From ecab44bba18eb3318b663bf13a912ba605447a4f Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Tue, 2 Nov 2021 13:45:34 -0400 Subject: [PATCH] Add SPDX tag-value format object (#605) * add new spdx tag-value format Signed-off-by: Alex Goodman * remove public presenter package Signed-off-by: Alex Goodman --- cmd/packages.go | 20 +- go.mod | 1 + go.sum | 2 + internal/formats/common/testutils/utils.go | 2 +- internal/formats/formats.go | 2 + internal/formats/spdx22tagvalue/encoder.go | 17 ++ .../spdx22tagvalue/encoder_test.go} | 13 +- internal/formats/spdx22tagvalue/format.go | 13 ++ .../test-fixtures/image-simple/Dockerfile | 0 .../test-fixtures/image-simple/file-1.txt | 0 .../test-fixtures/image-simple/file-2.txt | 0 .../TestSPDXTagValueDirectoryPresenter.golden | 0 .../TestSPDXTagValueImagePresenter.golden | 0 .../stereoscope-fixture-image-simple.golden | Bin 15360 -> 15360 bytes .../spdx22tagvalue/to_format_model.go} | 45 ++--- .../packages/model/spdx22/annotation.go | 21 -- .../packages/model/spdx22/checksum.go | 7 - .../packages/model/spdx22/creation_info.go | 19 -- .../packages/model/spdx22/document.go | 45 ----- .../packages/model/spdx22/element.go | 12 -- .../packages/model/spdx22/element_id.go | 37 ---- .../model/spdx22/external_document_ref.go | 9 - .../packages/model/spdx22/external_ref.go | 43 ---- .../presenter/packages/model/spdx22/file.go | 41 ---- .../spdx22/has_extracted_licensing_info.go | 14 -- .../presenter/packages/model/spdx22/item.go | 22 --- .../packages/model/spdx22/package.go | 50 ----- .../model/spdx22/package_verification_code.go | 23 --- .../packages/model/spdx22/relationship.go | 183 ------------------ .../packages/model/spdx22/snippet.go | 32 --- .../packages/model/spdx22/version.go | 3 - .../TestCycloneDxDirectoryPresenter.golden | 34 ---- .../TestCycloneDxImagePresenter.golden | 34 ---- .../TestJSONDirectoryPresenter.golden | 86 -------- .../snapshot/TestJSONImagePresenter.golden | 108 ----------- .../TestSPDXJSONDirectoryPresenter.golden | 79 -------- .../TestSPDXJSONImagePresenter.golden | 61 ------ syft/event/parsers/parsers.go | 9 +- syft/presenter/packages/presenter.go | 27 --- syft/presenter/packages/presenter_config.go | 14 -- syft/presenter/presenter.go | 9 - .../package_ownership_relationship_test.go | 10 +- 42 files changed, 73 insertions(+), 1074 deletions(-) create mode 100644 internal/formats/spdx22tagvalue/encoder.go rename internal/{presenter/packages/spdx_tag_value_presenter_test.go => formats/spdx22tagvalue/encoder_test.go} (71%) create mode 100644 internal/formats/spdx22tagvalue/format.go rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/image-simple/Dockerfile (100%) rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/image-simple/file-1.txt (100%) rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/image-simple/file-2.txt (100%) rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/snapshot/TestSPDXTagValueDirectoryPresenter.golden (100%) rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/snapshot/TestSPDXTagValueImagePresenter.golden (100%) rename internal/{presenter/packages => formats/spdx22tagvalue}/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden (82%) rename internal/{presenter/packages/spdx_tag_value_presenter.go => formats/spdx22tagvalue/to_format_model.go} (91%) delete mode 100644 internal/presenter/packages/model/spdx22/annotation.go delete mode 100644 internal/presenter/packages/model/spdx22/checksum.go delete mode 100644 internal/presenter/packages/model/spdx22/creation_info.go delete mode 100644 internal/presenter/packages/model/spdx22/document.go delete mode 100644 internal/presenter/packages/model/spdx22/element.go delete mode 100644 internal/presenter/packages/model/spdx22/element_id.go delete mode 100644 internal/presenter/packages/model/spdx22/external_document_ref.go delete mode 100644 internal/presenter/packages/model/spdx22/external_ref.go delete mode 100644 internal/presenter/packages/model/spdx22/file.go delete mode 100644 internal/presenter/packages/model/spdx22/has_extracted_licensing_info.go delete mode 100644 internal/presenter/packages/model/spdx22/item.go delete mode 100644 internal/presenter/packages/model/spdx22/package.go delete mode 100644 internal/presenter/packages/model/spdx22/package_verification_code.go delete mode 100644 internal/presenter/packages/model/spdx22/relationship.go delete mode 100644 internal/presenter/packages/model/spdx22/snippet.go delete mode 100644 internal/presenter/packages/model/spdx22/version.go delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestJSONDirectoryPresenter.golden delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestJSONImagePresenter.golden delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONDirectoryPresenter.golden delete mode 100644 internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONImagePresenter.golden delete mode 100644 syft/presenter/packages/presenter.go delete mode 100644 syft/presenter/packages/presenter_config.go delete mode 100644 syft/presenter/presenter.go diff --git a/cmd/packages.go b/cmd/packages.go index b18919415..aff7a5790 100644 --- a/cmd/packages.go +++ b/cmd/packages.go @@ -6,19 +6,18 @@ import ( "io/ioutil" "os" - "github.com/anchore/syft/syft/format" - "github.com/anchore/stereoscope" "github.com/anchore/syft/internal" "github.com/anchore/syft/internal/anchore" "github.com/anchore/syft/internal/bus" + "github.com/anchore/syft/internal/formats" "github.com/anchore/syft/internal/log" "github.com/anchore/syft/internal/ui" "github.com/anchore/syft/syft" "github.com/anchore/syft/syft/distro" "github.com/anchore/syft/syft/event" + "github.com/anchore/syft/syft/format" "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/presenter/packages" "github.com/anchore/syft/syft/source" "github.com/pkg/profile" "github.com/spf13/cobra" @@ -239,6 +238,12 @@ func packagesExecWorker(userInput string) <-chan error { go func() { defer close(errs) + f := formats.ByOption(packagesPresenterOpt) + if f == nil { + errs <- fmt.Errorf("unknown format: %s", packagesPresenterOpt) + return + } + checkForApplicationUpdate() src, cleanup, err := source.New(userInput, appConfig.Registry.ToOptions()) @@ -262,13 +267,8 @@ func packagesExecWorker(userInput string) <-chan error { } bus.Publish(partybus.Event{ - Type: event.PresenterReady, - Value: packages.Presenter(packagesPresenterOpt, packages.PresenterConfig{ - SourceMetadata: src.Metadata, - Catalog: catalog, - Distro: d, - Scope: appConfig.Package.Cataloger.ScopeOpt, - }), + Type: event.PresenterReady, + Value: f.Presenter(catalog, &src.Metadata, d, appConfig.Package.Cataloger.ScopeOpt), }) }() return errs diff --git a/go.mod b/go.mod index 6ced4fdbd..ab81ee2f6 100644 --- a/go.mod +++ b/go.mod @@ -40,6 +40,7 @@ require ( github.com/stretchr/testify v1.7.0 github.com/vifraa/gopom v0.1.0 github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 + github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240 github.com/wagoodman/jotframe v0.0.0-20200730190914-3517092dd163 github.com/x-cray/logrus-prefixed-formatter v0.5.2 diff --git a/go.sum b/go.sum index 0a24fea7f..b5a637240 100644 --- a/go.sum +++ b/go.sum @@ -757,6 +757,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/wagoodman/go-partybus v0.0.0-20200526224238-eb215533f07d/go.mod h1:JPirS5jde/CF5qIjcK4WX+eQmKXdPc6vcZkJ/P0hfPw= github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 h1:phTLPgMRDYTizrBSKsNSOa2zthoC2KsJsaY/8sg3rD8= github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5/go.mod h1:JPirS5jde/CF5qIjcK4WX+eQmKXdPc6vcZkJ/P0hfPw= +github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b h1:uWNQ0khA6RdFzODOMwKo9XXu7fuewnnkHykUtuKru8s= +github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b/go.mod h1:ewlIKbKV8l+jCj8rkdXIs361ocR5x3qGyoCSca47Gx8= github.com/wagoodman/go-progress v0.0.0-20200621122631-1a2120f0695a/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240 h1:r6BlIP7CVZtMlxUQhT40h1IE1TzEgKVqwmsVGuscvdk= github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= diff --git a/internal/formats/common/testutils/utils.go b/internal/formats/common/testutils/utils.go index a28aeb8bc..887cd92aa 100644 --- a/internal/formats/common/testutils/utils.go +++ b/internal/formats/common/testutils/utils.go @@ -10,10 +10,10 @@ import ( "github.com/anchore/stereoscope/pkg/imagetest" "github.com/anchore/syft/syft/distro" "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/presenter" "github.com/anchore/syft/syft/source" "github.com/sergi/go-diff/diffmatchpatch" "github.com/stretchr/testify/assert" + "github.com/wagoodman/go-presenter" ) type redactor func(s []byte) []byte diff --git a/internal/formats/formats.go b/internal/formats/formats.go index bb6e15733..aa5dcc649 100644 --- a/internal/formats/formats.go +++ b/internal/formats/formats.go @@ -5,6 +5,7 @@ import ( "github.com/anchore/syft/internal/formats/cyclonedx12xml" "github.com/anchore/syft/internal/formats/spdx22json" + "github.com/anchore/syft/internal/formats/spdx22tagvalue" "github.com/anchore/syft/internal/formats/syftjson" "github.com/anchore/syft/internal/formats/table" "github.com/anchore/syft/internal/formats/text" @@ -18,6 +19,7 @@ func All() []format.Format { table.Format(), cyclonedx12xml.Format(), spdx22json.Format(), + spdx22tagvalue.Format(), text.Format(), } } diff --git a/internal/formats/spdx22tagvalue/encoder.go b/internal/formats/spdx22tagvalue/encoder.go new file mode 100644 index 000000000..239766ca5 --- /dev/null +++ b/internal/formats/spdx22tagvalue/encoder.go @@ -0,0 +1,17 @@ +package spdx22tagvalue + +import ( + "io" + + "github.com/spdx/tools-golang/tvsaver" + + "github.com/anchore/syft/syft/distro" + + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/source" +) + +func encoder(output io.Writer, catalog *pkg.Catalog, srcMetadata *source.Metadata, d *distro.Distro, scope source.Scope) error { + model := toFormatModel(catalog, srcMetadata, d, scope) + return tvsaver.Save2_2(&model, output) +} diff --git a/internal/presenter/packages/spdx_tag_value_presenter_test.go b/internal/formats/spdx22tagvalue/encoder_test.go similarity index 71% rename from internal/presenter/packages/spdx_tag_value_presenter_test.go rename to internal/formats/spdx22tagvalue/encoder_test.go index 95dd4a793..fe9182b1e 100644 --- a/internal/presenter/packages/spdx_tag_value_presenter_test.go +++ b/internal/formats/spdx22tagvalue/encoder_test.go @@ -1,19 +1,22 @@ -package packages +package spdx22tagvalue import ( "flag" "regexp" "testing" + "github.com/anchore/syft/syft/source" + "github.com/anchore/syft/internal/formats/common/testutils" + "github.com/anchore/syft/syft/format" ) var updateSpdxTagValue = flag.Bool("update-spdx-tv", false, "update the *.golden files for spdx-tv presenters") func TestSPDXTagValueDirectoryPresenter(t *testing.T) { - catalog, metadata, _ := testutils.DirectoryInput(t) + catalog, metadata, d := testutils.DirectoryInput(t) testutils.AssertPresenterAgainstGoldenSnapshot(t, - NewSPDXTagValuePresenter(catalog, metadata), + format.NewPresenter(encoder, catalog, &metadata, d, source.UnknownScope), *updateSpdxTagValue, spdxTagValueRedactor, ) @@ -21,9 +24,9 @@ func TestSPDXTagValueDirectoryPresenter(t *testing.T) { func TestSPDXTagValueImagePresenter(t *testing.T) { testImage := "image-simple" - catalog, metadata, _ := testutils.ImageInput(t, testImage) + catalog, metadata, d := testutils.ImageInput(t, testImage, testutils.FromSnapshot()) testutils.AssertPresenterAgainstGoldenImageSnapshot(t, - NewSPDXTagValuePresenter(catalog, metadata), + format.NewPresenter(encoder, catalog, &metadata, d, source.SquashedScope), testImage, *updateSpdxTagValue, spdxTagValueRedactor, diff --git a/internal/formats/spdx22tagvalue/format.go b/internal/formats/spdx22tagvalue/format.go new file mode 100644 index 000000000..33214b399 --- /dev/null +++ b/internal/formats/spdx22tagvalue/format.go @@ -0,0 +1,13 @@ +package spdx22tagvalue + +import "github.com/anchore/syft/syft/format" + +// note: this format is LOSSY relative to the syftjson formation, which means that decoding and validation is not supported at this time +func Format() format.Format { + return format.NewFormat( + format.SPDXTagValueOption, + encoder, + nil, + nil, + ) +} diff --git a/internal/presenter/packages/test-fixtures/image-simple/Dockerfile b/internal/formats/spdx22tagvalue/test-fixtures/image-simple/Dockerfile similarity index 100% rename from internal/presenter/packages/test-fixtures/image-simple/Dockerfile rename to internal/formats/spdx22tagvalue/test-fixtures/image-simple/Dockerfile diff --git a/internal/presenter/packages/test-fixtures/image-simple/file-1.txt b/internal/formats/spdx22tagvalue/test-fixtures/image-simple/file-1.txt similarity index 100% rename from internal/presenter/packages/test-fixtures/image-simple/file-1.txt rename to internal/formats/spdx22tagvalue/test-fixtures/image-simple/file-1.txt diff --git a/internal/presenter/packages/test-fixtures/image-simple/file-2.txt b/internal/formats/spdx22tagvalue/test-fixtures/image-simple/file-2.txt similarity index 100% rename from internal/presenter/packages/test-fixtures/image-simple/file-2.txt rename to internal/formats/spdx22tagvalue/test-fixtures/image-simple/file-2.txt diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXTagValueDirectoryPresenter.golden b/internal/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryPresenter.golden similarity index 100% rename from internal/presenter/packages/test-fixtures/snapshot/TestSPDXTagValueDirectoryPresenter.golden rename to internal/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryPresenter.golden diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXTagValueImagePresenter.golden b/internal/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueImagePresenter.golden similarity index 100% rename from internal/presenter/packages/test-fixtures/snapshot/TestSPDXTagValueImagePresenter.golden rename to internal/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueImagePresenter.golden diff --git a/internal/presenter/packages/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/internal/formats/spdx22tagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden similarity index 82% rename from internal/presenter/packages/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden rename to internal/formats/spdx22tagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index a5985f95c4f36dfec9b67737ea614680187f8ae7..c1b1d2b797ecd34a5276a1aa2fb18c5b0a58c732 100644 GIT binary patch delta 1038 zcmb`GJxjw-7=?2UinS_e!Ga)499&f1_kJdsGWY@NrXZ*Y_ai~4LhVqILf1|r+5HpQ z{1yJA8bN9saEim74)-3;dCnd7hy8@|5Kw{~TUi3k)!nRoon-1o0HD)P^pMaO@gOQH-T=R(GG z8Al5lrjP-KQW?j~K0^>duA-v347WA)gtZ;-6d7DdZFPKs)c8q=6i zi3z5HY>mjYNI_0jygl+~Mb1jVKa<_9h{&cq_nOVxpC-ScpS7zg?%0ZdRCnsZV6arI IZCuWO0ci3H=>Px# delta 1012 zcmb_byGjE=6y3>cFvbKln1CP=Ev%G#@4R+WMbQXir(h$(%nZkr!I6OmpEd_q=8%qsgc*4M1#!l`cjP5x16vP0$i?mn!d!K}h1rDhC)lqm7R_ zsA575##?;t4>}m20M4;E3IZTR6u}W>mL)l3Z)_jL8K?&|J>)$}=aK~1QTATxw$~6L zBLaolFg(aM!pGk)=ELx%av1~)QfZylHgd5}T_QXhqa!ECxis<0rINfYWO7BETb~#& ztf#_)BkLo~`qkUkvTjha&@I1pXN=AIrO5|I=uLYCiYf?BB2%*TGQHcO{gU=z@M6Ob~t6rAc53!ZoWGWS3yCGwI^#J ja=9qyv|ca$HL^SUES-J+#2evN*_U`c9&hKn?fcCyL@)@I diff --git a/internal/presenter/packages/spdx_tag_value_presenter.go b/internal/formats/spdx22tagvalue/to_format_model.go similarity index 91% rename from internal/presenter/packages/spdx_tag_value_presenter.go rename to internal/formats/spdx22tagvalue/to_format_model.go index 19974ecb8..456191d3a 100644 --- a/internal/presenter/packages/spdx_tag_value_presenter.go +++ b/internal/formats/spdx22tagvalue/to_format_model.go @@ -1,40 +1,23 @@ -package packages +package spdx22tagvalue import ( "fmt" - "io" "time" - "github.com/anchore/syft/internal/formats/common/spdxhelpers" - - "github.com/anchore/syft/internal/spdxlicense" - "github.com/anchore/syft/internal" + "github.com/anchore/syft/internal/formats/common/spdxhelpers" + "github.com/anchore/syft/internal/spdxlicense" "github.com/anchore/syft/internal/version" + "github.com/anchore/syft/syft/distro" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/source" "github.com/spdx/tools-golang/spdx" - "github.com/spdx/tools-golang/tvsaver" ) -// SPDXTagValuePresenter is a SPDX presentation object for the syft results (see https://github.com/spdx/spdx-spec) -type SPDXTagValuePresenter struct { - catalog *pkg.Catalog - srcMetadata source.Metadata -} - -// NewJSONPresenter creates a new JSON presenter object for the given cataloging results. -func NewSPDXTagValuePresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *SPDXTagValuePresenter { - return &SPDXTagValuePresenter{ - catalog: catalog, - srcMetadata: srcMetadata, - } -} - -// Present the catalog results to the given writer. -// nolint: funlen -func (pres *SPDXTagValuePresenter) Present(output io.Writer) error { - doc := spdx.Document2_2{ +// toFormatModel creates and populates a new JSON document struct that follows the SPDX 2.2 spec from the given cataloging results. +// nolint:funlen +func toFormatModel(catalog *pkg.Catalog, srcMetadata *source.Metadata, _ *distro.Distro, _ source.Scope) spdx.Document2_2 { + return spdx.Document2_2{ CreationInfo: &spdx.CreationInfo2_2{ // 2.1: SPDX Version; should be in the format "SPDX-2.2" // Cardinality: mandatory, one @@ -50,7 +33,7 @@ func (pres *SPDXTagValuePresenter) Present(output io.Writer) error { // 2.4: Document Name // Cardinality: mandatory, one - DocumentName: pres.srcMetadata.ImageMetadata.UserInput, + DocumentName: srcMetadata.ImageMetadata.UserInput, // 2.5: Document Namespace // Cardinality: mandatory, one @@ -69,7 +52,7 @@ func (pres *SPDXTagValuePresenter) Present(output io.Writer) error { // In many cases, the URI will point to a web accessible document, but this should not be assumed // to be the case. - DocumentNamespace: fmt.Sprintf("https://anchore.com/syft/image/%s", pres.srcMetadata.ImageMetadata.UserInput), + DocumentNamespace: fmt.Sprintf("https://anchore.com/syft/image/%s", srcMetadata.ImageMetadata.UserInput), // 2.6: External Document References // Cardinality: optional, one or many @@ -98,18 +81,16 @@ func (pres *SPDXTagValuePresenter) Present(output io.Writer) error { // Cardinality: optional, one DocumentComment: "", }, - Packages: pres.packages(), + Packages: toFormatPackages(catalog), } - - return tvsaver.Save2_2(&doc, output) } // packages populates all Package Information from the package Catalog (see https://spdx.github.io/spdx-spec/3-package-information/) // nolint: funlen -func (pres *SPDXTagValuePresenter) packages() map[spdx.ElementID]*spdx.Package2_2 { +func toFormatPackages(catalog *pkg.Catalog) map[spdx.ElementID]*spdx.Package2_2 { results := make(map[spdx.ElementID]*spdx.Package2_2) - for p := range pres.catalog.Enumerate() { + for p := range catalog.Enumerate() { // name should be guaranteed to be unique, but semantically useful and stable id := fmt.Sprintf("Package-%+v-%s", p.Type, p.Name) diff --git a/internal/presenter/packages/model/spdx22/annotation.go b/internal/presenter/packages/model/spdx22/annotation.go deleted file mode 100644 index 048d4c31e..000000000 --- a/internal/presenter/packages/model/spdx22/annotation.go +++ /dev/null @@ -1,21 +0,0 @@ -package spdx22 - -import "time" - -type AnnotationType string - -const ( - ReviewerAnnotationType AnnotationType = "REVIEWER" - OtherAnnotationType AnnotationType = "OTHER" -) - -type Annotation struct { - // Identify when the comment was made. This is to be specified according to the combined date and time in the - // UTC format, as specified in the ISO 8601 standard. - AnnotationDate time.Time `json:"annotationDate"` - // Type of the annotation - AnnotationType AnnotationType `json:"annotationType"` - // This field identifies the person, organization or tool that has commented on a file, package, or the entire document. - Annotator string `json:"annotator"` - Comment string `json:"comment"` -} diff --git a/internal/presenter/packages/model/spdx22/checksum.go b/internal/presenter/packages/model/spdx22/checksum.go deleted file mode 100644 index e137343c9..000000000 --- a/internal/presenter/packages/model/spdx22/checksum.go +++ /dev/null @@ -1,7 +0,0 @@ -package spdx22 - -type Checksum struct { - // Identifies the algorithm used to produce the subject Checksum. One of: "SHA256", "SHA1", "SHA384", "MD2", "MD4", "SHA512", "MD6", "MD5", "SHA224" - Algorithm string `json:"algorithm"` - ChecksumValue string `json:"checksumValue"` -} diff --git a/internal/presenter/packages/model/spdx22/creation_info.go b/internal/presenter/packages/model/spdx22/creation_info.go deleted file mode 100644 index 5ec0cb505..000000000 --- a/internal/presenter/packages/model/spdx22/creation_info.go +++ /dev/null @@ -1,19 +0,0 @@ -package spdx22 - -import "time" - -type CreationInfo struct { - Comment string `json:"comment,omitempty"` - // Identify when the SPDX file was originally created. The date is to be specified according to combined date and - // time in UTC format as specified in ISO 8601 standard. This field is distinct from the fields in section 8, - // which involves the addition of information during a subsequent review. - Created time.Time `json:"created"` - // Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an - // individual, indicate the person's name. If the SPDX file was created on behalf of a company or organization, - // indicate the entity name. If the SPDX file was created using a software tool, indicate the name and version - // for that tool. If multiple participants or tools were involved, use multiple instances of this field. Person - // name or organization name may be designated as “anonymous” if appropriate. - Creators []string `json:"creators"` - // An optional field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created. - LicenseListVersion string `json:"licenseListVersion"` -} diff --git a/internal/presenter/packages/model/spdx22/document.go b/internal/presenter/packages/model/spdx22/document.go deleted file mode 100644 index 1c9ab1f2a..000000000 --- a/internal/presenter/packages/model/spdx22/document.go +++ /dev/null @@ -1,45 +0,0 @@ -package spdx22 - -// derived from: -// - https://spdx.github.io/spdx-spec/appendix-III-RDF-data-model-implementation-and-identifier-syntax/ -// - https://github.com/spdx/spdx-spec/blob/v2.2/schemas/spdx-schema.json -// - https://github.com/spdx/spdx-spec/tree/v2.2/ontology - -type Document struct { - Element - SPDXVersion string `json:"spdxVersion"` - // One instance is required for each SPDX file produced. It provides the necessary information for forward - // and backward compatibility for processing tools. - CreationInfo CreationInfo `json:"creationInfo"` - // 2.2: Data License; should be "CC0-1.0" - // Cardinality: mandatory, one - // License expression for dataLicense. Compliance with the SPDX specification includes populating the SPDX - // fields therein with data related to such fields (\"SPDX-Metadata\"). The SPDX specification contains numerous - // fields where an SPDX document creator may provide relevant explanatory text in SPDX-Metadata. Without - // opining on the lawfulness of \"database rights\" (in jurisdictions where applicable), such explanatory text - // is copyrightable subject matter in most Berne Convention countries. By using the SPDX specification, or any - // portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any - // SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative - // Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree - // and acknowledge that the SPDX-Metadata is provided to you \"as-is\" and without any representations or - // warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including - // without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement, - // or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not - // discoverable, all to the greatest extent permissible under applicable law. - DataLicense string `json:"dataLicense"` - // Information about an external SPDX document reference including the checksum. This allows for verification of the external references. - ExternalDocumentRefs []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"` - // Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument. - HasExtractedLicensingInfos []HasExtractedLicensingInfo `json:"hasExtractedLicensingInfos,omitempty"` - // note: found in example documents from SPDX, but not in the JSON schema. See https://spdx.github.io/spdx-spec/2-document-creation-information/#25-spdx-document-namespace - DocumentNamespace string `json:"documentNamespace"` - // note: found in example documents from SPDX, but not in the JSON schema - // DocumentDescribes []string `json:"documentDescribes"` - Packages []Package `json:"packages"` - // Files referenced in the SPDX document - Files []File `json:"files,omitempty"` - // Snippets referenced in the SPDX document - Snippets []Snippet `json:"snippets,omitempty"` - // Relationships referenced in the SPDX document - Relationships []Relationship `json:"relationships,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/element.go b/internal/presenter/packages/model/spdx22/element.go deleted file mode 100644 index 65f3ae756..000000000 --- a/internal/presenter/packages/model/spdx22/element.go +++ /dev/null @@ -1,12 +0,0 @@ -package spdx22 - -type Element struct { - SPDXID string `json:"SPDXID"` - // Identify name of this SpdxElement. - Name string `json:"name"` - // Relationships referenced in the SPDX document - Relationships []Relationship `json:"relationships,omitempty"` - // Provide additional information about an SpdxElement. - Annotations []Annotation `json:"annotations,omitempty"` - Comment string `json:"comment,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/element_id.go b/internal/presenter/packages/model/spdx22/element_id.go deleted file mode 100644 index bf2f871f3..000000000 --- a/internal/presenter/packages/model/spdx22/element_id.go +++ /dev/null @@ -1,37 +0,0 @@ -package spdx22 - -// ElementID represents the identifier string portion of an SPDX element -// identifier. DocElementID should be used for any attributes which can -// contain identifiers defined in a different SPDX document. -// ElementIDs should NOT contain the mandatory 'SPDXRef-' portion. -type ElementID string - -func (e ElementID) String() string { - return "SPDXRef-" + string(e) -} - -// DocElementID represents an SPDX element identifier that could be defined -// in a different SPDX document, and therefore could have a "DocumentRef-" -// portion, such as Relationship and Annotations. -// ElementID is used for attributes in which a "DocumentRef-" portion cannot -// appear, such as a Package or File definition (since it is necessarily -// being defined in the present document). -// DocumentRefID will be the empty string for elements defined in the -// present document. -// DocElementIDs should NOT contain the mandatory 'DocumentRef-' or -// 'SPDXRef-' portions. -type DocElementID struct { - DocumentRefID string - ElementRefID ElementID -} - -// RenderDocElementID takes a DocElementID and returns the string equivalent, -// with the SPDXRef- prefix (and, if applicable, the DocumentRef- prefix) -// reinserted. -func (d DocElementID) String() string { - prefix := "" - if d.DocumentRefID != "" { - prefix = "DocumentRef-" + d.DocumentRefID + ":" - } - return prefix + d.ElementRefID.String() -} diff --git a/internal/presenter/packages/model/spdx22/external_document_ref.go b/internal/presenter/packages/model/spdx22/external_document_ref.go deleted file mode 100644 index 3aa830f5b..000000000 --- a/internal/presenter/packages/model/spdx22/external_document_ref.go +++ /dev/null @@ -1,9 +0,0 @@ -package spdx22 - -type ExternalDocumentRef struct { - // externalDocumentId is a string containing letters, numbers, ., - and/or + which uniquely identifies an external document within this document. - ExternalDocumentID string `json:"externalDocumentId"` - Checksum Checksum `json:"checksum"` - // SPDX ID for SpdxDocument. A propoerty containing an SPDX document. - SpdxDocument string `json:"spdxDocument"` -} diff --git a/internal/presenter/packages/model/spdx22/external_ref.go b/internal/presenter/packages/model/spdx22/external_ref.go deleted file mode 100644 index e34e4f64b..000000000 --- a/internal/presenter/packages/model/spdx22/external_ref.go +++ /dev/null @@ -1,43 +0,0 @@ -package spdx22 - -type ReferenceCategory string - -const ( - SecurityReferenceCategory ReferenceCategory = "SECURITY" - PackageManagerReferenceCategory ReferenceCategory = "PACKAGE_MANAGER" - OtherReferenceCategory ReferenceCategory = "OTHER" -) - -// source: https://spdx.github.io/spdx-spec/appendix-VI-external-repository-identifiers/ - -type ExternalRefType string - -const ( - // see https://nvd.nist.gov/cpe - Cpe22ExternalRefType ExternalRefType = "cpe22Type" - // see https://nvd.nist.gov/cpe - Cpe23ExternalRefType ExternalRefType = "cpe23Type" - // see http://repo1.maven.org/maven2/ - MavenCentralExternalRefType ExternalRefType = "maven-central" - // see https://www.npmjs.com/ - NpmExternalRefType ExternalRefType = "npm" - // see https://www.nuget.org/ - NugetExternalRefType ExternalRefType = "nuget" - // see http://bower.io/ - BowerExternalRefType ExternalRefType = "bower" - // see https://github.com/package-url/purl-spec - PurlExternalRefType ExternalRefType = "purl" - // These point to objects present in the Software Heritage archive by the means of SoftWare Heritage persistent Identifiers (SWHID) - SwhExternalRefType ExternalRefType = "swh" -) - -type ExternalRef struct { - Comment string `json:"comment,omitempty"` - // Category for the external reference. - ReferenceCategory ReferenceCategory `json:"referenceCategory"` - // The unique string with no spaces necessary to access the package-specific information, metadata, or content - // within the target location. The format of the locator is subject to constraints defined by the . - ReferenceLocator string `json:"referenceLocator"` - // Type of the external reference. These are defined in an appendix in the SPDX specification. - ReferenceType ExternalRefType `json:"referenceType"` -} diff --git a/internal/presenter/packages/model/spdx22/file.go b/internal/presenter/packages/model/spdx22/file.go deleted file mode 100644 index eefe05472..000000000 --- a/internal/presenter/packages/model/spdx22/file.go +++ /dev/null @@ -1,41 +0,0 @@ -package spdx22 - -type FileType string - -const ( - DocumentationFileType FileType = "DOCUMENTATION" - ImageFileType FileType = "IMAGE" - VideoFileType FileType = "VIDEO" - ArchiveFileType FileType = "ARCHIVE" - SpdxFileType FileType = "SPDX" - ApplicationFileType FileType = "APPLICATION" - SourceFileType FileType = "SOURCE" - BinaryFileType FileType = "BINARY" - TextFileType FileType = "TEXT" - AudioFileType FileType = "AUDIO" - OtherFileType FileType = "OTHER" -) - -type File struct { - Item - // (At least one is required.) The checksum property provides a mechanism that can be used to verify that the - // contents of a File or Package have not changed. - Checksums []Checksum `json:"checksums,omitempty"` - // This field provides a place for the SPDX file creator to record file contributors. Contributors could include - // names of copyright holders and/or authors who may not be copyright holders yet contributed to the file content. - FileContributors []string `json:"fileContributors,omitempty"` - // Each element is a SPDX ID for a File. - FileDependencies []string `json:"fileDependencies,omitempty"` - // The name of the file relative to the root of the package. - FileName string `json:"fileName"` - // The type of the file - FileTypes []string `json:"fileTypes,omitempty"` - // This field provides a place for the SPDX file creator to record potential legal notices found in the file. - // This may or may not include copyright statements. - NoticeText string `json:"noticeText,omitempty"` - // Indicates the project in which the SpdxElement originated. Tools must preserve doap:homepage and doap:name - // properties and the URI (if one is known) of doap:Project resources that are values of this property. All other - // properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or - // from some SPDX formats(deprecated). - ArtifactOf []string `json:"artifactOf,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/has_extracted_licensing_info.go b/internal/presenter/packages/model/spdx22/has_extracted_licensing_info.go deleted file mode 100644 index acf73ab4d..000000000 --- a/internal/presenter/packages/model/spdx22/has_extracted_licensing_info.go +++ /dev/null @@ -1,14 +0,0 @@ -package spdx22 - -type HasExtractedLicensingInfo struct { - // Verbatim license or licensing notice text that was discovered. - ExtractedText string `json:"extractedText"` - // A human readable short form license identifier for a license. The license ID is iether on the standard license - // oist or the form \"LicenseRef-\"[idString] where [idString] is a unique string containing letters, - // numbers, \".\", \"-\" or \"+\". - LicenseID string `json:"licenseId"` - Comment string `json:"comment,omitempty"` - // Identify name of this SpdxElement. - Name string `json:"name,omitempty"` - SeeAlsos []string `json:"seeAlsos,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/item.go b/internal/presenter/packages/model/spdx22/item.go deleted file mode 100644 index ce42f2ad2..000000000 --- a/internal/presenter/packages/model/spdx22/item.go +++ /dev/null @@ -1,22 +0,0 @@ -package spdx22 - -type Item struct { - Element - // The licenseComments property allows the preparer of the SPDX document to describe why the licensing in - // spdx:licenseConcluded was chosen. - LicenseComments string `json:"licenseComments,omitempty"` - LicenseConcluded string `json:"licenseConcluded"` - // The licensing information that was discovered directly within the package. There will be an instance of this - // property for each distinct value of alllicenseInfoInFile properties of all files contained in the package. - LicenseInfoFromFiles []string `json:"licenseInfoFromFiles,omitempty"` - // Licensing information that was discovered directly in the subject file. This is also considered a declared license for the file. - LicenseInfoInFiles []string `json:"licenseInfoInFiles,omitempty"` - // The text of copyright declarations recited in the Package or File. - CopyrightText string `json:"copyrightText,omitempty"` - // This field provides a place for the SPDX data creator to record acknowledgements that may be required to be - // communicated in some contexts. This is not meant to include the actual complete license text (see - // licenseConculded and licenseDeclared), and may or may not include copyright notices (see also copyrightText). - // The SPDX data creator may use this field to record other acknowledgements, such as particular clauses from - // license texts, which may be necessary or desirable to reproduce. - AttributionTexts []string `json:"attributionTexts,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/package.go b/internal/presenter/packages/model/spdx22/package.go deleted file mode 100644 index b35b83c2f..000000000 --- a/internal/presenter/packages/model/spdx22/package.go +++ /dev/null @@ -1,50 +0,0 @@ -package spdx22 - -type Package struct { - Item - // The checksum property provides a mechanism that can be used to verify that the contents of a File or - // Package have not changed. - Checksums []Checksum `json:"checksums,omitempty"` - // Provides a detailed description of the package. - Description string `json:"description,omitempty"` - // The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are - // acceptable as values of this property. The values http://spdx.org/rdf/terms#none and http://spdx.org/rdf/terms#noassertion - // may be used to specify that the package is not downloadable or that no attempt was made to determine its - // download location, respectively. - DownloadLocation string `json:"downloadLocation,omitempty"` - // An External Reference allows a Package to reference an external source of additional information, metadata, - // enumerations, asset identifiers, or downloadable content believed to be relevant to the Package. - ExternalRefs []ExternalRef `json:"externalRefs,omitempty"` - // Indicates whether the file content of this package has been available for or subjected to analysis when - // creating the SPDX document. If false indicates packages that represent metadata or URI references to a - // project, product, artifact, distribution or a component. If set to false, the package must not contain any files - FilesAnalyzed bool `json:"filesAnalyzed"` - // Indicates that a particular file belongs to a package (elements are SPDX ID for a File). - HasFiles []string `json:"hasFiles,omitempty"` - // Provide a place for the SPDX file creator to record a web site that serves as the package's home page. - // This link can also be used to reference further information about the package referenced by the SPDX file creator. - Homepage string `json:"homepage,omitempty"` - // List the licenses that have been declared by the authors of the package. Any license information that does not - // originate from the package authors, e.g. license information from a third party repository, should not be included in this field. - LicenseDeclared string `json:"licenseDeclared"` - // The name and, optionally, contact information of the person or organization that originally created the package. - // Values of this property must conform to the agent and tool syntax. - Originator string `json:"originator,omitempty"` - // The base name of the package file name. For example, zlib-1.2.5.tar.gz. - PackageFileName string `json:"packageFileName,omitempty"` - // A manifest based verification code (the algorithm is defined in section 4.7 of the full specification) of the - // SPDX Item. This allows consumers of this data and/or database to determine if an SPDX item they have in hand - // is identical to the SPDX item from which the data was produced. This algorithm works even if the SPDX document - // is included in the SPDX item. - PackageVerificationCode *PackageVerificationCode `json:"packageVerificationCode,omitempty"` - // Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source. - SourceInfo string `json:"sourceInfo,omitempty"` - // Provides a short description of the package. - Summary string `json:"summary,omitempty"` - // The name and, optionally, contact information of the person or organization who was the immediate supplier - // of this package to the recipient. The supplier may be different than originator when the software has been - // repackaged. Values of this property must conform to the agent and tool syntax. - Supplier string `json:"supplier,omitempty"` - // Provides an indication of the version of the package that is described by this SpdxDocument. - VersionInfo string `json:"versionInfo,omitempty"` -} diff --git a/internal/presenter/packages/model/spdx22/package_verification_code.go b/internal/presenter/packages/model/spdx22/package_verification_code.go deleted file mode 100644 index 603fcb158..000000000 --- a/internal/presenter/packages/model/spdx22/package_verification_code.go +++ /dev/null @@ -1,23 +0,0 @@ -package spdx22 - -// Why are there two package identifier fields Package Checksum and Package Verification? -// Although the values of the two fields Package Checksum and Package Verification are similar, they each serve a -// different purpose. The Package Checksum provides a unique identifier of a software package which is computed by -// taking the SHA1 of the entire software package file. This enables one to quickly determine if two different copies -// of a package are the same. One disadvantage of this approach is that one cannot add an SPDX data file into the -// original package without changing the Package Checksum value. Alternatively, the Package Verification field enables -// the inclusion of an SPDX file. It enables one to quickly verify if one or more of the original package files has -// changed. The Package Verification field is a unique identifier that is based on SHAing only the original package -// files (e.g., excluding the SPDX file). This allows one to add an SPDX file to the original package without changing -// this unique identifier. -// source: https://wiki.spdx.org/view/SPDX_FAQ -type PackageVerificationCode struct { - // "A file that was excluded when calculating the package verification code. This is usually a file containing - // SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded - // from the package verification code. If this is not done it would be impossible to correctly calculate the - // verification codes in both files. - PackageVerificationCodeExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"` - - // The actual package verification code as a hex encoded value. - PackageVerificationCodeValue string `json:"packageVerificationCodeValue"` -} diff --git a/internal/presenter/packages/model/spdx22/relationship.go b/internal/presenter/packages/model/spdx22/relationship.go deleted file mode 100644 index ca99a879e..000000000 --- a/internal/presenter/packages/model/spdx22/relationship.go +++ /dev/null @@ -1,183 +0,0 @@ -package spdx22 - -type Relationship struct { - // Id to which the SPDX element is related - SpdxElementID string `json:"spdxElementId"` - // Describes the type of relationship between two SPDX elements. - RelationshipType RelationshipType `json:"relationshipType"` - // SPDX ID for SpdxElement. A related SpdxElement. - RelatedSpdxElement string `json:"relatedSpdxElement"` - Comment string `json:"comment,omitempty"` -} - -// source: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ -type RelationshipType string - -const ( - // DescribedByRelationship is to be used when SPDXRef-A is described by SPDXREF-Document. - // Example: The package 'WildFly' is described by SPDX document WildFly.spdx. - DescribedByRelationship RelationshipType = "DESCRIBED_BY" - - // ContainsRelationship is to be used when SPDXRef-A contains SPDXRef-B. - // Example: An ARCHIVE file bar.tgz contains a SOURCE file foo.c. - ContainsRelationship RelationshipType = "CONTAINS" - - // ContainedByRelationship is to be used when SPDXRef-A is contained by SPDXRef-B. - // Example: A SOURCE file foo.c is contained by ARCHIVE file bar.tgz - ContainedByRelationship RelationshipType = "CONTAINED_BY" - - // DependsOnRelationship is to be used when SPDXRef-A depends on SPDXRef-B. - // Example: Package A depends on the presence of package B in order to build and run - DependsOnRelationship RelationshipType = "DEPENDS_ON" - - // DependencyOfRelationship is to be used when SPDXRef-A is dependency of SPDXRef-B. - // Example: A is explicitly stated as a dependency of B in a machine-readable file. Use when a package manager does not define scopes. - DependencyOfRelationship RelationshipType = "DEPENDENCY_OF" - - // DependencyManifestOfRelationship is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B. - // Example: A file package.json is the dependency manifest of a package foo. Note that only one manifest should be used to define the same dependency graph. - DependencyManifestOfRelationship RelationshipType = "DEPENDENCY_MANIFEST_OF" - - // BuildDependencyOfRelationship is to be used when SPDXRef-A is a build dependency of SPDXRef-B. - // Example: A is in the compile scope of B in a Maven project. - BuildDependencyOfRelationship RelationshipType = "BUILD_DEPENDENCY_OF" - - // DevDependencyOfRelationship is to be used when SPDXRef-A is a development dependency of SPDXRef-B. - // Example: A is in the devDependencies scope of B in a Maven project. - DevDependencyOfRelationship RelationshipType = "DEV_DEPENDENCY_OF" - - // OptionalDependencyOfRelationship is to be used when SPDXRef-A is an optional dependency of SPDXRef-B. - // Example: Use when building the code will proceed even if a dependency cannot be found, fails to install, or is only installed on a specific platform. For example, A is in the optionalDependencies scope of npm project B. - OptionalDependencyOfRelationship RelationshipType = "OPTIONAL_DEPENDENCY_OF" - - // ProvidedDependencyOfRelationship is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B. - // Example: A is in the provided scope of B in a Maven project, indicating that the project expects it to be provided, for instance, by the container or JDK. - ProvidedDependencyOfRelationship RelationshipType = "PROVIDED_DEPENDENCY_OF" - - // TestDependencyOfRelationship is to be used when SPDXRef-A is a test dependency of SPDXRef-B. - // Example: A is in the test scope of B in a Maven project. - TestDependencyOfRelationship RelationshipType = "TEST_DEPENDENCY_OF" - - // RuntimeDependencyOfRelationship is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B. - // Example: A is in the runtime scope of B in a Maven project. - RuntimeDependencyOfRelationship RelationshipType = "RUNTIME_DEPENDENCY_OF" - - // ExampleOfRelationship is to be used when SPDXRef-A is an example of SPDXRef-B. - // Example: The file or snippet that illustrates how to use an application or library. - ExampleOfRelationship RelationshipType = "EXAMPLE_OF" - - // GeneratesRelationship is to be used when SPDXRef-A generates SPDXRef-B. - // Example: A SOURCE file makefile.mk generates a BINARY file a.out - GeneratesRelationship RelationshipType = "GENERATES" - - // GeneratedFromRelationship is to be used when SPDXRef-A was generated from SPDXRef-B. - // Example: A BINARY file a.out has been generated from a SOURCE file makefile.mk. A BINARY file foolib.a is generated from a SOURCE file bar.c. - GeneratedFromRelationship RelationshipType = "GENERATED_FROM" - - // AncestorOfRelationship is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B. - // Example: A SOURCE file makefile.mk is a version of the original ancestor SOURCE file 'makefile2.mk' - AncestorOfRelationship RelationshipType = "ANCESTOR_OF" - - // DescendantOfRelationship is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B. - // Example: A SOURCE file makefile2.mk is a descendant of the original SOURCE file 'makefile.mk' - DescendantOfRelationship RelationshipType = "DESCENDANT_OF" - - // VariantOfRelationship is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B. - // Example: A SOURCE file makefile2.mk is a variant of SOURCE file makefile.mk if they differ by some edit, but there is no way to tell which came first (no reliable date information). - VariantOfRelationship RelationshipType = "VARIANT_OF" - - // DistributionArtifactRelationship is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed. - // Example: A BINARY file foo.o requires that the ARCHIVE file bar-sources.tgz be made available on distribution. - DistributionArtifactRelationship RelationshipType = "DISTRIBUTION_ARTIFACT" - - // PatchForRelationship is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B. - // Example: A SOURCE file foo.diff is a patch file for SOURCE file foo.c. - PatchForRelationship RelationshipType = "PATCH_FOR" - - // PatchAppliedRelationship is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B. - // Example: A SOURCE file foo.diff is a patch file that has been applied to SOURCE file 'foo-patched.c'. - PatchAppliedRelationship RelationshipType = "PATCH_APPLIED" - - // CopyOfRelationship is to be used when SPDXRef-A is an exact copy of SPDXRef-B. - // Example: A BINARY file alib.a is an exact copy of BINARY file a2lib.a. - CopyOfRelationship RelationshipType = "COPY_OF" - - // FileAddedRelationship is to be used when SPDXRef-A is a file that was added to SPDXRef-B. - // Example: A SOURCE file foo.c has been added to package ARCHIVE bar.tgz. - FileAddedRelationship RelationshipType = "FILE_ADDED" - - // FileDeletedRelationship is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B. - // Example: A SOURCE file foo.diff has been deleted from package ARCHIVE bar.tgz. - FileDeletedRelationship RelationshipType = "FILE_DELETED" - - // FileModifiedRelationship is to be used when SPDXRef-A is a file that was modified from SPDXRef-B. - // Example: A SOURCE file foo.c has been modified from SOURCE file foo.orig.c. - FileModifiedRelationship RelationshipType = "FILE_MODIFIED" - - // ExpandedFromArchiveRelationship is to be used when SPDXRef-A is expanded from the archive SPDXRef-B. - // Example: A SOURCE file foo.c, has been expanded from the archive ARCHIVE file xyz.tgz. - ExpandedFromArchiveRelationship RelationshipType = "EXPANDED_FROM_ARCHIVE" - - // DynamicLinkRelationship is to be used when SPDXRef-A dynamically links to SPDXRef-B. - // Example: An APPLICATION file 'myapp' dynamically links to BINARY file zlib.so. - DynamicLinkRelationship RelationshipType = "DYNAMIC_LINK" - - // StaticLinkRelationship is to be used when SPDXRef-A statically links to SPDXRef-B. - // Example: An APPLICATION file 'myapp' statically links to BINARY zlib.a. - StaticLinkRelationship RelationshipType = "STATIC_LINK" - - // DataFileOfRelationship is to be used when SPDXRef-A is a data file used in SPDXRef-B. - // Example: An IMAGE file 'kitty.jpg' is a data file of an APPLICATION 'hellokitty'. - DataFileOfRelationship RelationshipType = "DATA_FILE_OF" - - // TestCaseOfRelationship is to be used when SPDXRef-A is a test case used in testing SPDXRef-B. - // Example: A SOURCE file testMyCode.java is a unit test file used to test an APPLICATION MyPackage. - TestCaseOfRelationship RelationshipType = "TEST_CASE_OF" - - // BuildToolOfRelationship is to be used when SPDXRef-A is used to build SPDXRef-B. - // Example: A SOURCE file makefile.mk is used to build an APPLICATION 'zlib'. - BuildToolOfRelationship RelationshipType = "BUILD_TOOL_OF" - - // DevToolOfRelationship is to be used when SPDXRef-A is used as a development tool for SPDXRef-B. - // Example: Any tool used for development such as a code debugger. - DevToolOfRelationship RelationshipType = "DEV_TOOL_OF" - - // TestOfRelationship is to be used when SPDXRef-A is used for testing SPDXRef-B. - // Example: Generic relationship for cases where it's clear that something is used for testing but unclear whether it's TEST_CASE_OF or TEST_TOOL_OF. - TestOfRelationship RelationshipType = "TEST_OF" - - // TestToolOfRelationship is to be used when SPDXRef-A is used as a test tool for SPDXRef-B. - // Example: Any tool used to test the code such as ESlint. - TestToolOfRelationship RelationshipType = "TEST_TOOL_OF" - - // DocumentationOfRelationship is to be used when SPDXRef-A provides documentation of SPDXRef-B. - // Example: A DOCUMENTATION file readme.txt documents the APPLICATION 'zlib'. - DocumentationOfRelationship RelationshipType = "DOCUMENTATION_OF" - - // OptionalComponentOfRelationship is to be used when SPDXRef-A is an optional component of SPDXRef-B. - // Example: A SOURCE file fool.c (which is in the contributors directory) may or may not be included in the build of APPLICATION 'atthebar'. - OptionalComponentOfRelationship RelationshipType = "OPTIONAL_COMPONENT_OF" - - // MetafileOfRelationship is to be used when SPDXRef-A is a metafile of SPDXRef-B. - // Example: A SOURCE file pom.xml is a metafile of the APPLICATION 'Apache Xerces'. - MetafileOfRelationship RelationshipType = "METAFILE_OF" - - // PackageOfRelationship is to be used when SPDXRef-A is used as a package as part of SPDXRef-B. - // Example: A Linux distribution contains an APPLICATION package gawk as part of the distribution MyLinuxDistro. - PackageOfRelationship RelationshipType = "PACKAGE_OF" - - // AmendsRelationship is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B. - // Example: (Current) SPDX document A version 2 contains a correction to a previous version of the SPDX document A version 1. Note the reserved identifier SPDXRef-DOCUMENT for the current document is required. - AmendsRelationship RelationshipType = "AMENDS" - - // PrerequisiteForRelationship is to be used when SPDXRef-A is a prerequisite for SPDXRef-B. - // Example: A library bar.dll is a prerequisite or dependency for APPLICATION foo.exe - PrerequisiteForRelationship RelationshipType = "PREREQUISITE_FOR" - - // HasPrerequisiteRelationship is to be used when SPDXRef-A has as a prerequisite SPDXRef-B. - // Example: An APPLICATION foo.exe has prerequisite or dependency on bar.dll - HasPrerequisiteRelationship RelationshipType = "HAS_PREREQUISITE" - - // OtherRelationship is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field. - OtherRelationship RelationshipType = "OTHER" -) diff --git a/internal/presenter/packages/model/spdx22/snippet.go b/internal/presenter/packages/model/spdx22/snippet.go deleted file mode 100644 index 5b9ae639e..000000000 --- a/internal/presenter/packages/model/spdx22/snippet.go +++ /dev/null @@ -1,32 +0,0 @@ -package spdx22 - -type StartPointer struct { - Offset int `json:"offset,omitempty"` - LineNumber int `json:"lineNumber,omitempty"` - // SPDX ID for File - Reference string `json:"reference"` -} - -type EndPointer struct { - Offset int `json:"offset,omitempty"` - LineNumber int `json:"lineNumber,omitempty"` - // SPDX ID for File - Reference string `json:"reference"` -} - -type Range struct { - StartPointer StartPointer `json:"startPointer"` - EndPointer EndPointer `json:"endPointer"` -} - -type Snippet struct { - Item - // Licensing information that was discovered directly in the subject snippet. This is also considered a declared - // license for the snippet. (elements are license expressions) - LicenseInfoInSnippets []string `json:"licenseInfoInSnippets"` - // SPDX ID for File. File containing the SPDX element (e.g. the file contaning a snippet). - SnippetFromFile string `json:"snippetFromFile"` - // (At least 1 range is required). This field defines the byte range in the original host file (in X.2) that the - // snippet information applies to. - Ranges []Range `json:"ranges"` -} diff --git a/internal/presenter/packages/model/spdx22/version.go b/internal/presenter/packages/model/spdx22/version.go deleted file mode 100644 index 492d3ff1f..000000000 --- a/internal/presenter/packages/model/spdx22/version.go +++ /dev/null @@ -1,3 +0,0 @@ -package spdx22 - -const Version = "SPDX-2.2" diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden deleted file mode 100644 index 5c473495a..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden +++ /dev/null @@ -1,34 +0,0 @@ - - - - 2021-06-23T13:40:33-04:00 - - - anchore - syft - [not provided] - - - - /some/path - - - - - - package-1 - 1.0.1 - - - MIT - - - a-purl-2 - - - package-2 - 2.0.1 - a-purl-2 - - - diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden deleted file mode 100644 index d81de3a32..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden +++ /dev/null @@ -1,34 +0,0 @@ - - - - 2021-06-23T13:40:33-04:00 - - - anchore - syft - [not provided] - - - - user-image-input - sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368 - - - - - package-1 - 1.0.1 - - - MIT - - - a-purl-1 - - - package-2 - 2.0.1 - a-purl-2 - - - diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestJSONDirectoryPresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestJSONDirectoryPresenter.golden deleted file mode 100644 index 2abdef222..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestJSONDirectoryPresenter.golden +++ /dev/null @@ -1,86 +0,0 @@ -{ - "artifacts": [ - { - "id": "package-1-id", - "name": "package-1", - "version": "1.0.1", - "type": "python", - "foundBy": "the-cataloger-1", - "locations": [ - { - "path": "/some/path/pkg1" - } - ], - "licenses": [ - "MIT" - ], - "language": "python", - "cpes": [ - "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" - ], - "purl": "a-purl-2", - "metadataType": "PythonPackageMetadata", - "metadata": { - "name": "package-1", - "version": "1.0.1", - "license": "", - "author": "", - "authorEmail": "", - "platform": "", - "files": [ - { - "path": "/some/path/pkg1/depedencies/foo" - } - ], - "sitePackagesRootPath": "" - } - }, - { - "id": "package-2-id", - "name": "package-2", - "version": "2.0.1", - "type": "deb", - "foundBy": "the-cataloger-2", - "locations": [ - { - "path": "/some/path/pkg1" - } - ], - "licenses": [], - "language": "", - "cpes": [ - "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" - ], - "purl": "a-purl-2", - "metadataType": "DpkgMetadata", - "metadata": { - "package": "package-2", - "source": "", - "version": "2.0.1", - "sourceVersion": "", - "architecture": "", - "maintainer": "", - "installedSize": 0, - "files": null - } - } - ], - "artifactRelationships": [], - "source": { - "type": "directory", - "target": "/some/path" - }, - "distro": { - "name": "debian", - "version": "1.2.3", - "idLike": "like!" - }, - "descriptor": { - "name": "syft", - "version": "[not provided]" - }, - "schema": { - "version": "1.1.0", - "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-1.1.0.json" - } -} diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestJSONImagePresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestJSONImagePresenter.golden deleted file mode 100644 index abcda45b5..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestJSONImagePresenter.golden +++ /dev/null @@ -1,108 +0,0 @@ -{ - "artifacts": [ - { - "id": "package-1-id", - "name": "package-1", - "version": "1.0.1", - "type": "python", - "foundBy": "the-cataloger-1", - "locations": [ - { - "path": "/somefile-1.txt", - "layerID": "sha256:ffb5e9eaa453a002110719d12c294960117ca2903953d1faa40f01dc3f77045c" - } - ], - "licenses": [ - "MIT" - ], - "language": "python", - "cpes": [ - "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" - ], - "purl": "a-purl-1", - "metadataType": "PythonPackageMetadata", - "metadata": { - "name": "package-1", - "version": "1.0.1", - "license": "", - "author": "", - "authorEmail": "", - "platform": "", - "sitePackagesRootPath": "" - } - }, - { - "id": "package-2-id", - "name": "package-2", - "version": "2.0.1", - "type": "deb", - "foundBy": "the-cataloger-2", - "locations": [ - { - "path": "/somefile-2.txt", - "layerID": "sha256:8463854829fc53d47b9dcdf7ee79fe7eb4ca7933c910f67f8521412f7a2f5c21" - } - ], - "licenses": [], - "language": "", - "cpes": [ - "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" - ], - "purl": "a-purl-2", - "metadataType": "DpkgMetadata", - "metadata": { - "package": "package-2", - "source": "", - "version": "2.0.1", - "sourceVersion": "", - "architecture": "", - "maintainer": "", - "installedSize": 0, - "files": null - } - } - ], - "artifactRelationships": [], - "source": { - "type": "image", - "target": { - "userInput": "user-image-input", - "imageID": "sha256:112851310e48e604f7379e2a3acddab50e91ce926edacb598a532e60ff6b776a", - "manifestDigest": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", - "mediaType": "application/vnd.docker.distribution.manifest.v2+json", - "tags": [ - "stereoscope-fixture-image-simple:85066c51088bdd274f7a89e99e00490f666c49e72ffc955707cd6e18f0e22c5b" - ], - "imageSize": 38, - "layers": [ - { - "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:ffb5e9eaa453a002110719d12c294960117ca2903953d1faa40f01dc3f77045c", - "size": 22 - }, - { - "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:8463854829fc53d47b9dcdf7ee79fe7eb4ca7933c910f67f8521412f7a2f5c21", - "size": 16 - } - ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2NzMsImRpZ2VzdCI6InNoYTI1NjoxMTI4NTEzMTBlNDhlNjA0ZjczNzllMmEzYWNkZGFiNTBlOTFjZTkyNmVkYWNiNTk4YTUzMmU2MGZmNmI3NzZhIn0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpmZmI1ZTllYWE0NTNhMDAyMTEwNzE5ZDEyYzI5NDk2MDExN2NhMjkwMzk1M2QxZmFhNDBmMDFkYzNmNzcwNDVjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2Ojg0NjM4NTQ4MjlmYzUzZDQ3YjlkY2RmN2VlNzlmZTdlYjRjYTc5MzNjOTEwZjY3Zjg1MjE0MTJmN2EyZjVjMjEifV19", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMDktMDhUMTc6MjE6NTguODk2NTI5MTkyWiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTA5LTA4VDE3OjIxOjU4Ljg3OTY5MDgyNFoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMDktMDhUMTc6MjE6NTguODk2NTI5MTkyWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6ZmZiNWU5ZWFhNDUzYTAwMjExMDcxOWQxMmMyOTQ5NjAxMTdjYTI5MDM5NTNkMWZhYTQwZjAxZGMzZjc3MDQ1YyIsInNoYTI1Njo4NDYzODU0ODI5ZmM1M2Q0N2I5ZGNkZjdlZTc5ZmU3ZWI0Y2E3OTMzYzkxMGY2N2Y4NTIxNDEyZjdhMmY1YzIxIl19fQ==", - "repoDigests": [], - "scope": "Squashed" - } - }, - "distro": { - "name": "debian", - "version": "1.2.3", - "idLike": "like!" - }, - "descriptor": { - "name": "syft", - "version": "[not provided]" - }, - "schema": { - "version": "1.1.0", - "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-1.1.0.json" - } -} diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONDirectoryPresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONDirectoryPresenter.golden deleted file mode 100644 index a9fa1b587..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONDirectoryPresenter.golden +++ /dev/null @@ -1,79 +0,0 @@ -{ - "SPDXID": "SPDXRef-DOCUMENT", - "name": "/some/path", - "spdxVersion": "SPDX-2.2", - "creationInfo": { - "created": "2021-10-12T18:40:22.948394Z", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-[not provided]" - ], - "licenseListVersion": "3.14" - }, - "dataLicense": "CC0-1.0", - "documentNamespace": "https:/anchore.com/syft/dir/some/path-98ae71fb-f276-4c5c-acf7-25770bf7bca2", - "packages": [ - { - "SPDXID": "SPDXRef-Package-python-package-1-1.0.1", - "name": "package-1", - "licenseConcluded": "MIT", - "downloadLocation": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "referenceType": "cpe23Type" - }, - { - "referenceCategory": "PACKAGE_MANAGER", - "referenceLocator": "a-purl-2", - "referenceType": "purl" - } - ], - "filesAnalyzed": false, - "hasFiles": [ - "SPDXRef-File-package-1-efae7fecc76ca25da40f79d7ef5b8933510434914835832c7976f3e866aa756a" - ], - "licenseDeclared": "MIT", - "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", - "versionInfo": "1.0.1" - }, - { - "SPDXID": "SPDXRef-Package-deb-package-2-2.0.1", - "name": "package-2", - "licenseConcluded": "NONE", - "downloadLocation": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "referenceType": "cpe23Type" - }, - { - "referenceCategory": "PACKAGE_MANAGER", - "referenceLocator": "a-purl-2", - "referenceType": "purl" - } - ], - "filesAnalyzed": false, - "licenseDeclared": "NONE", - "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", - "versionInfo": "2.0.1" - } - ], - "files": [ - { - "SPDXID": "SPDXRef-File-package-1-efae7fecc76ca25da40f79d7ef5b8933510434914835832c7976f3e866aa756a", - "name": "foo", - "licenseConcluded": "", - "fileName": "/some/path/pkg1/dependencies/foo" - } - ], - "relationships": [ - { - "spdxElementId": "SPDXRef-Package-python-package-1-1.0.1", - "relationshipType": "CONTAINS", - "relatedSpdxElement": "SPDXRef-File-package-1-efae7fecc76ca25da40f79d7ef5b8933510434914835832c7976f3e866aa756a" - } - ] -} diff --git a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONImagePresenter.golden b/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONImagePresenter.golden deleted file mode 100644 index 5d3456031..000000000 --- a/internal/presenter/packages/test-fixtures/snapshot/TestSPDXJSONImagePresenter.golden +++ /dev/null @@ -1,61 +0,0 @@ -{ - "SPDXID": "SPDXRef-DOCUMENT", - "name": "user-image-input", - "spdxVersion": "SPDX-2.2", - "creationInfo": { - "created": "2021-10-12T18:40:22.953633Z", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-[not provided]" - ], - "licenseListVersion": "3.14" - }, - "dataLicense": "CC0-1.0", - "documentNamespace": "https:/anchore.com/syft/image/user-image-input-149edbad-3c01-4ee0-b3a0-75232312bf51", - "packages": [ - { - "SPDXID": "SPDXRef-Package-python-package-1-1.0.1", - "name": "package-1", - "licenseConcluded": "MIT", - "downloadLocation": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", - "referenceType": "cpe23Type" - }, - { - "referenceCategory": "PACKAGE_MANAGER", - "referenceLocator": "a-purl-1", - "referenceType": "purl" - } - ], - "filesAnalyzed": false, - "licenseDeclared": "MIT", - "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", - "versionInfo": "1.0.1" - }, - { - "SPDXID": "SPDXRef-Package-deb-package-2-2.0.1", - "name": "package-2", - "licenseConcluded": "NONE", - "downloadLocation": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "referenceType": "cpe23Type" - }, - { - "referenceCategory": "PACKAGE_MANAGER", - "referenceLocator": "a-purl-2", - "referenceType": "purl" - } - ], - "filesAnalyzed": false, - "licenseDeclared": "NONE", - "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", - "versionInfo": "2.0.1" - } - ] -} diff --git a/syft/event/parsers/parsers.go b/syft/event/parsers/parsers.go index 16229b51f..d68086305 100644 --- a/syft/event/parsers/parsers.go +++ b/syft/event/parsers/parsers.go @@ -6,15 +6,12 @@ package parsers import ( "fmt" - "github.com/anchore/syft/syft/presenter" - - "github.com/anchore/syft/syft/file" - - "github.com/wagoodman/go-progress" - "github.com/anchore/syft/syft/event" + "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg/cataloger" "github.com/wagoodman/go-partybus" + "github.com/wagoodman/go-presenter" + "github.com/wagoodman/go-progress" ) type ErrBadPayload struct { diff --git a/syft/presenter/packages/presenter.go b/syft/presenter/packages/presenter.go deleted file mode 100644 index db30db8a8..000000000 --- a/syft/presenter/packages/presenter.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Defines a Presenter interface for displaying catalog results to an io.Writer as well as a helper utility to obtain -a specific Presenter implementation given user configuration. -*/ -package packages - -import ( - "github.com/anchore/syft/internal/formats" - "github.com/anchore/syft/internal/presenter/packages" - "github.com/anchore/syft/syft/format" - "github.com/anchore/syft/syft/presenter" -) - -// Presenter returns a presenter for images or directories -func Presenter(option format.Option, config PresenterConfig) presenter.Presenter { - switch option { - case format.SPDXTagValueOption: - return packages.NewSPDXTagValuePresenter(config.Catalog, config.SourceMetadata) - default: - // TODO: the final state is that all other cases would be replaced by formats.ByOption (wed remove this function entirely) - f := formats.ByOption(option) - if f == nil { - return nil - } - return f.Presenter(config.Catalog, &config.SourceMetadata, config.Distro, config.Scope) - } -} diff --git a/syft/presenter/packages/presenter_config.go b/syft/presenter/packages/presenter_config.go deleted file mode 100644 index d318e4288..000000000 --- a/syft/presenter/packages/presenter_config.go +++ /dev/null @@ -1,14 +0,0 @@ -package packages - -import ( - "github.com/anchore/syft/syft/distro" - "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/source" -) - -type PresenterConfig struct { - SourceMetadata source.Metadata - Catalog *pkg.Catalog - Distro *distro.Distro - Scope source.Scope -} diff --git a/syft/presenter/presenter.go b/syft/presenter/presenter.go deleted file mode 100644 index 823a2e38d..000000000 --- a/syft/presenter/presenter.go +++ /dev/null @@ -1,9 +0,0 @@ -package presenter - -import "io" - -// Presenter defines the expected behavior for an object responsible for displaying arbitrary input and processed data -// to a given io.Writer. -type Presenter interface { - Present(io.Writer) error -} diff --git a/test/integration/package_ownership_relationship_test.go b/test/integration/package_ownership_relationship_test.go index 3d4165b94..1e9fd55e0 100644 --- a/test/integration/package_ownership_relationship_test.go +++ b/test/integration/package_ownership_relationship_test.go @@ -5,9 +5,9 @@ import ( "encoding/json" "testing" + "github.com/anchore/syft/internal/formats/syftjson" syftjsonModel "github.com/anchore/syft/internal/formats/syftjson/model" - "github.com/anchore/syft/syft/format" - exportedPackages "github.com/anchore/syft/syft/presenter/packages" + "github.com/anchore/syft/syft/source" ) func TestPackageOwnershipRelationships(t *testing.T) { @@ -25,11 +25,7 @@ func TestPackageOwnershipRelationships(t *testing.T) { t.Run(test.fixture, func(t *testing.T) { catalog, d, src := catalogFixtureImage(t, test.fixture) - p := exportedPackages.Presenter(format.JSONOption, exportedPackages.PresenterConfig{ - SourceMetadata: src.Metadata, - Catalog: catalog, - Distro: d, - }) + p := syftjson.Format().Presenter(catalog, &src.Metadata, d, source.SquashedScope) if p == nil { t.Fatal("unable to get presenter") }