adjust spdx helpers to use copy of packages

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

internal/formats/common/spdxhelpers/description.go

@@ -2,7 +2,7 @@ package spdxhelpers
 
 import "github.com/anchore/syft/syft/pkg"
 
-func Description(p *pkg.Package) string {
+func Description(p pkg.Package) string {
 	if hasMetadata(p) {
 		switch metadata := p.Metadata.(type) {
 		case pkg.ApkMetadata:
@@ -14,10 +14,6 @@ func Description(p *pkg.Package) string {
 	return ""
 }
 
-func packageExists(p *pkg.Package) bool {
+func hasMetadata(p pkg.Package) bool {
-	return p != nil
+	return p.Metadata != nil
-}
-
-func hasMetadata(p *pkg.Package) bool {
-	return packageExists(p) && p.Metadata != nil
 }

internal/formats/common/spdxhelpers/description_test.go

@@ -50,7 +50,7 @@ func Test_Description(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expected, Description(&test.input))
+			assert.Equal(t, test.expected, Description(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/download_location.go

@@ -2,7 +2,7 @@ package spdxhelpers
 
 import "github.com/anchore/syft/syft/pkg"
 
-func DownloadLocation(p *pkg.Package) string {
+func DownloadLocation(p pkg.Package) string {
 	// 3.7: Package Download Location
 	// Cardinality: mandatory, one
 	// NONE if there is no download location whatsoever.

internal/formats/common/spdxhelpers/download_location_test.go

@@ -48,7 +48,7 @@ func Test_DownloadLocation(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expected, DownloadLocation(&test.input))
+			assert.Equal(t, test.expected, DownloadLocation(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/external_refs.go

@@ -6,13 +6,9 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func ExternalRefs(p *pkg.Package) (externalRefs []model.ExternalRef) {
+func ExternalRefs(p pkg.Package) (externalRefs []model.ExternalRef) {
 	externalRefs = make([]model.ExternalRef, 0)
 
-	if !packageExists(p) {
-		return externalRefs
-	}
-
 	for _, c := range p.CPEs {
 		externalRefs = append(externalRefs, model.ExternalRef{
 			ReferenceCategory: model.SecurityReferenceCategory,

internal/formats/common/spdxhelpers/external_refs_test.go

@@ -39,7 +39,7 @@ func Test_ExternalRefs(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.ElementsMatch(t, test.expected, ExternalRefs(&test.input))
+			assert.ElementsMatch(t, test.expected, ExternalRefs(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/files.go

@@ -9,7 +9,7 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func Files(packageSpdxID string, p *pkg.Package) (files []model.File, fileIDs []string, relationships []model.Relationship) {
+func Files(packageSpdxID string, p pkg.Package) (files []model.File, fileIDs []string, relationships []model.Relationship) {
 	files = make([]model.File, 0)
 	fileIDs = make([]string, 0)
 	relationships = make([]model.Relationship, 0)

internal/formats/common/spdxhelpers/homepage.go

@@ -2,7 +2,7 @@ package spdxhelpers
 
 import "github.com/anchore/syft/syft/pkg"
 
-func Homepage(p *pkg.Package) string {
+func Homepage(p pkg.Package) string {
 	if hasMetadata(p) {
 		switch metadata := p.Metadata.(type) {
 		case pkg.GemMetadata:

internal/formats/common/spdxhelpers/homepage_test.go

@@ -50,7 +50,7 @@ func Test_Homepage(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expected, Homepage(&test.input))
+			assert.Equal(t, test.expected, Homepage(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/license.go

@@ -7,7 +7,7 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func License(p *pkg.Package) string {
+func License(p pkg.Package) string {
 	// source: https://spdx.github.io/spdx-spec/3-package-information/#313-concluded-license
 	// The options to populate this field are limited to:
 	// A valid SPDX License Expression as defined in Appendix IV;
@@ -17,7 +17,7 @@ func License(p *pkg.Package) string {
 	//   (ii) the SPDX file creator has made no attempt to determine this field; or
 	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
 
-	if !packageExists(p) || len(p.Licenses) == 0 {
+	if len(p.Licenses) == 0 {
 		return "NONE"
 	}
 

internal/formats/common/spdxhelpers/license_test.go

@@ -67,7 +67,7 @@ func Test_License(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expected, License(&test.input))
+			assert.Equal(t, test.expected, License(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/originator_test.go

@@ -108,7 +108,7 @@ func Test_Originator(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expected, Originator(&test.input))
+			assert.Equal(t, test.expected, Originator(test.input))
 		})
 	}
 }

internal/formats/common/spdxhelpers/origintor.go

@@ -6,7 +6,7 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func Originator(p *pkg.Package) string {
+func Originator(p pkg.Package) string {
 	if hasMetadata(p) {
 		switch metadata := p.Metadata.(type) {
 		case pkg.ApkMetadata:

internal/formats/common/spdxhelpers/source_info.go

@@ -6,11 +6,7 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func SourceInfo(p *pkg.Package) string {
+func SourceInfo(p pkg.Package) string {
-	if !packageExists(p) {
-		return ""
-	}
-
 	answer := ""
 	switch p.Type {
 	case pkg.RpmPkg:

internal/formats/common/spdxhelpers/source_info_test.go

@@ -131,7 +131,7 @@ func Test_SourceInfo(t *testing.T) {
 			if test.input.Type != "" {
 				pkgTypes = append(pkgTypes, test.input.Type)
 			}
-			actual := SourceInfo(&test.input)
+			actual := SourceInfo(test.input)
 			for _, expected := range test.expected {
 				assert.Contains(t, actual, expected)
 			}