fosslight-util 2.0.0__tar.gz → 2.0.2__tar.gz

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_util
-Version: 2.0.0
+Version: 2.0.2
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/requirements.txt

@@ -8,9 +8,10 @@ coloredlogs
 python3-wget
 beautifulsoup4
 jsonmerge
-spdx-tools==0.7.0rc0
+spdx-tools>=0.8.2;sys_platform!="win32"
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
 numpy; python_version < '3.8'
 numpy>=1.22.2; python_version >= '3.8'
 npm
-requests
+requests
+GitPython

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/setup.py

@@ -14,7 +14,7 @@ with open('requirements.txt', 'r', 'utf-8') as f:
 if __name__ == "__main__":
     setup(
         name='fosslight_util',
-        version='2.0.0',
+        version='2.0.2',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Util',

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/src/fosslight_util/download.py

@@ -10,7 +10,7 @@ import zipfile
 import logging
 import argparse
 import shutil
-import pygit2 as git
+from git import Repo, GitCommandError
 import bz2
 import contextlib
 from datetime import datetime
@@ -230,14 +230,10 @@ def get_github_token(git_url):
 
 
 def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch=""):
-    ref_to_checkout = decide_checkout(checkout_to, tag, branch)
-    msg = ""
     oss_name = get_github_ossname(git_url)
-    oss_version = ""
-    github_token = get_github_token(git_url)
-    callbacks = None
-    if github_token != "":
-        callbacks = git.RemoteCallbacks(credentials=git.UserPass("foo", github_token))  # username is not used, so set to dummy
+    refs_to_checkout = decide_checkout(checkout_to, tag, branch)
+    clone_default_branch_flag = False
+    msg = ""
 
     try:
         if platform.system() != "Windows":
@@ -248,9 +244,26 @@ def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch=""):
             alarm.start()
 
         Path(target_dir).mkdir(parents=True, exist_ok=True)
-        repo = git.clone_repository(git_url, target_dir,
-                                    bare=False, repository=None,
-                                    remote=None, callbacks=callbacks)
+        if refs_to_checkout != "":
+            try:
+                # gitPython uses the branch argument the same whether you check out to a branch or a tag.
+                repo = Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
+            except GitCommandError as error:
+                error_msg = error.args[2].decode("utf-8")
+                if "Remote branch " + refs_to_checkout + " not found in upstream origin" in error_msg:
+                    # clone default branch, when non-existent branch or tag entered
+                    repo = Repo.clone_from(git_url, target_dir)
+                    clone_default_branch_flag = True
+        else:
+            repo = Repo.clone_from(git_url, target_dir)
+            clone_default_branch_flag = True
+
+        if refs_to_checkout != tag or clone_default_branch_flag:
+            oss_version = repo.active_branch.name
+        else:
+            oss_version = repo.git.describe('--tags')
+        logger.info(f"git checkout: {oss_version}")
+
         if platform.system() != "Windows":
             signal.alarm(0)
         else:
@@ -258,20 +271,8 @@ def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch=""):
     except Exception as error:
         logger.warning(f"git clone - failed: {error}")
         msg = str(error)
-        return False, msg, oss_name, oss_version
-    try:
-        if ref_to_checkout != "":
-            ref_list = [x for x in repo.references]
-            ref_to_checkout = get_ref_to_checkout(ref_to_checkout, ref_list)
-            logger.info(f"git checkout: {ref_to_checkout}")
-            repo.checkout(ref_to_checkout)
+        return False, msg, oss_name, refs_to_checkout
 
-            for prefix_ref in prefix_refs:
-                if ref_to_checkout.startswith(prefix_ref):
-                    oss_version = ref_to_checkout[len(prefix_ref):]
-
-    except Exception as error:
-        logger.warning(f"git checkout to {ref_to_checkout} - failed: {error}")
     return True, msg, oss_name, oss_version
 
 

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/src/fosslight_util/oss_item.py

@@ -10,6 +10,7 @@ from fosslight_util.cover import CoverItem
 from typing import List, Dict
 
 _logger = logging.getLogger(LOGGER_NAME)
+CHECKSUM_NULL = "0"
 
 
 class OssItem:
@@ -98,6 +99,7 @@ class FileItem:
         self._comment = ""
         self.is_binary = False
         self.oss_items: List[OssItem] = []
+        self.checksum = CHECKSUM_NULL
 
     def __del__(self):
         pass

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/src/fosslight_util/output_format.py

@@ -3,12 +3,16 @@
 # Copyright (c) 2021 LG Electronics Inc.
 # SPDX-License-Identifier: Apache-2.0
 import os
+import platform
 from fosslight_util.write_excel import write_result_to_excel, write_result_to_csv
 from fosslight_util.write_opossum import write_opossum
 from fosslight_util.write_yaml import write_yaml
+from fosslight_util.write_spdx import write_spdx
 from typing import Tuple
 
-SUPPORT_FORMAT = {'excel': '.xlsx', 'csv': '.csv', 'opossum': '.json', 'yaml': '.yaml'}
+SUPPORT_FORMAT = {'excel': '.xlsx', 'csv': '.csv', 'opossum': '.json', 'yaml': '.yaml',
+                  'spdx-yaml': '.yaml', 'spdx-json': '.json', 'spdx-xml': '.xml',
+                  'spdx-tag': '.tag'}
 
 
 def check_output_format(output='', format='', customized_format={}):
@@ -106,8 +110,62 @@ def check_output_formats(output='', formats=[], customized_format={}):
     return success, msg, output_path, output_files, output_extensions
 
 
+def check_output_formats_v2(output='', formats=[], customized_format={}):
+    success = True
+    msg = ''
+    output_path = ''
+    output_files = []
+    output_extensions = []
+
+    if customized_format:
+        support_format = customized_format
+    else:
+        support_format = SUPPORT_FORMAT
+
+    if formats:
+        # If -f option exist
+        formats = [format.lower() for format in formats]
+        for format in formats:
+            if format not in list(support_format.keys()):
+                success = False
+                msg = 'Enter the supported format with -f option: ' + ', '.join(list(support_format.keys()))
+            else:
+                output_extensions.append(support_format[format])
+
+    if success:
+        if output != '':
+            basename_extension = ''
+            if not os.path.isdir(output):
+                output_path = os.path.dirname(output)
+
+                basename = os.path.basename(output)
+                basename_file, basename_extension = os.path.splitext(basename)
+            if basename_extension:
+                if formats:
+                    if basename_extension not in output_extensions:
+                        success = False
+                        msg = f"The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
+                else:
+                    if basename_extension not in support_format.values():
+                        success = False
+                        msg = 'Enter the supported file extension: ' + ', '.join(list(support_format.values()))
+                    output_extensions.append(basename_extension)
+                output_files = [basename_file for _ in range(len(output_extensions))]
+            else:
+                output_path = output
+    if not output_extensions:
+        output_extensions = ['.xlsx']
+    if not formats:
+        for ext in output_extensions:
+            for key, value in support_format.items():
+                if value == ext:
+                    formats.append(key)
+                    break
+    return success, msg, output_path, output_files, output_extensions, formats
+
+
 def write_output_file(output_file_without_ext: str, file_extension: str, scan_item, extended_header: dict = {},
-                      hide_header: dict = {}) -> Tuple[bool, str, str]:
+                      hide_header: dict = {}, format: str = '', spdx_version: str = '2.3') -> Tuple[bool, str, str]:
     success = True
     msg = ''
 
@@ -115,16 +173,32 @@ def write_output_file(output_file_without_ext: str, file_extension: str, scan_it
         file_extension = '.xlsx'
     result_file = output_file_without_ext + file_extension
 
-    if file_extension == '.xlsx':
-        success, msg = write_result_to_excel(result_file, scan_item, extended_header, hide_header)
-    elif file_extension == '.csv':
-        success, msg, result_file = write_result_to_csv(result_file, scan_item, False, extended_header)
-    elif file_extension == '.json':
-        success, msg = write_opossum(result_file, scan_item)
-    elif file_extension == '.yaml':
-        success, msg, result_file = write_yaml(result_file, scan_item, False)
+    if format:
+        if format == 'excel':
+            success, msg = write_result_to_excel(result_file, scan_item, extended_header, hide_header)
+        elif format == 'csv':
+            success, msg, _ = write_result_to_csv(result_file, scan_item, False, extended_header)
+        elif format == 'opossum':
+            success, msg = write_opossum(result_file, scan_item)
+        elif format == 'yaml':
+            success, msg, _ = write_yaml(result_file, scan_item, False)
+        elif format.startswith('spdx'):
+            if platform.system() != 'Windows':
+                success, msg, _ = write_spdx(output_file_without_ext, file_extension, scan_item, spdx_version)
+            else:
+                success = False
+                msg = 'Windows not support spdx format.'
     else:
-        success = False
-        msg = f'Not supported file extension({file_extension})'
+        if file_extension == '.xlsx':
+            success, msg = write_result_to_excel(result_file, scan_item, extended_header, hide_header)
+        elif file_extension == '.csv':
+            success, msg, result_file = write_result_to_csv(result_file, scan_item, False, extended_header)
+        elif file_extension == '.json':
+            success, msg = write_opossum(result_file, scan_item)
+        elif file_extension == '.yaml':
+            success, msg, result_file = write_yaml(result_file, scan_item, False)
+        else:
+            success = False
+            msg = f'Not supported file extension({file_extension})'
 
     return success, msg, result_file

fosslight_util-2.0.2/src/fosslight_util/write_spdx.py

@@ -0,0 +1,265 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2022 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import uuid
+import logging
+import re
+from pathlib import Path
+from datetime import datetime
+from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
+from fosslight_util.constant import (LOGGER_NAME, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SCANNER,
+                                     FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE)
+import traceback
+
+logger = logging.getLogger(LOGGER_NAME)
+
+try:
+    from spdx_tools.common.spdx_licensing import spdx_licensing
+    from spdx_tools.spdx.model import (
+        Actor,
+        ActorType,
+        Checksum,
+        ChecksumAlgorithm,
+        CreationInfo,
+        Document,
+        File,
+        Package,
+        Relationship,
+        RelationshipType,
+        SpdxNoAssertion,
+        SpdxNone
+    )
+    from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document
+    from spdx_tools.spdx.writer.write_anything import write_file
+except Exception:
+    logger.info('No import spdx-tools')
+
+
+def get_license_list_version():
+    version = 'N/A'
+    success, error_msg, licenses = get_spdx_licenses_json()
+    if success:
+        version = licenses['licenseListVersion']
+    else:
+        logger.info(f'Fail to get spdx license list version:{error_msg}')
+    return version
+
+
+def write_spdx(output_file_without_ext, output_extension, scan_item, spdx_version='2.3'):
+    success = True
+    error_msg = ''
+
+    if scan_item:
+        try:
+            cover_name = scan_item.cover.get_print_json()["Tool information"].split('(').pop(0).strip()
+            match = re.search(r"(.+) v([0-9.]+)", cover_name)
+            if match:
+                scanner_name = match.group(1)
+            else:
+                scanner_name = FOSSLIGHT_SCANNER
+        except Exception:
+            cover_name = FOSSLIGHT_SCANNER
+            scanner_name = FOSSLIGHT_SCANNER
+        creation_info = CreationInfo(spdx_version=f'SPDX-{spdx_version}',
+                                     spdx_id='SPDXRef-DOCUMENT',
+                                     name=f'SPDX Document by {scanner_name.upper()}',
+                                     data_license='CC0-1.0',
+                                     document_namespace=f'http://spdx.org/spdxdocs/{scanner_name.lower()}-{uuid.uuid4()}',
+                                     creators=[Actor(name=cover_name, actor_type=ActorType.TOOL)],
+                                     created=datetime.now())
+        doc = Document(creation_info=creation_info)
+
+        relation_tree = {}
+        spdx_id_packages = []
+
+        output_dir = os.path.dirname(output_file_without_ext)
+        Path(output_dir).mkdir(parents=True, exist_ok=True)
+        try:
+            file_id = 0
+            package_id = 0
+            root_package = False
+            for scanner_name, file_items in scan_item.file_items.items():
+                for file_item in file_items:
+                    file = ''  # file의 license, copyright은 oss item에서 append
+                    if scanner_name in [FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE]:
+                        file_id += 1
+                        file = File(name=file_item.source_name_or_path,
+                                    spdx_id=f'SPDXRef-File{file_id}',
+                                    checksums=[Checksum(ChecksumAlgorithm.SHA1, file_item.checksum)])
+                    file_license = []
+                    file_copyright = []
+                    file_comment = []
+                    for oss_item in file_item.oss_items:
+                        oss_licenses = []
+                        declared_oss_licenses = []
+                        lic_comment = []
+                        for oi in oss_item.license:
+                            oi = check_input_license_format(oi)
+                            try:
+                                oi_spdx = spdx_licensing.parse(oi, validate=True)
+                                oss_licenses.append(oi_spdx)
+                                declared_oss_licenses.append(oi)
+                            except Exception:
+                                logger.debug(f'No spdx license name: {oi}')
+                                lic_comment.append(oi)
+                                file_comment.append(oi)
+                        if oss_licenses:
+                            file_license.extend(oss_licenses)
+                        if oss_item.copyright != '':
+                            file_copyright.append(oss_item.copyright)
+
+                        if oss_item.download_location == '':
+                            if scanner_name == FOSSLIGHT_DEPENDENCY:
+                                download_location = SpdxNone()
+                            else:
+                                continue
+                        else:
+                            download_location = oss_item.download_location
+                        if scanner_name != FOSSLIGHT_DEPENDENCY and oss_item.name == '':
+                            continue
+                        package_id += 1
+                        package = Package(name=oss_item.name,
+                                          spdx_id=f'SPDXRef-Package{package_id}',
+                                          download_location=download_location)
+
+                        if oss_item.version != '':
+                            package.version = oss_item.version
+
+                        if scanner_name == FOSSLIGHT_DEPENDENCY:
+                            package.files_analyzed = False  # If omitted, the default value of true is assumed.
+                        else:
+                            package.files_analyzed = True
+                        if oss_item.copyright != '':
+                            package.cr_text = oss_item.copyright
+                        if oss_item.homepage != '':
+                            package.homepage = oss_item.homepage
+
+                        if declared_oss_licenses:
+                            package.license_declared = spdx_licensing.parse(' AND '.join(declared_oss_licenses))
+                        if lic_comment:
+                            package.license_comment = ' '.join(lic_comment)
+
+                        doc.packages.append(package)
+
+                        if scanner_name == FOSSLIGHT_DEPENDENCY:
+                            purl = file_item.purl
+                            spdx_id_packages.append([purl, package.spdx_id])
+                            relation_tree[purl] = {}
+                            relation_tree[purl]['id'] = package.spdx_id
+                            relation_tree[purl]['dep'] = []
+                            if 'root package' in oss_item.comment:
+                                root_package = True
+                                relationship = Relationship(doc.creation_info.spdx_id,
+                                                            RelationshipType.DESCRIBES,
+                                                            package.spdx_id)
+                                doc.relationships.append(relationship)
+                            relation_tree[purl]['dep'].extend(file_item.depends_on)
+
+                    if scanner_name in [FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE]:
+                        if file_license:
+                            file.license_info_in_file = file_license
+                        if file_copyright:
+                            file.copyright_text = '\n'.join(file_copyright)
+                        if file_comment:
+                            file.license_comment = ' '.join(file_comment)
+                        doc.files.append(file)
+
+            if len(doc.packages) > 0:
+                for pkg in relation_tree:
+                    if len(relation_tree[pkg]['dep']) > 0:
+                        pkg_spdx_id = relation_tree[pkg]['id']
+                        if len(relation_tree[pkg]['dep']) > 0:
+                            for pname in relation_tree[pkg]['dep']:
+                                ans = next(filter(lambda x: x[0] == pname, spdx_id_packages), None)
+                                if ans is None:
+                                    continue
+                                rel_pkg_spdx_id = ans[1]
+                                relationship = Relationship(pkg_spdx_id, RelationshipType.DEPENDS_ON, rel_pkg_spdx_id)
+                                doc.relationships.append(relationship)
+            if not root_package:
+                root_package = Package(name='root package',
+                                       spdx_id='SPDXRef-ROOT-PACKAGE',
+                                       download_location=SpdxNoAssertion())
+                root_package.files_analyzed = False
+                root_package.license_declared = SpdxNoAssertion()
+                doc.packages.append(root_package)
+                relationship = Relationship(doc.creation_info.spdx_id, RelationshipType.DESCRIBES, root_package.spdx_id)
+                doc.relationships.append(relationship)
+
+        except Exception as e:
+            success = False
+            error_msg = f'Failed to create spdx document object:{e}, {traceback.format_exc()}'
+    else:
+        success = False
+        error_msg = 'No item to write in output file.'
+
+    validation_messages = validate_full_spdx_document(doc)
+    for message in validation_messages:
+        logger.warning(message.validation_message)
+        logger.warning(message.context)
+
+    # assert validation_messages == []
+
+    result_file = ''
+    if success:
+        result_file = output_file_without_ext + output_extension
+        try:
+            write_file(doc, result_file)
+        except Exception as e:
+            success = False
+            error_msg = f'Failed to write spdx document: {e}'
+            if os.path.exists(result_file):
+                os.remove(result_file)
+
+    return success, error_msg, result_file
+
+
+def convert_to_spdx_style(input_string):
+    input_string = re.sub(r'[^\w\s\.\-]', '', input_string)
+    input_string = re.sub(r'[\s\_]', '-', input_string)
+    input_converted = f"LicenseRef-{input_string}"
+    return input_converted
+
+
+def check_input_license_format(input_license):
+    spdx_licenses = get_spdx_licensename()
+    for spdx in spdx_licenses:
+        if input_license.casefold() == spdx.casefold():
+            return spdx
+
+    if input_license.startswith('LicenseRef-'):
+        return input_license
+
+    licensesfromJson = get_license_from_nick()
+    if licensesfromJson == "":
+        logger.warning(" Error - Return Value to get license from Json is none")
+
+    try:
+        converted_license = licensesfromJson.get(input_license.casefold())
+        if converted_license is None:
+            converted_license = convert_to_spdx_style(input_license)
+    except Exception as ex:
+        logger.warning(f"Error - Get frequetly used license : {ex}")
+
+    return converted_license
+
+
+def get_spdx_licensename():
+    spdx_licenses = []
+    try:
+        success, error_msg, licenses = get_spdx_licenses_json()
+        if success is False:
+            logger.warning(f"Error to get SPDX Licesens : {error_msg}")
+
+        licenseInfo = licenses.get("licenses")
+        for info in licenseInfo:
+            shortID = info.get("licenseId")
+            isDeprecated = info.get("isDeprecatedLicenseId")
+            if isDeprecated is False:
+                spdx_licenses.append(shortID)
+    except Exception as ex:
+        logger.warning(f"Error access to get_spdx_licenses_json : {ex}")
+    return spdx_licenses

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/src/fosslight_util.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-util
-Version: 2.0.0
+Version: 2.0.2
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.0.0 → fosslight_util-2.0.2}/src/fosslight_util.egg-info/requires.txt

@@ -8,10 +8,10 @@ coloredlogs
 python3-wget
 beautifulsoup4
 jsonmerge
-spdx-tools==0.7.0rc0
 setuptools>=65.5.1
 npm
 requests
+GitPython
 
 [:python_version < "3.8"]
 numpy
@@ -24,3 +24,6 @@ pygit2==1.6.1
 
 [:python_version>='3.7']
 pygit2>=1.10.1
+
+[:sys_platform != "win32"]
+spdx-tools>=0.8.2

fosslight_util-2.0.0/src/fosslight_util/write_spdx.py

@@ -1,222 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# Copyright (c) 2022 LG Electronics Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-import os
-import uuid
-import logging
-import re
-from pathlib import Path
-from spdx.creationinfo import Tool
-from spdx.document import Document
-from spdx.package import Package
-from spdx.relationship import Relationship
-from spdx.license import License, LicenseConjunction
-from spdx.utils import SPDXNone
-from spdx.utils import NoAssert
-from spdx.version import Version
-from spdx.writers import json
-from spdx.writers import yaml
-from spdx.writers import xml
-from spdx.writers import tagvalue
-from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
-from fosslight_util.constant import LOGGER_NAME, FOSSLIGHT_DEPENDENCY
-import traceback
-
-logger = logging.getLogger(LOGGER_NAME)
-
-
-def get_license_list_version():
-    version = 'N/A'
-    success, error_msg, licenses = get_spdx_licenses_json()
-    if success:
-        version = licenses['licenseListVersion']
-    else:
-        logger.info(f'Fail to get spdx license list version:{error_msg}')
-    return version
-
-
-def write_spdx(output_file_without_ext, output_extension, scan_item,
-               scanner_name, scanner_version, spdx_version=(2, 3)):
-    success = True
-    error_msg = ''
-    if scan_item:
-        doc = Document(version=Version(*spdx_version),
-                       data_license=License.from_identifier('CC0-1.0'),
-                       namespace=f'http://spdx.org/spdxdocs/{scanner_name.lower()}-{uuid.uuid4()}',
-                       name=f'SPDX Document by {scanner_name.upper()}',
-                       spdx_id='SPDXRef-DOCUMENT')
-
-        doc.creation_info.set_created_now()
-        doc.creation_info.add_creator(Tool(f'{scanner_name.upper()} {scanner_version}'))
-        doc.creation_info.license_list_version = Version(*tuple(get_license_list_version().split('.')))
-
-        relation_tree = {}
-        spdx_id_packages = []
-
-        output_dir = os.path.dirname(output_file_without_ext)
-        Path(output_dir).mkdir(parents=True, exist_ok=True)
-        try:
-            package_id = 0
-            root_package = False
-            for scanner_name, _ in scan_item.file_items.items():
-                json_contents = scan_item.get_print_json(scanner_name)
-                for oss_item in json_contents:
-                    package_id += 1
-                    package = Package(spdx_id=f'SPDXRef-{package_id}')
-
-                    if oss_item.get('name', '') != '':
-                        package.name = oss_item.get('name', '')  # required
-                    else:
-                        package.name = SPDXNone()
-
-                    if oss_item.get('version', '') != '':
-                        package.version = oss_item.get('version', '')  # no required
-
-                    if oss_item.get('download location', '') != '':
-                        package.download_location = oss_item.get('download location', '')  # required
-                    else:
-                        package.download_location = SPDXNone()
-
-                    if scanner_name == FOSSLIGHT_DEPENDENCY:
-                        package.files_analyzed = False  # If omitted, the default value of true is assumed.
-                    else:
-                        package.files_analyzed = True
-
-                    if oss_item.get('homepage', '') != '':
-                        package.homepage = oss_item.get('homepage', '')  # no required
-
-                    if oss_item.get('copyright text', '') != '':
-                        package.cr_text = oss_item.get('copyright text', '')  # required
-                    else:
-                        package.cr_text = SPDXNone()
-                    if oss_item.get('license', []) != '':
-                        lic_list = [check_input_license_format(lic.strip()) for lic in oss_item.get('license', [])]
-                        first_lic = License.from_identifier(lic_list.pop(0))
-                        while lic_list:
-                            next_lic = License.from_identifier(lic_list.pop(0))
-                            license_conjunction = LicenseConjunction(first_lic, next_lic)
-                            first_lic = license_conjunction
-                        package.license_declared = first_lic
-                    else:
-                        package.license_declared = NoAssert()  # required
-
-                    doc.add_package(package)
-
-                    if scanner_name == FOSSLIGHT_DEPENDENCY:
-                        purl = oss_item.get('package url', '')
-                        spdx_id_packages.append([purl, package.spdx_id])
-                        comment = oss_item.get('comment', '')
-                        relation_tree[purl] = {}
-                        relation_tree[purl]['id'] = package.spdx_id
-                        relation_tree[purl]['dep'] = []
-
-                        if 'root package' in comment.split(','):
-                            root_package = True
-                            relationship = Relationship(f"{doc.spdx_id} DESCRIBES {package.spdx_id}")
-                            doc.add_relationship(relationship)
-                        deps = oss_item.get('depends on', '')
-                        relation_tree[purl]['dep'].extend([di.strip().split('(')[0] for di in deps])
-            if scanner_name == FOSSLIGHT_DEPENDENCY and len(relation_tree) > 0:
-                for pkg in relation_tree:
-                    if len(relation_tree[pkg]['dep']) > 0:
-                        pkg_spdx_id = relation_tree[pkg]['id']
-                        if len(relation_tree[pkg]['dep']) > 0:
-                            for pname in relation_tree[pkg]['dep']:
-                                ans = next(filter(lambda x: x[0] == pname, spdx_id_packages), None)
-                                if ans is None:
-                                    continue
-                                rel_pkg_spdx_id = ans[1]
-                                relationship = Relationship(f'{pkg_spdx_id} DEPENDS_ON {rel_pkg_spdx_id}')
-                                doc.add_relationship(relationship)
-                if not root_package:
-                    root_package = Package(spdx_id='SPDXRef-ROOT-PACKAGE')
-                    root_package.name = 'root package'
-                    root_package.download_location = NoAssert()
-                    root_package.files_analyzed = False
-                    root_package.cr_text = SPDXNone()
-                    root_package.license_declared = NoAssert()
-                    doc.add_package(root_package)
-                    relationship = Relationship(f"{doc.spdx_id} DESCRIBES {root_package.spdx_id}")
-                    doc.add_relationship(relationship)
-        except Exception as e:
-            success = False
-            error_msg = f'Failed to create spdx document object:{e}, {traceback.format_exc()}'
-    else:
-        success = False
-        error_msg = 'No item to write in output file.'
-
-    result_file = ''
-    if success:
-        result_file = output_file_without_ext + output_extension
-        try:
-            out_mode = "w"
-            if result_file.endswith(".tag"):
-                writer_module = tagvalue
-            elif result_file.endswith(".json"):
-                writer_module = json
-            elif result_file.endswith(".xml"):
-                writer_module = xml
-            elif result_file.endswith(".yaml"):
-                writer_module = yaml
-            else:
-                raise Exception("FileType Not Supported")
-
-            with open(result_file, out_mode) as out:
-                writer_module.write_document(doc, out, True)
-        except Exception as e:
-            success = False
-            error_msg = f'Failed to write spdx document: {e}'
-            if os.path.exists(result_file):
-                os.remove(result_file)
-
-    return success, error_msg, result_file
-
-
-def convert_to_spdx_style(input_string):
-    input_string = re.sub(r'[^\w\s\.\-]', '', input_string)
-    input_string = re.sub(r'[\s\_]', '-', input_string)
-    input_converted = f"LicenseRef-{input_string}"
-    return input_converted
-
-
-def check_input_license_format(input_license):
-    spdx_licenses = get_spdx_licensename()
-    for spdx in spdx_licenses:
-        if input_license.casefold() == spdx.casefold():
-            return spdx
-
-    if input_license.startswith('LicenseRef-'):
-        return input_license
-
-    licensesfromJson = get_license_from_nick()
-    if licensesfromJson == "":
-        logger.warning(" Error - Return Value to get license from Json is none")
-
-    try:
-        converted_license = licensesfromJson.get(input_license.casefold())
-        if converted_license is None:
-            converted_license = convert_to_spdx_style(input_license)
-    except Exception as ex:
-        logger.warning(f"Error - Get frequetly used license : {ex}")
-
-    return converted_license
-
-
-def get_spdx_licensename():
-    spdx_licenses = []
-    try:
-        success, error_msg, licenses = get_spdx_licenses_json()
-        if success is False:
-            logger.warning(f"Error to get SPDX Licesens : {error_msg}")
-
-        licenseInfo = licenses.get("licenses")
-        for info in licenseInfo:
-            shortID = info.get("licenseId")
-            isDeprecated = info.get("isDeprecatedLicenseId")
-            if isDeprecated is False:
-                spdx_licenses.append(shortID)
-    except Exception as ex:
-        logger.warning(f"Error access to get_spdx_licenses_json : {ex}")
-    return spdx_licenses