -108,7 +108,7 @@ public void tearDown() throws Exception public void testLicenseManager() throws LicenseMapperException { @SuppressWarnings( "unused" ) - SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc, false ); + SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc ); } /** @@ -123,7 +123,7 @@ public void testLicenseManager() throws LicenseMapperException @Test public void testAddNonStandardLicense() throws MalformedURLException, LicenseManagerException, InvalidSPDXAnalysisException, LicenseMapperException { - SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc, false ); + SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc ); NonStandardLicense lic = new NonStandardLicense(); final String COMMENT = "comment"; final String[] CROSS_REF_STR = new String[] {"http://www.licenseRef1", "http://www.licenseref2"}; @@ -197,7 +197,7 @@ public void testMavenLicenseListToSpdxLicense() throws LicenseManagerException, licenseList.add( apache ); licenseList.add( apsl ); - SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc, true ); + SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc ); AnyLicenseInfo result = licenseManager.mavenLicenseListToSpdxLicense( licenseList ); assertTrue( result instanceof ConjunctiveLicenseSet ); @@ -237,7 +237,7 @@ public void testMavenLicenseToSpdxLicense() throws LicenseManagerException, Malf License apache = new License(); apache.setName( LICENSE1_NAME ); apache.setUrl( APACHE_CROSS_REF_URL2 ); - SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc, true ); + SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc ); AnyLicenseInfo result = licenseManager.mavenLicenseToSpdxLicense( apache ); assertTrue( result instanceof ListedLicense ); @@ -282,7 +282,7 @@ public void testMavenLicenseToSpdxLicense() throws LicenseManagerException, Malf @Test public void testSpdxLicenseToMavenLicense() throws LicenseManagerException, LicenseMapperException, InvalidSPDXAnalysisException { - SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc, false ); + SpdxV3LicenseManager licenseManager = new SpdxV3LicenseManager( spdxDoc ); // standard license AnyLicenseInfo licenseInfo = LicenseInfoFactory.parseSPDXLicenseString( APACHE_LICENSE_ID ); License result = licenseManager.spdxLicenseToMavenLicense( licenseInfo );