Skip to content

Commit

Permalink
chore: schema bump 7.0.0 license refactor
Browse files Browse the repository at this point in the history
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
  • Loading branch information
spiffcs authored and deitch committed Feb 23, 2023
1 parent 4bb96ca commit fafe494
Show file tree
Hide file tree
Showing 36 changed files with 210 additions and 252 deletions.
28 changes: 27 additions & 1 deletion internal/logicalstrings.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package internal
import (
"fmt"
"strings"

"github.com/invopop/jsonschema"
)

type Joiner string
Expand Down Expand Up @@ -47,6 +49,20 @@ func (l LogicalStrings) String() string {
return strings.Join(parts, fmt.Sprintf(" %s ", joiner))
}

func (l LogicalStrings) MarshalJSON() ([]byte, error) {
return []byte(fmt.Sprintf(`"%s"`, l.String())), nil
}

func (l *LogicalStrings) UnmarshalJSON(data []byte) error {
raw := strings.Trim(string(data), `"`)
ls, err := ParseLogicalStrings(raw)
if err != nil {
return err
}
*l = ls
return nil
}

// Process processes each simple element inside the LogicalStrings through a provided function,
// returning a new LogicalStrings with the fields replaced.
func (l LogicalStrings) Process(f func(string) string) LogicalStrings {
Expand All @@ -70,6 +86,14 @@ func (l LogicalStrings) Elements() []string {
return elements
}

func (l LogicalStrings) JSONSchema() *jsonschema.Schema {
return &jsonschema.Schema{
Type: "string",
Title: "Logical Strings",
Description: "strings with simple or complex logical combinations",
}
}

// ParseLogicalStrings parse strings joined by AND or OR, as well as compounded by ( and ), into a LogicalStrings struct
func ParseLogicalStrings(s string) (LogicalStrings, error) {
var (
Expand Down Expand Up @@ -105,7 +129,9 @@ func ParseLogicalStrings(s string) (LogicalStrings, error) {
}
if currentExpression != "" {
simple, joiner := parseSimpleExpression(currentExpression)
currentLS.Simple = append(currentLS.Simple, simple...)
if len(simple) > 0 {
currentLS.Simple = append(currentLS.Simple, simple...)
}
currentLS.Joiner = joiner
}
return currentLS, nil
Expand Down
57 changes: 16 additions & 41 deletions schema/json/schema-7.0.0.json
Original file line number Diff line number Diff line change
Expand Up @@ -202,16 +202,21 @@
},
"BinaryMetadata": {
"properties": {
"matches": {
"items": {
"$ref": "#/$defs/ClassifierMatch"
},
"type": "array"
"classifier": {
"type": "string"
},
"realPath": {
"type": "string"
},
"virtualPath": {
"type": "string"
}
},
"type": "object",
"required": [
"matches"
"classifier",
"realPath",
"virtualPath"
]
},
"CargoPackageMetadata": {
Expand Down Expand Up @@ -244,21 +249,6 @@
"dependencies"
]
},
"ClassifierMatch": {
"properties": {
"classifier": {
"type": "string"
},
"location": {
"$ref": "#/$defs/Location"
}
},
"type": "object",
"required": [
"classifier",
"location"
]
},
"CocoapodsMetadata": {
"properties": {
"checksum": {
Expand Down Expand Up @@ -803,22 +793,10 @@
},
"type": "object"
},
"Location": {
"properties": {
"path": {
"type": "string"
},
"layerID": {
"type": "string"
},
"virtualPath": {
"type": "string"
}
},
"type": "object",
"required": [
"path"
]
"LogicalStrings": {
"type": "string",
"title": "Logical Strings",
"description": "strings with simple or complex logical combinations"
},
"MixLockMetadata": {
"properties": {
Expand Down Expand Up @@ -930,10 +908,7 @@
"type": "array"
},
"licenses": {
"items": {
"type": "string"
},
"type": "array"
"$ref": "#/$defs/LogicalStrings"
},
"language": {
"type": "string"
Expand Down
Binary file not shown.
2 changes: 1 addition & 1 deletion syft/formats/common/cyclonedxhelpers/decoder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ func Test_missingDataDecode(t *testing.T) {
},
})

assert.Len(t, pkg.Licenses, 0)
assert.Equal(t, pkg.Licenses.Size(), 0)
}

func Test_missingComponentsDecode(t *testing.T) {
Expand Down
14 changes: 13 additions & 1 deletion syft/formats/common/spdxhelpers/license.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
package spdxhelpers

import (
"regexp"

"github.com/anchore/syft/internal/spdxlicense"
"github.com/anchore/syft/syft/pkg"
)

var (
invalidLicenseReg = regexp.MustCompile(`[^0-9A-Za-z\.-]`)
)

func License(p pkg.Package) string {
// source: https://spdx.github.io/spdx-spec/3-package-information/#313-concluded-license
// The options to populate this field are limited to:
Expand All @@ -24,12 +30,18 @@ func License(p pkg.Package) string {
if value, other, exists := spdxlicense.ID(s); exists {
parsed := value
if other != "" {
parsed = spdxlicense.LicenseRefPrefix + other
parsed = spdxlicense.LicenseRefPrefix + licenseScrubber(other)
}
return parsed
}
return ""

})

return parsedLicenses.String()
}

func licenseScrubber(s string) string {
// replace any characters that are *not* valid: alphanumeric, . -
return invalidLicenseReg.ReplaceAllString(s, "-")
}
15 changes: 15 additions & 0 deletions syft/formats/common/spdxhelpers/license_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,3 +83,18 @@ func Test_License(t *testing.T) {
})
}
}

func TestLicenseScrubber(t *testing.T) {
tests := []struct {
in string
out string
}{
{"A", "A"},
{"A-B", "A-B"},
{"A.B", "A.B"},
{"A.B:foo", "A.B-foo"},
}
for _, test := range tests {
assert.Equal(t, test.out, licenseScrubber(test.in))
}
}
13 changes: 7 additions & 6 deletions syft/formats/common/spdxhelpers/to_format_model.go
Original file line number Diff line number Diff line change
Expand Up @@ -516,18 +516,19 @@ func toOtherLicenses(catalog *pkg.Catalog) []*spdx.OtherLicense {
licenses := map[string]bool{}
for _, pkg := range catalog.Sorted() {
for _, license := range pkg.Licenses.Elements() {
if strings.HasPrefix(license, spdxlicense.LicenseRefPrefix) {
licenses[license] = true
value, other, exists := spdxlicense.ID(license)
if !exists || value != "" || other == "" {
continue
}

licenses[other] = true
}
}
var result []*spdx.OtherLicense
for license := range licenses {
// separate the actual ID from the prefix
name := strings.TrimPrefix(license, spdxlicense.LicenseRefPrefix)
result = append(result, &spdx.OtherLicense{
LicenseIdentifier: license,
LicenseName: name,
LicenseIdentifier: fmt.Sprintf("%s%s", spdxlicense.LicenseRefPrefix, licenseScrubber(license)),
LicenseName: license,
ExtractedText: NONE, // we probably should have some extracted text here, but this is good enough for now
})
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:0b628da1-274e-4c24-821c-f9452f37db54",
"serialNumber": "urn:uuid:11f78f35-2ea9-4785-90da-7e073c02ecfc",
"version": 1,
"metadata": {
"timestamp": "2022-12-22T18:33:51-05:00",
"timestamp": "2023-02-13T10:59:09-08:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -20,7 +20,7 @@
},
"components": [
{
"bom-ref": "1b1d0be59ac59d2c",
"bom-ref": "9f56614c62f539e9",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -57,7 +57,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3",
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=342b18b33e30ed0",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:542fc1a1-81ac-4b76-b9e2-8e6b9d8c840a",
"serialNumber": "urn:uuid:d383da54-a35f-4bd5-a85d-688b35e92c31",
"version": 1,
"metadata": {
"timestamp": "2022-12-22T18:33:51-05:00",
"timestamp": "2023-02-13T10:59:09-08:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -13,15 +13,15 @@
}
],
"component": {
"bom-ref": "ffd645a093c0fe70",
"bom-ref": "b83149da0a7fd6c5",
"type": "container",
"name": "user-image-input",
"version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
}
},
"components": [
{
"bom-ref": "66ba429119b8bec6",
"bom-ref": "de34d3845e98e85f",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -53,7 +53,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:62058900d4ce269c900160b8dd255fe310c3a459dda236d041102fa070f84406"
"value": "sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381"
},
{
"name": "syft:location:0:path",
Expand All @@ -62,7 +62,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=958443e2d9304af4",
"bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=bad230a934158ee5",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand All @@ -83,7 +83,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:623ad97366f39ae279f1925673cdacb4851ddf2e3266f04e63010ec080a098c1"
"value": "sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49"
},
{
"name": "syft:location:0:path",
Expand Down
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:2939b822-b9cb-489d-8a8b-4431b755031d" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:01786e09-af5c-4c8b-83eb-f59341c278e2" version="1">
<metadata>
<timestamp>2022-11-07T09:11:06-05:00</timestamp>
<timestamp>2023-02-13T10:59:09-08:00</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
Expand All @@ -14,7 +14,7 @@
</component>
</metadata>
<components>
<component bom-ref="1b1d0be59ac59d2c" type="library">
<component bom-ref="9f56614c62f539e9" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -32,7 +32,7 @@
<property name="syft:location:0:path">/some/path/pkg1</property>
</properties>
</component>
<component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3" type="library">
<component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=342b18b33e30ed0" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand Down
Loading

0 comments on commit fafe494

Please sign in to comment.