Add tests, don't shadow name

Author: sethmlarson

sbom.py

@@ -24,6 +24,7 @@
 import tarfile
 import typing
 import zipfile
+from functools import cache
 from pathlib import Path
 from typing import Any, LiteralString, NotRequired, TypedDict, cast
 from urllib.request import urlopen
@@ -98,12 +99,12 @@ class CreationInfo(TypedDict):
 @cache
 def spdx_id(value: LiteralString) -> str:
     """Encode a value into characters that are valid in an SPDX ID"""
-    spdx_id = re.sub(r"[^a-zA-Z0-9.\-]+", "-", value)
+    value_as_spdx_id = re.sub(r"[^a-zA-Z0-9.\-]+", "-", value)
     # To avoid collisions we append a hash suffix.
     suffix = hashlib.sha256(value.encode()).hexdigest()[:8]
-    spdx_id = f"{spdx_id}-{suffix}"
-    assert _SPDX_IDS_TO_VALUES.setdefault(spdx_id, value) == value
-    return spdx_id
+    value_as_spdx_id = f"{value_as_spdx_id}-{suffix}"
+    assert _SPDX_IDS_TO_VALUES.setdefault(value_as_spdx_id, value) == value
+    return value_as_spdx_id
 
 
 def calculate_package_verification_codes(sbom: SBOM) -> None:

tests/test_sbom.py

@@ -11,6 +11,22 @@
 import sbom
 
 
+@pytest.mark.parametrize(
+    ["value", "expected"],
+    [
+        ("abc", "abc-ba7816bf"),
+        ("def", "def-cb8379ac"),
+        ("SPDXRef-PACKAGE-pip", "SPDXRef-PACKAGE-pip-ced959c1"),
+        ("SPDXRef-PACKAGE-cpython", "SPDXRef-PACKAGE-cpython-79ab18d2"),
+        ("SPDXRef-PACKAGE-urllib3", "SPDXRef-PACKAGE-urllib3-b8ab4751"),
+    ],
+)
+def test_spdx_id(value: str, expected: str) -> None:
+    assert sbom.spdx_id(value) == expected
+    # Check we get the same value next time
+    assert sbom.spdx_id(value) == expected
+
+
 @pytest.mark.parametrize(
     ["package_sha1s", "package_verification_code"],
     [