-
Notifications
You must be signed in to change notification settings - Fork 59
/
package.go
348 lines (270 loc) · 11.9 KB
/
package.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package spdx
import (
"encoding/json"
"fmt"
"strings"
)
type Supplier struct {
// can be "NOASSERTION"
Supplier string
// SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION"
SupplierType string
}
// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct.
// This function is also used when unmarshalling YAML
func (s *Supplier) UnmarshalJSON(data []byte) error {
// the value is just a string presented as a slice of bytes
supplierStr := string(data)
supplierStr = strings.Trim(supplierStr, "\"")
if supplierStr == "NOASSERTION" {
s.Supplier = supplierStr
return nil
}
supplierFields := strings.SplitN(supplierStr, ": ", 2)
if len(supplierFields) != 2 {
return fmt.Errorf("failed to parse Supplier '%s'", supplierStr)
}
s.SupplierType = supplierFields[0]
s.Supplier = supplierFields[1]
return nil
}
// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form.
// This function is also used when marshalling to YAML
func (s Supplier) MarshalJSON() ([]byte, error) {
if s.Supplier == "NOASSERTION" {
return json.Marshal(s.Supplier)
} else if s.SupplierType != "" && s.Supplier != "" {
return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier))
}
return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s)
}
type Originator struct {
// can be "NOASSERTION"
Originator string
// OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION"
OriginatorType string
}
// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct.
// This function is also used when unmarshalling YAML
func (o *Originator) UnmarshalJSON(data []byte) error {
// the value is just a string presented as a slice of bytes
originatorStr := string(data)
originatorStr = strings.Trim(originatorStr, "\"")
if originatorStr == "NOASSERTION" {
o.Originator = originatorStr
return nil
}
originatorFields := strings.SplitN(originatorStr, ": ", 2)
if len(originatorFields) != 2 {
return fmt.Errorf("failed to parse Originator '%s'", originatorStr)
}
o.OriginatorType = originatorFields[0]
o.Originator = originatorFields[1]
return nil
}
// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form.
// This function is also used when marshalling to YAML
func (o Originator) MarshalJSON() ([]byte, error) {
if o.Originator == "NOASSERTION" {
return json.Marshal(o.Originator)
} else if o.Originator != "" {
return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator))
}
return []byte{}, nil
}
type PackageVerificationCode struct {
// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
Value string `json:"packageVerificationCodeValue"`
// Spec also allows specifying files to exclude from the
// verification code algorithm; intended to enable exclusion of
// the SPDX document file itself.
ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"`
}
// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
type Package2_1 struct {
// 3.1: Package Name
// Cardinality: mandatory, one
PackageName string `json:"name"`
// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
PackageSPDXIdentifier ElementID `json:"SPDXID"`
// 3.3: Package Version
// Cardinality: optional, one
PackageVersion string `json:"versionInfo,omitempty"`
// 3.4: Package File Name
// Cardinality: optional, one
PackageFileName string `json:"packageFileName,omitempty"`
// 3.5: Package Supplier: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageSupplier *Supplier `json:"supplier,omitempty"`
// 3.6: Package Originator: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageOriginator *Originator `json:"originator,omitempty"`
// 3.7: Package Download Location
// Cardinality: mandatory, one
PackageDownloadLocation string `json:"downloadLocation"`
// 3.8: FilesAnalyzed
// Cardinality: optional, one; default value is "true" if omitted
FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
// NOT PART OF SPEC: did FilesAnalyzed tag appear?
IsFilesAnalyzedTagPresent bool `json:"-"`
// 3.9: Package Verification Code
PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"`
// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: optional, one or many
PackageChecksums []Checksum `json:"checksums,omitempty"`
// 3.11: Package Home Page
// Cardinality: optional, one
PackageHomePage string `json:"homepage,omitempty"`
// 3.12: Source Information
// Cardinality: optional, one
PackageSourceInfo string `json:"sourceInfo,omitempty"`
// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseConcluded string `json:"licenseConcluded"`
// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseDeclared string `json:"licenseDeclared"`
// 3.16: Comments on License
// Cardinality: optional, one
PackageLicenseComments string `json:"licenseComments,omitempty"`
// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageCopyrightText string `json:"copyrightText"`
// 3.18: Package Summary Description
// Cardinality: optional, one
PackageSummary string `json:"summary,omitempty"`
// 3.19: Package Detailed Description
// Cardinality: optional, one
PackageDescription string `json:"description,omitempty"`
// 3.20: Package Comment
// Cardinality: optional, one
PackageComment string `json:"comment,omitempty"`
// 3.21: Package External Reference
// Cardinality: optional, one or many
PackageExternalReferences []*PackageExternalReference2_1 `json:"externalRefs,omitempty"`
// Files contained in this Package
Files []*File2_1
Annotations []Annotation2_1 `json:"annotations,omitempty"`
}
// PackageExternalReference2_1 is an External Reference to additional info
// about a Package, as defined in section 3.21 in version 2.1 of the spec.
type PackageExternalReference2_1 struct {
// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
Category string `json:"referenceCategory"`
// type is an [idstring] as defined in Appendix VI;
// called RefType here due to "type" being a Golang keyword
RefType string `json:"referenceType"`
// locator is a unique string to access the package-specific
// info, metadata or content within the target location
Locator string `json:"referenceLocator"`
// 3.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
ExternalRefComment string `json:"comment"`
}
// Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec.
type Package2_2 struct {
// NOT PART OF SPEC
// flag: does this "package" contain files that were in fact "unpackaged",
// e.g. included directly in the Document without being in a Package?
IsUnpackaged bool
// 3.1: Package Name
// Cardinality: mandatory, one
PackageName string `json:"name"`
// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
PackageSPDXIdentifier ElementID `json:"SPDXID"`
// 3.3: Package Version
// Cardinality: optional, one
PackageVersion string `json:"versionInfo,omitempty"`
// 3.4: Package File Name
// Cardinality: optional, one
PackageFileName string `json:"packageFileName,omitempty"`
// 3.5: Package Supplier: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageSupplier *Supplier `json:"supplier,omitempty"`
// 3.6: Package Originator: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageOriginator *Originator `json:"originator,omitempty"`
// 3.7: Package Download Location
// Cardinality: mandatory, one
PackageDownloadLocation string `json:"downloadLocation"`
// 3.8: FilesAnalyzed
// Cardinality: optional, one; default value is "true" if omitted
FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
// NOT PART OF SPEC: did FilesAnalyzed tag appear?
IsFilesAnalyzedTagPresent bool
// 3.9: Package Verification Code
PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"`
// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: optional, one or many
PackageChecksums []Checksum `json:"checksums"`
// 3.11: Package Home Page
// Cardinality: optional, one
PackageHomePage string `json:"homepage,omitempty"`
// 3.12: Source Information
// Cardinality: optional, one
PackageSourceInfo string `json:"sourceInfo,omitempty"`
// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseConcluded string `json:"licenseConcluded"`
// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseDeclared string `json:"licenseDeclared"`
// 3.16: Comments on License
// Cardinality: optional, one
PackageLicenseComments string `json:"licenseComments,omitempty"`
// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageCopyrightText string `json:"copyrightText"`
// 3.18: Package Summary Description
// Cardinality: optional, one
PackageSummary string `json:"summary,omitempty"`
// 3.19: Package Detailed Description
// Cardinality: optional, one
PackageDescription string `json:"description,omitempty"`
// 3.20: Package Comment
// Cardinality: optional, one
PackageComment string `json:"comment,omitempty"`
// 3.21: Package External Reference
// Cardinality: optional, one or many
PackageExternalReferences []*PackageExternalReference2_2 `json:"externalRefs,omitempty"`
// 3.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
// contained within PackageExternalReference2_1 struct, if present
// 3.23: Package Attribution Text
// Cardinality: optional, one or many
PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
// Files contained in this Package
Files []*File2_2
Annotations []Annotation2_2 `json:"annotations"`
}
// PackageExternalReference2_2 is an External Reference to additional info
// about a Package, as defined in section 3.21 in version 2.2 of the spec.
type PackageExternalReference2_2 struct {
// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
Category string `json:"referenceCategory"`
// type is an [idstring] as defined in Appendix VI;
// called RefType here due to "type" being a Golang keyword
RefType string `json:"referenceType"`
// locator is a unique string to access the package-specific
// info, metadata or content within the target location
Locator string `json:"referenceLocator"`
// 3.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
ExternalRefComment string `json:"comment"`
}