[issue-753] only allow lowercase values for FilesAnalyzed in tag-value

armintaenzertng · armintaenzertng · commit 3d3100a46775 · 2023-09-14T17:50:57.000+02:00
Signed-off-by: Armin Tänzer &lt;armin.taenzer@tngtech.com&gt;
diff --git a/src/spdx_tools/spdx/parser/tagvalue/parser.py b/src/spdx_tools/spdx/parser/tagvalue/parser.py
@@ -427,7 +427,14 @@ def p_pkg_files_analyzed(self, p):
         if "files_analyzed" in self.current_element:
             self.current_element["logger"].append(f"Multiple values for {p[1]} found. Line: {p.lineno(1)}")
             return
-        self.current_element["files_analyzed"] = p[2] in ["true", "True"]
+        if p[2] == "true":
+            self.current_element["files_analyzed"] = True
+        elif p[2] == "false":
+            self.current_element["files_analyzed"] = False
+        else:
+            self.current_element["logger"].append(
+                f'The value of FilesAnalyzed must be either "true" or "false", but is: {p[2]}'
+            )
 
     @grammar_rule("primary_package_purpose : PRIMARY_PACKAGE_PURPOSE LINE")
     def p_primary_package_purpose(self, p):
diff --git a/tests/spdx/parser/tagvalue/test_package_parser.py b/tests/spdx/parser/tagvalue/test_package_parser.py
@@ -22,7 +22,7 @@ def test_parse_package():
             "SPDXID: SPDXRef-Package",
             "PackageVersion: 1:22.36.1-8+deb11u1",
             "PackageDownloadLocation: http://example.com/test",
-            "FilesAnalyzed: True",
+            "FilesAnalyzed: true",
             "PackageSummary: <text>Test package</text>",
             "PackageSourceInfo: <text>Version 1.0 of test</text>",
             "PackageFileName: test-1.0.zip",
@@ -123,6 +123,12 @@ def test_parse_package():
             "match specified grammar rule. Line: 2', 'Error while parsing "
             "ValidUntilDate: Token did not match specified grammar rule. Line: 3']",
         ),
+        (
+            f"SPDXID:{DOCUMENT_SPDX_ID}\nPackageName: TestPackage\nSPDXID:SPDXRef-Package\n"
+            "PackageDownloadLocation: download.com\nFilesAnalyzed: FALSE",
+            "Error while parsing Package: "
+            '[\'The value of FilesAnalyzed must be either "true" or "false", but is: FALSE\']',
+        ),
     ],
 )
 def test_parse_invalid_package(package_str, expected_message):
