test(SpdxDocumentFile): Add test for missing issues for external refs

Add synthetic project and an associated test to verify that issues from
an external document ref are added to the result.

Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.com>

plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/illegal_chars/package.spdx.yml

@@ -0,0 +1,23 @@
+SPDXID: "SPDXRef-DOCUMENT"
+spdxVersion: "SPDX-2.2"
+creationInfo:
+  created: "2022-06-29T00:00:00Z"
+  creators:
+  - "Organization: OSS Review Toolkit"
+name: "illegal_chars"
+dataLicense: "CC0-1.0"
+documentNamespace: "http://spdx.org/spdxdocs/example"
+documentDescribes:
+  - "SPDXRef-Package-asio_dtls"
+packages:
+  - SPDXID: "SPDXRef-Package-illegal_chars" # This SPDX ID contains '_' which is not allowed.
+    description: "A SPDX document that is in a directory characters not allowed for SPDX IDs"
+    copyrightText: "NONE"
+    filesAnalyzed: false
+    homepage: "https://example.com/"
+    licenseConcluded: "NOASSERTION"
+    licenseDeclared: "NOASSERTION"
+    originator: "Organization: Robert Bosch GmbH"
+    name: "illegal_chars"
+    downloadLocation: "https://example.com"
+    versionInfo: "1.0.0"

plugins/package-managers/spdx/src/funTest/assets/projects/synthetic/illegal-chars-external-refs/project-xyz.spdx.yml

@@ -0,0 +1,29 @@
+SPDXID: "SPDXRef-DOCUMENT"
+spdxVersion: "SPDX-2.2"
+creationInfo:
+  created: "2024-07-08T18:30:22Z"
+  creators:
+  - "OSS Review Toolkit"
+name: "External Ref with illegal chars"
+dataLicense: "CC0-1.0"
+documentNamespace: "https://spdx.org/spdxdocs/example"
+documentDescribes:
+- "SPDXRef-Package-illegal-chars"
+
+externalDocumentRefs:
+- externalDocumentId: "DocumentRef-illegal_chars" # This SPDX ID contains '_' which is not allowed.
+  spdxDocument: "illegal_chars/package.spdx.yml"
+  checksum:
+    algorithm: "SHA1"
+    checksumValue: "3e3edec9f5073a7b17a9fd066e5f49ed3e41f0a2"
+
+packages:
+- SPDXID: "SPDXRef-Package-test"
+  copyrightText: "NONE"
+  downloadLocation: "https://example.com"
+  filesAnalyzed: false
+  homepage: "NONE"
+  licenseConcluded: "Apache-2.0"
+  licenseDeclared: "Apache-2.0"
+  name: "Illegal Chars"
+  originator: "Organization: OSS Review Toolkit"

plugins/package-managers/spdx/src/funTest/kotlin/SpdxDocumentFileFunTest.kt

@@ -23,6 +23,7 @@ import io.kotest.core.spec.style.WordSpec
 import io.kotest.matchers.collections.containExactly
 import io.kotest.matchers.collections.containExactlyInAnyOrder
 import io.kotest.matchers.collections.shouldContainExactlyInAnyOrder
+import io.kotest.matchers.collections.shouldHaveSingleElement
 import io.kotest.matchers.collections.shouldHaveSize
 import io.kotest.matchers.maps.haveSize
 import io.kotest.matchers.nulls.shouldNotBeNull
@@ -255,6 +256,29 @@ class SpdxDocumentFileFunTest : WordSpec({
                 Identifier("SpdxDocumentFile:OpenSSL Development Team:openssl:1.1.1g")
             )
         }
+
+        "collect issues for subprojects using illegal SPDX identifiers" {
+            val projectFile = projectDir.resolve("illegal-chars-external-refs/project-xyz.spdx.yml")
+            val subProjectFile = projectDir.resolve("illegal-chars-external-refs/illegal_chars/package.spdx.yml")
+            val definitionFiles = listOf(projectFile, subProjectFile)
+
+            val result = create("SpdxDocumentFile").resolveDependencies(definitionFiles, emptyMap())
+
+            val rootProject = result.projectResults[projectFile.absoluteFile]?.first()
+
+            rootProject shouldNotBeNull {
+                issues shouldHaveSize 1
+                issues.shouldHaveSingleElement {
+                    val expectedMessage = Regex(
+                        """
+                            .*SPDX ID 'SPDXRef-Package-illegal_chars' is only allowed to contain letters, numbers, '\.', and '-'.*
+                        """.trimIndent()
+                    )
+
+                    expectedMessage.containsMatchIn(it.message)
+                }
+            }
+        }
     }
 })