Merge pull request #29 from jspeed-meyers/iss28_int_division

Fix integer division by integer bug
eBay · Jan 17, 2023 · b324861 · b324861
2 parents 2f66da2 + 592cc92
commit b324861
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 20 deletions.
diff --git a/examples/photon.spdx.json b/examples/photon.spdx.json
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

diff --git a/go.sum b/go.sum
@@ -12,6 +12,7 @@ github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb h1:bLo8hvc8XFm9J47r690TUKBzcjSWdJDxmjXJZ+/f92U=
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
 github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342 h1:6uvaOTv4GeRqQV6O1/znbpziqhctMRLTy3OGeZrNMic=
 github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM=

diff --git a/pkg/spdx/spdx_report.go b/pkg/spdx/spdx_report.go
@@ -79,7 +79,7 @@ func (r *SpdxReport) PackageVersions() scorecard.ReportValue {
 		}
 	}
 	return scorecard.ReportValue{
-		Ratio: float32(r.hasPackVer / r.totalPackages),
+		Ratio: float32(r.hasPackVer) / float32(r.totalPackages),
 	}
 }
 
@@ -91,7 +91,7 @@ func (r *SpdxReport) PackageLicenses() scorecard.ReportValue {
 		}
 	}
 	return scorecard.ReportValue{
-		Ratio: float32(r.hasLicense / r.totalPackages),
+		Ratio: float32(r.hasLicense) / float32(r.totalPackages),
 	}
 }
 

diff --git a/pkg/spdx/spdx_report_test.go b/pkg/spdx/spdx_report_test.go
@@ -7,11 +7,11 @@ import (
 	"github.com/ebay/sbom-scorecard/pkg/scorecard"
 )
 
-func TestSpdxE2eReport(t *testing.T) {
-	r := GetSpdxReport("../../examples/julia.spdx.json")
-	report_text := r.Report()
-
-	if strings.Trim(report_text, " \n") != `34 total packages
+var report_tests = []struct {
+	path     string
+	expected string
+}{
+	{"../../examples/julia.spdx.json", `34 total packages
 0 total files
 100% have licenses.
 0% have package digest.
@@ -20,25 +20,55 @@ func TestSpdxE2eReport(t *testing.T) {
 0% have CPEs.
 0% have file digest.
 Spec valid? true
-Has creation info? false` {
-		t.Log("Incorrect report results generated.\n" +
-			"Got this: \n" + report_text)
-		t.Fail()
-	}
+Has creation info? false`},
+	{"../../examples/photon.spdx.json", `38 total packages
+0 total files
+94% have licenses.
+2% have package digest.
+97% have package versions.
+0% have purls.
+0% have CPEs.
+0% have file digest.
+Spec valid? true
+Has creation info? true`},
 }
 
-func TestSpdxE2eGrade(t *testing.T) {
-	r := GetSpdxReport("../../examples/julia.spdx.json")
-	report_text := scorecard.Grade(r)
+func TestSpdxE2eReport(t *testing.T) {
+	for _, e := range report_tests {
+		res := GetSpdxReport(e.path)
+		report_text := res.Report()
+		if strings.Trim(report_text, " \n") != e.expected {
+			t.Errorf("GetSpdxReport(%v) = %v, expected %v",
+				e.path, strings.Trim(report_text, " \n"), e.expected)
+		}
+	}
+}
 
-	if strings.Trim(report_text, " \n") != `Spec Compliance: 25/25
+var grade_tests = []struct {
+	path     string
+	expected string
+}{
+	{"../../examples/julia.spdx.json", `Spec Compliance: 25/25
 Package ID: 0/20 (0% have purls and 0% have CPEs)
 Package Versions: 0/20
 Package Licenses: 20/20
 Creation Info: 0/15 (No tool was used to create the sbom)
-Total points: 45/100 or 45%` {
-		t.Log("Incorrect report results generated.\n" +
-			"Got this: \n" + report_text)
-		t.Fail()
+Total points: 45/100 or 45%`},
+	{"../../examples/photon.spdx.json", `Spec Compliance: 25/25
+Package ID: 0/20 (0% have purls and 0% have CPEs)
+Package Versions: 19/20
+Package Licenses: 18/20
+Creation Info: 15/15
+Total points: 78/100 or 78%`},
+}
+
+func TestSpdxE2eGrade(t *testing.T) {
+	for _, e := range grade_tests {
+		res := GetSpdxReport(e.path)
+		report_text := scorecard.Grade(res)
+		if strings.Trim(report_text, " \n") != e.expected {
+			t.Errorf("GetSpdxReport(%v) = %v, expected %v",
+				e.path, strings.Trim(report_text, " \n"), e.expected)
+		}
 	}
 }