diff options
author | RishabhBhatnagar <bhatnagarrishabh4@gmail.com> | 2020-01-09 20:39:55 +0530 |
---|---|---|
committer | RishabhBhatnagar <bhatnagarrishabh4@gmail.com> | 2020-01-09 21:04:37 +0530 |
commit | cd59ee66408a908f7ef94548814514f6bc9fc906 (patch) | |
tree | 550b146d4de0cc00a4784147f7d8f2a7bc93cffe /spdx | |
parent | f4fef41a45620391fca6481f4700b89de170ab88 (diff) | |
download | spdx-tools-cd59ee66408a908f7ef94548814514f6bc9fc906.tar.gz |
Create Go Module
- Unpack directory v0 to move all the content to the root directory.
- ./v0/* converted to ./*
- all the test cases were fixed to remove one directory less indexing for test files
- add go.mod
- go version 1.13 is used to have a relatively stable versioning system
Signed-off-by: RishabhBhatnagar <bhatnagarrishabh4@gmail.com>
Diffstat (limited to 'spdx')
-rw-r--r-- | spdx/annotation.go | 29 | ||||
-rw-r--r-- | spdx/creation_info.go | 55 | ||||
-rw-r--r-- | spdx/document.go | 17 | ||||
-rw-r--r-- | spdx/file.go | 86 | ||||
-rw-r--r-- | spdx/other_license.go | 32 | ||||
-rw-r--r-- | spdx/package.go | 139 | ||||
-rw-r--r-- | spdx/relationship.go | 21 | ||||
-rw-r--r-- | spdx/review.go | 25 | ||||
-rw-r--r-- | spdx/snippet.go | 49 |
9 files changed, 453 insertions, 0 deletions
diff --git a/spdx/annotation.go b/spdx/annotation.go new file mode 100644 index 0000000..0846d62 --- /dev/null +++ b/spdx/annotation.go @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec. +type Annotation2_1 struct { + + // 8.1: Annotator + // Cardinality: conditional (mandatory, one) if there is an Annotation + Annotator string + // including AnnotatorType: one of "Person", "Organization" or "Tool" + AnnotatorType string + + // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationDate string + + // 8.3: Annotation Type: "REVIEW" or "OTHER" + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationType string + + // 8.4: SPDX Identifier Reference + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationSPDXIdentifier string + + // 8.5: Annotation Comment + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationComment string +} diff --git a/spdx/creation_info.go b/spdx/creation_info.go new file mode 100644 index 0000000..1d4355c --- /dev/null +++ b/spdx/creation_info.go @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// CreationInfo2_1 is a Document Creation Information section of an +// SPDX Document for version 2.1 of the spec. +type CreationInfo2_1 struct { + + // 2.1: SPDX Version; should be in the format "SPDX-2.1" + // Cardinality: mandatory, one + SPDXVersion string + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string + + // 2.3: SPDX Identifier; should be "SPDXRef-DOCUMENT" + // Cardinality: mandatory, one + SPDXIdentifier string + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []string + + // 2.7: License List Version + // Cardinality: optional, one + LicenseListVersion string + + // 2.8: Creators: may have multiple keys for Person, Organization + // and/or Tool + // Cardinality: mandatory, one or many + CreatorPersons []string + CreatorOrganizations []string + CreatorTools []string + + // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ + // Cardinality: mandatory, one + Created string + + // 2.10: Creator Comment + // Cardinality: optional, one + CreatorComment string + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string +} diff --git a/spdx/document.go b/spdx/document.go new file mode 100644 index 0000000..9f0c919 --- /dev/null +++ b/spdx/document.go @@ -0,0 +1,17 @@ +// Package spdx contains the struct definition for an SPDX Document +// and its constituent parts. +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package spdx + +// Document2_1 is an SPDX Document for version 2.1 of the spec. +// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf +type Document2_1 struct { + CreationInfo *CreationInfo2_1 + Packages []*Package2_1 + OtherLicenses []*OtherLicense2_1 + Relationships []*Relationship2_1 + Annotations []*Annotation2_1 + + // DEPRECATED in version 2.0 of spec + Reviews []*Review2_1 +} diff --git a/spdx/file.go b/spdx/file.go new file mode 100644 index 0000000..3732107 --- /dev/null +++ b/spdx/file.go @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// File2_1 is a File section of an SPDX Document for version 2.1 of the spec. +type File2_1 struct { + + // 4.1: File Name + // Cardinality: mandatory, one + FileName string + + // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + FileSPDXIdentifier string + + // 4.3: File Type + // Cardinality: optional, multiple + FileType []string + + // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: mandatory, one SHA1, others may be optionally provided + FileChecksumSHA1 string + FileChecksumSHA256 string + FileChecksumMD5 string + + // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + LicenseConcluded string + + // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many + LicenseInfoInFile []string + + // 4.7: Comments on License + // Cardinality: optional, one + LicenseComments string + + // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + FileCopyrightText string + + // DEPRECATED in version 2.1 of spec + // 4.9-4.11: Artifact of Project variables (defined below) + // Cardinality: optional, one or many + ArtifactOfProjects []*ArtifactOfProject2_1 + + // 4.12: File Comment + // Cardinality: optional, one + FileComment string + + // 4.13: File Notice + // Cardinality: optional, one + FileNotice string + + // 4.14: File Contributor + // Cardinality: optional, one or many + FileContributor []string + + // DEPRECATED in version 2.0 of spec + // 4.15: File Dependencies + // Cardinality: optional, one or many + FileDependencies []string + + // Snippets contained in this File + Snippets []*Snippet2_1 +} + +// ArtifactOfProject2_1 is a DEPRECATED collection of data regarding +// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec. +type ArtifactOfProject2_1 struct { + + // DEPRECATED in version 2.1 of spec + // 4.9: Artifact of Project Name + // Cardinality: conditional, required if present, one per AOP + Name string + + // DEPRECATED in version 2.1 of spec + // 4.10: Artifact of Project Homepage: URL or "UNKNOWN" + // Cardinality: optional, one per AOP + HomePage string + + // DEPRECATED in version 2.1 of spec + // 4.11: Artifact of Project Uniform Resource Identifier + // Cardinality: optional, one per AOP + URI string +} diff --git a/spdx/other_license.go b/spdx/other_license.go new file mode 100644 index 0000000..8d15d7f --- /dev/null +++ b/spdx/other_license.go @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// OtherLicense2_1 is an Other License Information section of an +// SPDX Document for version 2.1 of the spec. +type OtherLicense2_1 struct { + + // 6.1: License Identifier: "LicenseRef-[idstring]" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseIdentifier string + + // 6.2: Extracted Text + // Cardinality: conditional (mandatory, one) if there is a + // License Identifier assigned + ExtractedText string + + // 6.3: License Name: single line of text or "NOASSERTION" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseName string + + // 6.4: License Cross Reference + // Cardinality: conditional (optional, one or many) if license + // is not on SPDX License List + LicenseCrossReferences []string + + // 6.5: License Comment + // Cardinality: optional, one + LicenseComment string +} diff --git a/spdx/package.go b/spdx/package.go new file mode 100644 index 0000000..d49922f --- /dev/null +++ b/spdx/package.go @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec. +type Package2_1 struct { + + // NOT PART OF SPEC + // flag: does this "package" contain files that were in fact "unpackaged", + // e.g. included directly in the Document without being in a Package? + IsUnpackaged bool + + // 3.1: Package Name + // Cardinality: mandatory, one + PackageName string + + // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + PackageSPDXIdentifier string + + // 3.3: Package Version + // Cardinality: optional, one + PackageVersion string + + // 3.4: Package File Name + // Cardinality: optional, one + PackageFileName string + + // 3.5: Package Supplier: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageSupplierPerson string + PackageSupplierOrganization string + PackageSupplierNOASSERTION bool + + // 3.6: Package Originator: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageOriginatorPerson string + PackageOriginatorOrganization string + PackageOriginatorNOASSERTION bool + + // 3.7: Package Download Location + // Cardinality: mandatory, one + PackageDownloadLocation string + + // 3.8: FilesAnalyzed + // Cardinality: optional, one; default value is "true" if omitted + FilesAnalyzed bool + // NOT PART OF SPEC: did FilesAnalyzed tag appear? + IsFilesAnalyzedTagPresent bool + + // 3.9: Package Verification Code + // Cardinality: mandatory, one if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageVerificationCode string + // Spec also allows specifying a single file to exclude from the + // verification code algorithm; intended to enable exclusion of + // the SPDX document file itself. + PackageVerificationCodeExcludedFile string + + // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: optional, one or many + PackageChecksumSHA1 string + PackageChecksumSHA256 string + PackageChecksumMD5 string + + // 3.11: Package Home Page + // Cardinality: optional, one + PackageHomePage string + + // 3.12: Source Information + // Cardinality: optional, one + PackageSourceInfo string + + // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseConcluded string + + // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageLicenseInfoFromFiles []string + + // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseDeclared string + + // 3.16: Comments on License + // Cardinality: optional, one + PackageLicenseComments string + + // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageCopyrightText string + + // 3.18: Package Summary Description + // Cardinality: optional, one + PackageSummary string + + // 3.19: Package Detailed Description + // Cardinality: optional, one + PackageDescription string + + // 3.20: Package Comment + // Cardinality: optional, one + PackageComment string + + // 3.21: Package External Reference + // Cardinality: optional, one or many + PackageExternalReferences []*PackageExternalReference2_1 + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + // contained within PackageExternalReference2_1 struct, if present + + // Files contained in this Package + Files []*File2_1 +} + +// PackageExternalReference2_1 is an External Reference to additional info +// about a Package, as defined in section 3.21 in version 2.1 of the spec. +type PackageExternalReference2_1 struct { + + // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" + Category string + + // type is an [idstring] as defined in Appendix VI; + // called RefType here due to "type" being a Golang keyword + RefType string + + // locator is a unique string to access the package-specific + // info, metadata or content within the target location + Locator string + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + ExternalRefComment string +} diff --git a/spdx/relationship.go b/spdx/relationship.go new file mode 100644 index 0000000..bc87967 --- /dev/null +++ b/spdx/relationship.go @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// Relationship2_1 is a Relationship section of an SPDX Document for +// version 2.1 of the spec. +type Relationship2_1 struct { + + // 7.1: Relationship + // Cardinality: optional, one or more; one per Relationship2_1 + // one mandatory for SPDX Document with multiple packages + // RefA and RefB are first and second item + // Relationship is type from 7.1.1 + RefA string + RefB string + Relationship string + + // 7.2: Relationship Comment + // Cardinality: optional, one + RelationshipComment string +} diff --git a/spdx/review.go b/spdx/review.go new file mode 100644 index 0000000..36a6ea7 --- /dev/null +++ b/spdx/review.go @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// Review2_1 is a Review section of an SPDX Document for version 2.1 of the spec. +// DEPRECATED in version 2.0 of spec; retained here for compatibility. +type Review2_1 struct { + + // DEPRECATED in version 2.0 of spec + // 9.1: Reviewer + // Cardinality: optional, one + Reviewer string + // including AnnotatorType: one of "Person", "Organization" or "Tool" + ReviewerType string + + // DEPRECATED in version 2.0 of spec + // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is a Reviewer + ReviewDate string + + // DEPRECATED in version 2.0 of spec + // 9.3: Review Comment + // Cardinality: optional, one + ReviewComment string +} diff --git a/spdx/snippet.go b/spdx/snippet.go new file mode 100644 index 0000000..14b3b25 --- /dev/null +++ b/spdx/snippet.go @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package spdx + +// Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec. +type Snippet2_1 struct { + + // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + SnippetSPDXIdentifier string + + // 5.2: Snippet from File SPDX Identifier + // Cardinality: mandatory, one + SnippetFromFileSPDXIdentifier string + + // 5.3: Snippet Byte Range: [start byte]:[end byte] + // Cardinality: mandatory, one + SnippetByteRangeStart int + SnippetByteRangeEnd int + + // 5.4: Snippet Line Range: [start line]:[end line] + // Cardinality: optional, one + SnippetLineRangeStart int + SnippetLineRangeEnd int + + // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetLicenseConcluded string + + // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: optional, one or many + LicenseInfoInSnippet []string + + // 5.7: Snippet Comments on License + // Cardinality: optional, one + SnippetLicenseComments string + + // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetCopyrightText string + + // 5.9: Snippet Comment + // Cardinality: optional, one + SnippetComment string + + // 5.10: Snippet Name + // Cardinality: optional, one + SnippetName string +} |