diff options
author | Steve Winslow <steve@swinslow.net> | 2020-04-25 14:29:05 -0400 |
---|---|---|
committer | Steve Winslow <steve@swinslow.net> | 2020-04-25 14:29:05 -0400 |
commit | d6c20c13d2bb539a5ae57ceef0f0de812fe94220 (patch) | |
tree | 601cef808a0e0bc700390afc11ac1fa804e7f116 /spdx | |
parent | b68821f66a8d47c441e3da9ab059205e7e30b3f4 (diff) | |
download | spdx-tools-d6c20c13d2bb539a5ae57ceef0f0de812fe94220.tar.gz |
WIP: Add 2.2 version of data structures
Signed-off-by: Steve Winslow <steve@swinslow.net>
Diffstat (limited to 'spdx')
-rw-r--r-- | spdx/creation_info.go | 52 | ||||
-rw-r--r-- | spdx/document.go | 13 | ||||
-rw-r--r-- | spdx/package.go | 140 |
3 files changed, 205 insertions, 0 deletions
diff --git a/spdx/creation_info.go b/spdx/creation_info.go index 1d4355c..27db3fc 100644 --- a/spdx/creation_info.go +++ b/spdx/creation_info.go @@ -53,3 +53,55 @@ type CreationInfo2_1 struct { // Cardinality: optional, one DocumentComment string } + +// CreationInfo2_2 is a Document Creation Information section of an +// SPDX Document for version 2.2 of the spec. +type CreationInfo2_2 struct { + + // 2.1: SPDX Version; should be in the format "SPDX-2.2" + // Cardinality: mandatory, one + SPDXVersion string + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string + + // 2.3: SPDX Identifier; should be "SPDXRef-DOCUMENT" + // Cardinality: mandatory, one + SPDXIdentifier string + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []string + + // 2.7: License List Version + // Cardinality: optional, one + LicenseListVersion string + + // 2.8: Creators: may have multiple keys for Person, Organization + // and/or Tool + // Cardinality: mandatory, one or many + CreatorPersons []string + CreatorOrganizations []string + CreatorTools []string + + // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ + // Cardinality: mandatory, one + Created string + + // 2.10: Creator Comment + // Cardinality: optional, one + CreatorComment string + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string +} diff --git a/spdx/document.go b/spdx/document.go index 9f0c919..6b116a8 100644 --- a/spdx/document.go +++ b/spdx/document.go @@ -15,3 +15,16 @@ type Document2_1 struct { // DEPRECATED in version 2.0 of spec Reviews []*Review2_1 } + +// Document2_2 is an SPDX Document for version 2.2 of the spec. +// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT) +type Document2_2 struct { + CreationInfo *CreationInfo2_2 + Packages []*Package2_2 + OtherLicenses []*OtherLicense2_2 + Relationships []*Relationship2_2 + Annotations []*Annotation2_2 + + // DEPRECATED in version 2.0 of spec + Reviews []*Review2_2 +} diff --git a/spdx/package.go b/spdx/package.go index d49922f..901fb48 100644 --- a/spdx/package.go +++ b/spdx/package.go @@ -137,3 +137,143 @@ type PackageExternalReference2_1 struct { // Cardinality: conditional (optional, one) for each External Reference ExternalRefComment string } + +// Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec. +type Package2_2 struct { + + // NOT PART OF SPEC + // flag: does this "package" contain files that were in fact "unpackaged", + // e.g. included directly in the Document without being in a Package? + IsUnpackaged bool + + // 3.1: Package Name + // Cardinality: mandatory, one + PackageName string + + // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + PackageSPDXIdentifier string + + // 3.3: Package Version + // Cardinality: optional, one + PackageVersion string + + // 3.4: Package File Name + // Cardinality: optional, one + PackageFileName string + + // 3.5: Package Supplier: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageSupplierPerson string + PackageSupplierOrganization string + PackageSupplierNOASSERTION bool + + // 3.6: Package Originator: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageOriginatorPerson string + PackageOriginatorOrganization string + PackageOriginatorNOASSERTION bool + + // 3.7: Package Download Location + // Cardinality: mandatory, one + PackageDownloadLocation string + + // 3.8: FilesAnalyzed + // Cardinality: optional, one; default value is "true" if omitted + FilesAnalyzed bool + // NOT PART OF SPEC: did FilesAnalyzed tag appear? + IsFilesAnalyzedTagPresent bool + + // 3.9: Package Verification Code + // Cardinality: mandatory, one if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageVerificationCode string + // Spec also allows specifying a single file to exclude from the + // verification code algorithm; intended to enable exclusion of + // the SPDX document file itself. + PackageVerificationCodeExcludedFile string + + // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: optional, one or many + PackageChecksumSHA1 string + PackageChecksumSHA256 string + PackageChecksumMD5 string + + // 3.11: Package Home Page + // Cardinality: optional, one + PackageHomePage string + + // 3.12: Source Information + // Cardinality: optional, one + PackageSourceInfo string + + // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseConcluded string + + // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageLicenseInfoFromFiles []string + + // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseDeclared string + + // 3.16: Comments on License + // Cardinality: optional, one + PackageLicenseComments string + + // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageCopyrightText string + + // 3.18: Package Summary Description + // Cardinality: optional, one + PackageSummary string + + // 3.19: Package Detailed Description + // Cardinality: optional, one + PackageDescription string + + // 3.20: Package Comment + // Cardinality: optional, one + PackageComment string + + // 3.21: Package External Reference + // Cardinality: optional, one or many + PackageExternalReferences []*PackageExternalReference2_2 + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + // contained within PackageExternalReference2_1 struct, if present + + // 3.23: Package Attribution Text + // Cardinality: optional, one or many + PackageAttributionText string + + // Files contained in this Package + Files []*File2_2 +} + +// PackageExternalReference2_2 is an External Reference to additional info +// about a Package, as defined in section 3.21 in version 2.2 of the spec. +type PackageExternalReference2_2 struct { + + // category is "SECURITY", "PACKAGE-MANAGER", "PERSISTENT-ID" or "OTHER" + Category string + + // type is an [idstring] as defined in Appendix VI; + // called RefType here due to "type" being a Golang keyword + RefType string + + // locator is a unique string to access the package-specific + // info, metadata or content within the target location + Locator string + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + ExternalRefComment string +} |