oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: update field plurality of 8.0.0 schema before release (#1820)

Browse Source 
to keep things consistent across the schema we want Locations and URLs to be plural fields now that they are fields on the License struct
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
This commit is contained in:
Christopher Angelo Phillips 2023-05-16 13:05:48 -04:00 committed by GitHub
parent 1a2a49840b
commit 4601ca3735
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 52 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
schema/json/schema-8.0.0.json
View File

@ -748,7 +748,7 @@
"type": { "type": {
"type": "string" "type": "string"
}, },
"url": { "urls": {
"items": { "items": {
"type": "string" "type": "string"
}, },
@ -766,7 +766,7 @@
"value", "value",
"spdxExpression", "spdxExpression",
"type", "type",
"url", "urls",
"locations" "locations"
] ]
}, },

6
syft/formats/common/cyclonedxhelpers/licenses.go
View File

@ -99,7 +99,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
// singular expression case // singular expression case
// only ID field here since we guarantee that the license is valid // only ID field here since we guarantee that the license is valid
if value, exists := spdxlicense.ID(l.SPDXExpression); exists { if value, exists := spdxlicense.ID(l.SPDXExpression); exists {
if !l.URL.Empty() { if !l.URLs.Empty() {
processLicenseURLs(l, value, &spdxc) processLicenseURLs(l, value, &spdxc)
continue continue
} }
@ -127,7 +127,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
// license string that are not valid spdx expressions or ids // license string that are not valid spdx expressions or ids
// we only use license Name here since we cannot guarantee that the license is a valid SPDX expression // we only use license Name here since we cannot guarantee that the license is a valid SPDX expression
if !l.URL.Empty() { if !l.URLs.Empty() {
processLicenseURLs(l, "", &otherc) processLicenseURLs(l, "", &otherc)
continue continue
} }
@ -141,7 +141,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
} }
func processLicenseURLs(l pkg.License, spdxID string, populate *cyclonedx.Licenses) { func processLicenseURLs(l pkg.License, spdxID string, populate *cyclonedx.Licenses) {
for _, url := range l.URL.ToSlice() { for _, url := range l.URLs.ToSlice() {
if spdxID == "" { if spdxID == "" {
*populate = append(*populate, cyclonedx.LicenseChoice{ *populate = append(*populate, cyclonedx.LicenseChoice{
License: &cyclonedx.License{ License: &cyclonedx.License{

8
syft/formats/common/cyclonedxhelpers/licenses_test.go
View File

@ -137,7 +137,7 @@ func Test_encodeLicense(t *testing.T) {
}, },
}, },
{ {
name: "with multiple URLs and single with no URL", name: "with multiple URLs and single with no URLs",
input: pkg.Package{ input: pkg.Package{
Licenses: pkg.NewLicenseSet( Licenses: pkg.NewLicenseSet(
pkg.NewLicense("MIT"), pkg.NewLicense("MIT"),
@ -224,7 +224,7 @@ func TestDecodeLicenses(t *testing.T) {
Value: "RandomLicense", Value: "RandomLicense",
// CycloneDX specification doesn't give a field for determining the license type // CycloneDX specification doesn't give a field for determining the license type
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
}, },
@ -244,7 +244,7 @@ func TestDecodeLicenses(t *testing.T) {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
}, },
@ -263,7 +263,7 @@ func TestDecodeLicenses(t *testing.T) {
Value: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0", Value: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
SPDXExpression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0", SPDXExpression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
}, },

4
syft/formats/syftjson/model/package.go
View File

@ -40,8 +40,8 @@ type License struct {
Value string `json:"value"` Value string `json:"value"`
SPDXExpression string `json:"spdxExpression"` SPDXExpression string `json:"spdxExpression"`
Type license.Type `json:"type"` Type license.Type `json:"type"`
URL []string `json:"url"` URLs []string `json:"urls"`
Location []source.Location `json:"locations"` Locations []source.Location `json:"locations"`
} }
func newModelLicensesFromValues(licenses []string) (ml []License) { func newModelLicensesFromValues(licenses []string) (ml []License) {

2
syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden
View File

@ -16,7 +16,7 @@
"value": "MIT", "value": "MIT",
"spdxExpression": "MIT", "spdxExpression": "MIT",
"type": "declared", "type": "declared",
"url": [], "urls": [],
"locations": [] "locations": []
} }
], ],

2
syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
View File

@ -16,7 +16,7 @@
"value": "MIT", "value": "MIT",
"spdxExpression": "MIT", "spdxExpression": "MIT",
"type": "declared", "type": "declared",
"url": [], "urls": [],
"locations": [] "locations": []
} }
], ],

2
syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden
View File

@ -17,7 +17,7 @@
"value": "MIT", "value": "MIT",
"spdxExpression": "MIT", "spdxExpression": "MIT",
"type": "declared", "type": "declared",
"url": [], "urls": [],
"locations": [] "locations": []
} }
], ],

6
syft/formats/syftjson/to_format_model.go
View File

@ -188,15 +188,15 @@ func toLicenseModel(pkgLicenses []pkg.License) (modelLicenses []model.License) {
for _, l := range pkgLicenses { for _, l := range pkgLicenses {
// guarantee collection // guarantee collection
locations := make([]source.Location, 0) locations := make([]source.Location, 0)
if v := l.Location.ToSlice(); v != nil { if v := l.Locations.ToSlice(); v != nil {
locations = v locations = v
} }
modelLicenses = append(modelLicenses, model.License{ modelLicenses = append(modelLicenses, model.License{
Value: l.Value, Value: l.Value,
SPDXExpression: l.SPDXExpression, SPDXExpression: l.SPDXExpression,
Type: l.Type, Type: l.Type,
URL: l.URL.ToSlice(), URLs: l.URLs.ToSlice(),
Location: locations, Locations: locations,
}) })
} }
return return

4
syft/formats/syftjson/to_syft_model.go
View File

@ -108,8 +108,8 @@ func toSyftLicenses(m []model.License) (p []pkg.License) {
Value: l.Value, Value: l.Value,
SPDXExpression: l.SPDXExpression, SPDXExpression: l.SPDXExpression,
Type: l.Type, Type: l.Type,
URL: internal.NewStringSet(l.URL...), URLs: internal.NewStringSet(l.URLs...),
Location: source.NewLocationSet(l.Location...), Locations: source.NewLocationSet(l.Locations...),
}) })
} }
return return

2
syft/pkg/cataloger/apkdb/parse_apk_db_test.go
View File

@ -684,7 +684,7 @@ func TestSinglePackageDetails(t *testing.T) {
test.expected.Locations = source.NewLocationSet(fixtureLocation) test.expected.Locations = source.NewLocationSet(fixtureLocation)
licenses := test.expected.Licenses.ToSlice() licenses := test.expected.Licenses.ToSlice()
for i := range licenses { for i := range licenses {
licenses[i].Location.Add(fixtureLocation) licenses[i].Locations.Add(fixtureLocation)
} }
test.expected.Licenses = pkg.NewLicenseSet(licenses...) test.expected.Licenses = pkg.NewLicenseSet(licenses...)
pkgtest.TestFileParser(t, test.fixture, parseApkDB, []pkg.Package{test.expected}, nil) pkgtest.TestFileParser(t, test.fixture, parseApkDB, []pkg.Package{test.expected}, nil)

16
syft/pkg/cataloger/golang/licenses_test.go
View File

@ -35,8 +35,8 @@ func Test_LocalLicenseSearch(t *testing.T) {
Value: "Apache-2.0", Value: "Apache-2.0",
SPDXExpression: "Apache-2.0", SPDXExpression: "Apache-2.0",
Type: license.Concluded, Type: license.Concluded,
Location: source.NewLocationSet(loc1), Locations: source.NewLocationSet(loc1),
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
{ {
@ -46,8 +46,8 @@ func Test_LocalLicenseSearch(t *testing.T) {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Concluded, Type: license.Concluded,
Location: source.NewLocationSet(loc2), Locations: source.NewLocationSet(loc2),
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
} }
@ -126,8 +126,8 @@ func Test_RemoteProxyLicenseSearch(t *testing.T) {
Value: "Apache-2.0", Value: "Apache-2.0",
SPDXExpression: "Apache-2.0", SPDXExpression: "Apache-2.0",
Type: license.Concluded, Type: license.Concluded,
Location: source.NewLocationSet(loc1), Locations: source.NewLocationSet(loc1),
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
{ {
@ -137,8 +137,8 @@ func Test_RemoteProxyLicenseSearch(t *testing.T) {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Concluded, Type: license.Concluded,
Location: source.NewLocationSet(loc2), Locations: source.NewLocationSet(loc2),
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
}, },
}, },
} }

2
syft/pkg/cataloger/php/parse_installed_json_test.go
View File

@ -135,7 +135,7 @@ func TestParseInstalledJsonComposerV1(t *testing.T) {
expectedPkgs[i].Locations = locations expectedPkgs[i].Locations = locations
locationLicenses := pkg.NewLicenseSet() locationLicenses := pkg.NewLicenseSet()
for _, license := range expectedPkgs[i].Licenses.ToSlice() { for _, license := range expectedPkgs[i].Licenses.ToSlice() {
license.Location = locations license.Locations = locations
locationLicenses.Add(license) locationLicenses.Add(license)
} }
expectedPkgs[i].Licenses = locationLicenses expectedPkgs[i].Licenses = locationLicenses

26
syft/pkg/license.go
View File

@ -14,7 +14,7 @@ import (
var _ sort.Interface = (*Licenses)(nil) var _ sort.Interface = (*Licenses)(nil)
// License represents an SPDX Expression or license value extracted from a packages metadata // License represents an SPDX Expression or license value extracted from a packages metadata
// We want to ignore URL and Location since we merge these fields across equal licenses. // We want to ignore URLs and Location since we merge these fields across equal licenses.
// A License is a unique combination of value, expression and type, where // A License is a unique combination of value, expression and type, where
// its sources are always considered merged and additions to the evidence // its sources are always considered merged and additions to the evidence
// of where it was found and how it was sourced. // of where it was found and how it was sourced.
@ -26,8 +26,8 @@ type License struct {
Value string `json:"value"` Value string `json:"value"`
SPDXExpression string `json:"spdxExpression"` SPDXExpression string `json:"spdxExpression"`
Type license.Type `json:"type"` Type license.Type `json:"type"`
URL internal.StringSet `hash:"ignore"` URLs internal.StringSet `hash:"ignore"`
Location source.LocationSet `hash:"ignore"` Locations source.LocationSet `hash:"ignore"`
} }
type Licenses []License type Licenses []License
@ -40,7 +40,7 @@ func (l Licenses) Less(i, j int) bool {
if l[i].Value == l[j].Value { if l[i].Value == l[j].Value {
if l[i].SPDXExpression == l[j].SPDXExpression { if l[i].SPDXExpression == l[j].SPDXExpression {
if l[i].Type == l[j].Type { if l[i].Type == l[j].Type {
// While URL and location are not exclusive fields // While URLs and location are not exclusive fields
// returning true here reduces the number of swaps // returning true here reduces the number of swaps
// while keeping a consistent sort order of // while keeping a consistent sort order of
// the order that they appear in the list initially // the order that they appear in the list initially
@ -69,8 +69,8 @@ func NewLicense(value string) License {
Value: value, Value: value,
SPDXExpression: spdxExpression, SPDXExpression: spdxExpression,
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
Location: source.NewLocationSet(), Locations: source.NewLocationSet(),
} }
} }
@ -84,8 +84,8 @@ func NewLicenseFromType(value string, t license.Type) License {
Value: value, Value: value,
SPDXExpression: spdxExpression, SPDXExpression: spdxExpression,
Type: t, Type: t,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
Location: source.NewLocationSet(), Locations: source.NewLocationSet(),
} }
} }
@ -109,7 +109,7 @@ func NewLicensesFromLocation(location source.Location, values ...string) (licens
func NewLicenseFromLocations(value string, locations ...source.Location) License { func NewLicenseFromLocations(value string, locations ...source.Location) License {
l := NewLicense(value) l := NewLicense(value)
for _, loc := range locations { for _, loc := range locations {
l.Location.Add(loc) l.Locations.Add(loc)
} }
return l return l
} }
@ -118,7 +118,7 @@ func NewLicenseFromURLs(value string, urls ...string) License {
l := NewLicense(value) l := NewLicense(value)
for _, u := range urls { for _, u := range urls {
if u != "" { if u != "" {
l.URL.Add(u) l.URLs.Add(u)
} }
} }
return l return l
@ -141,11 +141,11 @@ func (s License) Merge(l License) (*License, error) {
return nil, fmt.Errorf("cannot merge licenses with different hash") return nil, fmt.Errorf("cannot merge licenses with different hash")
} }
s.URL.Add(l.URL.ToSlice()...) s.URLs.Add(l.URLs.ToSlice()...)
if s.Location.Empty() && l.Location.Empty() { if s.Locations.Empty() && l.Locations.Empty() {
return &s, nil return &s, nil
} }
s.Location.Add(l.Location.ToSlice()...) s.Locations.Add(l.Locations.ToSlice()...)
return &s, nil return &s, nil
} }

4
syft/pkg/license_set.go
View File

@ -34,8 +34,8 @@ func (s *LicenseSet) addToExisting(license License) (id artifact.ID, merged bool
return id, false, nil return id, false, nil
} }
// we got the same id; we want to merge the URL and Location data // we got the same id; we want to merge the URLs and Location data
// URL/Location are not considered when taking the Hash // URLs/Location are not considered when taking the Hash
m, err := v.Merge(license) m, err := v.Merge(license)
if err != nil { if err != nil {
return id, false, fmt.Errorf("could not merge license into map: %w", err) return id, false, fmt.Errorf("could not merge license into map: %w", err)

12
syft/pkg/license_set_test.go
View File

@ -97,8 +97,8 @@ func TestLicenseSet_Add(t *testing.T) {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet("https://example.com"), URLs: internal.NewStringSet("https://example.com"),
Location: source.NewLocationSet(source.NewLocation("/place")), Locations: source.NewLocationSet(source.NewLocation("/place")),
}, },
}, },
}, },
@ -115,15 +115,15 @@ func TestLicenseSet_Add(t *testing.T) {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Concluded, Type: license.Concluded,
URL: internal.NewStringSet(), URLs: internal.NewStringSet(),
Location: source.NewLocationSet(), Locations: source.NewLocationSet(),
}, },
{ {
Value: "MIT", Value: "MIT",
SPDXExpression: "MIT", SPDXExpression: "MIT",
Type: license.Declared, Type: license.Declared,
URL: internal.NewStringSet("https://example.com"), URLs: internal.NewStringSet("https://example.com"),
Location: source.NewLocationSet(source.NewLocation("/place")), Locations: source.NewLocationSet(source.NewLocation("/place")),
}, },
}, },
}, },

4
syft/pkg/license_test.go
View File

@ -21,8 +21,8 @@ func Test_Hash(t *testing.T) {
lic1 := NewLicenseFromLocations("MIT", loc1) lic1 := NewLicenseFromLocations("MIT", loc1)
lic2 := NewLicenseFromLocations("MIT", loc2) lic2 := NewLicenseFromLocations("MIT", loc2)
lic1.URL.Add("foo") lic1.URLs.Add("foo")
lic2.URL.Add("bar") // we also want to check the URL are ignored lic2.URLs.Add("bar") // we also want to check the URLs are ignored
hash1, err := artifact.IDByHash(lic1) hash1, err := artifact.IDByHash(lic1)
require.NoError(t, err) require.NoError(t, err)