Added validation to SBOM generator

Test: m compliance_sbom
Change-Id: I1ff2dfbc48361cfb785c64306112bc687ca51057

tools/compliance/Android.bp

@@ -142,6 +142,7 @@ blueprint_go_binary {
         "spdx-tools-builder2v2",
         "spdx-tools-spdxcommon",
         "spdx-tools-spdx-json",
+        "spdx-tools-spdxlib",
     ],
     testSrcs: ["cmd/sbom/sbom_test.go"],
 }

tools/compliance/cmd/sbom/sbom.go

@@ -38,6 +38,7 @@ import (
 	"github.com/spdx/tools-golang/json"
 	"github.com/spdx/tools-golang/spdx/common"
 	spdx "github.com/spdx/tools-golang/spdx/v2_2"
+	"github.com/spdx/tools-golang/spdxlib"
 )
 
 var (
@@ -173,6 +174,7 @@ Options:
 		os.Exit(1)
 	}
 
+	// writing the spdx Doc created
 	if err := spdx_json.Save2_2(spdxDoc, ofile); err != nil {
 		fmt.Fprintf(os.Stderr, "failed to write document to %v: %v", *outputFile, err)
 		os.Exit(1)
@@ -516,7 +518,7 @@ func sbomGenerator(ctx *context, files ...string) (*spdx.Document, []string, err
 
 	ci.Created = ctx.creationTime()
 
-	return &spdx.Document{
+	doc := &spdx.Document{
 		SPDXVersion:       "SPDX-2.2",
 		DataLicense:       "CC0-1.0",
 		SPDXIdentifier:    "DOCUMENT",
@@ -526,5 +528,11 @@ func sbomGenerator(ctx *context, files ...string) (*spdx.Document, []string, err
 		Packages:          pkgs,
 		Relationships:     relationships,
 		OtherLicenses:     otherLicenses,
-	}, deps, nil
+	}
+
+	if err := spdxlib.ValidateDocument2_2(doc); err != nil {
+		return nil, nil, fmt.Errorf("Unable to validate the SPDX doc: %v\n", err)
+	}
+
+	return doc, deps, nil
 }

tools/compliance/cmd/sbom/sbom_test.go

@@ -2226,6 +2226,10 @@ func Test(t *testing.T) {
 				t.Errorf("sbom: gotStderr = %v, want none", stderr)
 			}
 
+			if err := validate(spdxDoc); err != nil {
+				t.Fatalf("sbom: document fails to validate: %v", err)
+			}
+
 			gotData, err := json.Marshal(spdxDoc)
 			if err != nil {
 				t.Fatalf("sbom: failed to marshal spdx doc: %v", err)
@@ -2267,6 +2271,36 @@ func getCreationInfo(t *testing.T) *spdx.CreationInfo {
 	return ci
 }
 
+// validate returns an error if the Document is found to be invalid
+func validate(doc *spdx.Document) error {
+	if doc.SPDXVersion == "" {
+		return fmt.Errorf("SPDXVersion: got nothing, want spdx version")
+	}
+	if doc.DataLicense == "" {
+		return fmt.Errorf("DataLicense: got nothing, want Data License")
+	}
+	if doc.SPDXIdentifier == "" {
+		return fmt.Errorf("SPDXIdentifier: got nothing, want SPDX Identifier")
+	}
+	if doc.DocumentName == "" {
+		return fmt.Errorf("DocumentName: got nothing, want Document Name")
+	}
+	if fmt.Sprintf("%v", doc.CreationInfo.Creators[1].Creator) != "Google LLC" {
+		return fmt.Errorf("Creator: got %v, want  'Google LLC'")
+	}
+	_, err := time.Parse(time.RFC3339, doc.CreationInfo.Created)
+	if err != nil {
+		return fmt.Errorf("Invalid time spec: %q: got error %q, want no error", doc.CreationInfo.Created, err)
+	}
+
+	for _, license := range doc.OtherLicenses {
+		if license.ExtractedText == "" {
+			return fmt.Errorf("License file: %q: got nothing, want license text", license.LicenseName)
+		}
+	}
+	return nil
+}
+
 // compareSpdxDocs deep-compares two spdx docs by going through the info section, packages, relationships and licenses
 func compareSpdxDocs(t *testing.T, actual, expected *spdx.Document) {