Skip to content

Add more detail to package level compare information #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 13, 2022
Merged

Add more detail to package level compare information #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6b6dc4e
Fix package comparer documents
goneall Sep 12, 2022
6963b36
Merge branch 'master' into comparefixes
goneall Sep 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion src/main/java/org/spdx/utility/compare/SpdxComparer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ public class SpdxComparer {
private boolean dataLicenseEqual = true;
private boolean licenseListVersionEquals = true;
private boolean documentContentsEquals = true;
private boolean creatorCommentsEqual = true;
private boolean creationDatesEqual = true;

// Extracted Licensing Info results
/**
Expand Down Expand Up @@ -666,10 +668,12 @@ private void compareCreators() throws InvalidSPDXAnalysisException {
}
// compare creator comments
if (!stringsEqual(creatorInfoA.getComment(), creatorInfoB.getComment())) {
this.creatorCommentsEqual = false;
this.creatorInformationEquals = false;
}
// compare creation dates
if (!stringsEqual(creatorInfoA.getCreated(), creatorInfoB.getCreated())) {
this.creationDatesEqual = false;
this.creatorInformationEquals = false;
}
// compare license list versions
Expand Down Expand Up @@ -1556,14 +1560,34 @@ public List<SpdxLicenseDifference> getExtractedLicenseDifferences(int docIndexA,
}

/**
* @return
* @return true if all creation information fields equals
* @throws SpdxCompareException
*/
public boolean isCreatorInformationEqual() throws SpdxCompareException {
this.checkDocsField();
this.checkInProgress();
return this.creatorInformationEquals;
}

/**
* @return true all creator comments equal
* @throws SpdxCompareException
*/
public boolean isCreatorCommentsEqual() throws SpdxCompareException {
this.checkDocsField();
this.checkInProgress();
return this.creatorCommentsEqual;
}

/**
* @return true if all creation information fields equals
* @throws SpdxCompareException
*/
public boolean isCreatorDatesEqual() throws SpdxCompareException {
this.checkDocsField();
Copy link
Contributor

@sonatype-lift sonatype-lift bot Sep 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💬 5 similar findings have been found in this PR

THREAD_SAFETY_VIOLATION: Read/Write race. Non-private method SpdxComparer.isCreatorDatesEqual() indirectly reads without synchronization from this.spdxDocs. Potentially races with write in method SpdxComparer.compare(...).
Reporting because another access to the same memory occurs on a background thread, although this access may not.

🔎 Expand here to view all instances of this finding
File Path Line Number
src/main/java/org/spdx/utility/compare/SpdxComparer.java 1579
src/main/java/org/spdx/utility/compare/SpdxComparer.java 1588
src/main/java/org/spdx/utility/compare/SpdxComparer.java 1578
src/main/java/org/spdx/utility/compare/SpdxComparer.java 1577
src/main/java/org/spdx/utility/compare/SpdxComparer.java 1589

Visit the Lift Web Console to find more details in your report.

ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Copy link
Member Author

@goneall goneall Sep 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sonatype-lift ignoreall

Copy link
Contributor

@sonatype-lift sonatype-lift bot Sep 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ignoreall command is active on this PR, all the existing Lift issues are ignored.

this.checkInProgress();
return this.creationDatesEqual;
}

/**
* Returns any creators which are in the SPDX document 1 which are not in document 2
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/org/spdx/utility/compare/SpdxPackageComparer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,9 @@ public void addDocumentPackage(SpdxDocument spdxDocument,
}
}
if (pkg2 != null) {
if (!SpdxComparer.stringsEqual(spdxPackage.getVersionInfo(), pkg2.getVersionInfo())) {
Optional<String> v1 = spdxPackage.getVersionInfo();
Optional<String> v2 = pkg2.getVersionInfo();
if (!SpdxComparer.stringsEqual(v1, v2)) {
this.packageVersionsEquals = false;
this.differenceFound = true;
}
Expand Down