oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Align SPDX export more with SPDX 2.2 specification (#743)

Browse Source
This commit is contained in:
Keith Zantow 2022-01-13 15:27:06 -05:00 committed by GitHub
parent 706f291679
commit f59af255e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
internal/formats/common/spdxhelpers/originator_test.go
View File

@ -29,7 +29,7 @@ func Test_Originator(t *testing.T) {
}, },
}, },
}, },
expected: "auth1", expected: "Person: auth1",
}, },
{ {
name: "from npm", name: "from npm",
@ -38,7 +38,7 @@ func Test_Originator(t *testing.T) {
Author: "auth", Author: "auth",
}, },
}, },
expected: "auth", expected: "Person: auth",
}, },
{ {
name: "from apk", name: "from apk",
@ -47,7 +47,7 @@ func Test_Originator(t *testing.T) {
Maintainer: "auth", Maintainer: "auth",
}, },
}, },
expected: "auth", expected: "Person: auth",
}, },
{ {
name: "from python - just name", name: "from python - just name",
@ -56,7 +56,7 @@ func Test_Originator(t *testing.T) {
Author: "auth", Author: "auth",
}, },
}, },
expected: "auth", expected: "Person: auth",
}, },
{ {
name: "from python - just email", name: "from python - just email",
@ -65,7 +65,7 @@ func Test_Originator(t *testing.T) {
AuthorEmail: "auth@auth.gov", AuthorEmail: "auth@auth.gov",
}, },
}, },
expected: "auth@auth.gov", expected: "Person: auth@auth.gov",
}, },
{ {
name: "from python - both name and email", name: "from python - both name and email",
@ -75,7 +75,7 @@ func Test_Originator(t *testing.T) {
AuthorEmail: "auth@auth.gov", AuthorEmail: "auth@auth.gov",
}, },
}, },
expected: "auth <auth@auth.gov>", expected: "Person: auth (auth@auth.gov)",
}, },
{ {
name: "from rpm", name: "from rpm",
@ -84,7 +84,7 @@ func Test_Originator(t *testing.T) {
Vendor: "auth", Vendor: "auth",
}, },
}, },
expected: "auth", expected: "Organization: auth",
}, },
{ {
name: "from dpkg", name: "from dpkg",
@ -93,7 +93,7 @@ func Test_Originator(t *testing.T) {
Maintainer: "auth", Maintainer: "auth",
}, },
}, },
expected: "auth", expected: "Person: auth",
}, },
{ {
// note: since this is an optional field, no value is preferred over NONE or NOASSERTION // note: since this is an optional field, no value is preferred over NONE or NOASSERTION

28
internal/formats/common/spdxhelpers/origintor.go
View File

@ -6,31 +6,35 @@ import (
"github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg"
) )
// Originator needs to conform to the SPDX spec here:
// https://spdx.github.io/spdx-spec/package-information/#76-package-originator-field
// Available options are: <omit>, NOASSERTION, Person: <person>, Organization: <org>
func Originator(p pkg.Package) string { func Originator(p pkg.Package) string {
if hasMetadata(p) { if hasMetadata(p) {
author := ""
switch metadata := p.Metadata.(type) { switch metadata := p.Metadata.(type) {
case pkg.ApkMetadata: case pkg.ApkMetadata:
return metadata.Maintainer author = metadata.Maintainer
case pkg.NpmPackageJSONMetadata: case pkg.NpmPackageJSONMetadata:
return metadata.Author author = metadata.Author
case pkg.PythonPackageMetadata: case pkg.PythonPackageMetadata:
author := metadata.Author author = metadata.Author
if author == "" { if author == "" {
return metadata.AuthorEmail author = metadata.AuthorEmail
} else if metadata.AuthorEmail != "" {
author = fmt.Sprintf("%s (%s)", author, metadata.AuthorEmail)
} }
if metadata.AuthorEmail != "" {
author += fmt.Sprintf(" <%s>", metadata.AuthorEmail)
}
return author
case pkg.GemMetadata: case pkg.GemMetadata:
if len(metadata.Authors) > 0 { if len(metadata.Authors) > 0 {
return metadata.Authors[0] author = metadata.Authors[0]
} }
return ""
case pkg.RpmdbMetadata: case pkg.RpmdbMetadata:
return metadata.Vendor return "Organization: " + metadata.Vendor
case pkg.DpkgMetadata: case pkg.DpkgMetadata:
return metadata.Maintainer author = metadata.Maintainer
}
if author != "" {
return "Person: " + author
} }
} }
return "" return ""

2
internal/formats/spdx22json/model/element.go
View File

@ -3,7 +3,7 @@ package model
type Element struct { type Element struct {
SPDXID string `json:"SPDXID"` SPDXID string `json:"SPDXID"`
// Identify name of this SpdxElement. // Identify name of this SpdxElement.
Name string `json:"name"` Name string `json:"name,omitempty"`
// Relationships referenced in the SPDX document // Relationships referenced in the SPDX document
Relationships []Relationship `json:"relationships,omitempty"` Relationships []Relationship `json:"relationships,omitempty"`
// Provide additional information about an SpdxElement. // Provide additional information about an SpdxElement.

8
internal/formats/spdx22json/to_format_model.go
View File

@ -2,7 +2,6 @@ package spdx22json
import ( import (
"fmt" "fmt"
"path/filepath"
"sort" "sort"
"strings" "strings"
"time" "time"
@ -131,8 +130,7 @@ func toFiles(s sbom.SBOM) []model.File {
results = append(results, model.File{ results = append(results, model.File{
Item: model.Item{ Item: model.Item{
Element: model.Element{ Element: model.Element{
SPDXID: string(coordinates.ID()), SPDXID: model.ElementID(coordinates.ID()).String(),
Name: filepath.Base(coordinates.RealPath),
Comment: comment, Comment: comment,
}, },
// required, no attempt made to determine license information // required, no attempt made to determine license information
@ -206,9 +204,9 @@ func toRelationships(relationships []artifact.Relationship) (result []model.Rela
} }
result = append(result, model.Relationship{ result = append(result, model.Relationship{
SpdxElementID: string(r.From.ID()), SpdxElementID: model.ElementID(r.From.ID()).String(),
RelationshipType: relationshipType, RelationshipType: relationshipType,
RelatedSpdxElement: string(r.To.ID()), RelatedSpdxElement: model.ElementID(r.To.ID()).String(),
Comment: comment, Comment: comment,
}) })
} }