From 41d2272711255f5a25e16e3507ec3318bc550189 Mon Sep 17 00:00:00 2001 From: Brandon Lum Date: Mon, 6 Jun 2022 10:42:27 -0400 Subject: convert spdx structs to versioned pkgs Signed-off-by: Brandon Lum --- spdx/annotation.go | 92 ------------ spdx/checksum.go | 26 ---- spdx/common/annotation.go | 44 ++++++ spdx/common/checksum.go | 26 ++++ spdx/common/creation_info.go | 44 ++++++ spdx/common/identifier.go | 133 +++++++++++++++++ spdx/common/package.go | 105 +++++++++++++ spdx/common/snippet.go | 20 +++ spdx/creation_info.go | 86 ----------- spdx/document.go | 122 --------------- spdx/file.go | 177 ---------------------- spdx/identifier.go | 133 ----------------- spdx/other_license.go | 59 -------- spdx/package.go | 348 ------------------------------------------- spdx/relationship.go | 39 ----- spdx/review.go | 47 ------ spdx/snippet.go | 102 ------------- spdx/v2_1/annotation.go | 29 ++++ spdx/v2_1/creation_info.go | 26 ++++ spdx/v2_1/document.go | 65 ++++++++ spdx/v2_1/file.go | 90 +++++++++++ spdx/v2_1/other_license.go | 31 ++++ spdx/v2_1/package.go | 120 +++++++++++++++ spdx/v2_1/relationship.go | 23 +++ spdx/v2_1/review.go | 25 ++++ spdx/v2_1/snippet.go | 44 ++++++ spdx/v2_2/annotation.go | 29 ++++ spdx/v2_2/creation_info.go | 26 ++++ spdx/v2_2/document.go | 65 ++++++++ spdx/v2_2/file.go | 94 ++++++++++++ spdx/v2_2/other_license.go | 31 ++++ spdx/v2_2/package.go | 133 +++++++++++++++++ spdx/v2_2/relationship.go | 23 +++ spdx/v2_2/review.go | 25 ++++ spdx/v2_2/snippet.go | 48 ++++++ 35 files changed, 1299 insertions(+), 1231 deletions(-) delete mode 100644 spdx/annotation.go delete mode 100644 spdx/checksum.go create mode 100644 spdx/common/annotation.go create mode 100644 spdx/common/checksum.go create mode 100644 spdx/common/creation_info.go create mode 100644 spdx/common/identifier.go create mode 100644 spdx/common/package.go create mode 100644 spdx/common/snippet.go delete mode 100644 spdx/creation_info.go delete mode 100644 spdx/document.go delete mode 100644 spdx/file.go delete mode 100644 spdx/identifier.go delete mode 100644 spdx/other_license.go delete mode 100644 spdx/package.go delete mode 100644 spdx/relationship.go delete mode 100644 spdx/review.go delete mode 100644 spdx/snippet.go create mode 100644 spdx/v2_1/annotation.go create mode 100644 spdx/v2_1/creation_info.go create mode 100644 spdx/v2_1/document.go create mode 100644 spdx/v2_1/file.go create mode 100644 spdx/v2_1/other_license.go create mode 100644 spdx/v2_1/package.go create mode 100644 spdx/v2_1/relationship.go create mode 100644 spdx/v2_1/review.go create mode 100644 spdx/v2_1/snippet.go create mode 100644 spdx/v2_2/annotation.go create mode 100644 spdx/v2_2/creation_info.go create mode 100644 spdx/v2_2/document.go create mode 100644 spdx/v2_2/file.go create mode 100644 spdx/v2_2/other_license.go create mode 100644 spdx/v2_2/package.go create mode 100644 spdx/v2_2/relationship.go create mode 100644 spdx/v2_2/review.go create mode 100644 spdx/v2_2/snippet.go diff --git a/spdx/annotation.go b/spdx/annotation.go deleted file mode 100644 index 560b6f0..0000000 --- a/spdx/annotation.go +++ /dev/null @@ -1,92 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -import ( - "encoding/json" - "fmt" - "strings" -) - -type Annotator struct { - Annotator string - // including AnnotatorType: one of "Person", "Organization" or "Tool" - AnnotatorType string -} - -// UnmarshalJSON takes an annotator in the typical one-line format and parses it into an Annotator struct. -// This function is also used when unmarshalling YAML -func (a *Annotator) UnmarshalJSON(data []byte) error { - // annotator will simply be a string - annotatorStr := string(data) - annotatorStr = strings.Trim(annotatorStr, "\"") - - annotatorFields := strings.SplitN(annotatorStr, ": ", 2) - - if len(annotatorFields) != 2 { - return fmt.Errorf("failed to parse Annotator '%s'", annotatorStr) - } - - a.AnnotatorType = annotatorFields[0] - a.Annotator = annotatorFields[1] - - return nil -} - -// MarshalJSON converts the receiver into a slice of bytes representing an Annotator in string form. -// This function is also used when marshalling to YAML -func (a Annotator) MarshalJSON() ([]byte, error) { - if a.Annotator != "" { - return json.Marshal(fmt.Sprintf("%s: %s", a.AnnotatorType, a.Annotator)) - } - - return []byte{}, nil -} - -// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec. -type Annotation2_1 struct { - // 8.1: Annotator - // Cardinality: conditional (mandatory, one) if there is an Annotation - Annotator Annotator `json:"annotator"` - - // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationDate string `json:"annotationDate"` - - // 8.3: Annotation Type: "REVIEW" or "OTHER" - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationType string `json:"annotationType"` - - // 8.4: SPDX Identifier Reference - // Cardinality: conditional (mandatory, one) if there is an Annotation - // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. - AnnotationSPDXIdentifier DocElementID `json:"-"` - - // 8.5: Annotation Comment - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationComment string `json:"comment"` -} - -// Annotation2_2 is an Annotation section of an SPDX Document for version 2.2 of the spec. -type Annotation2_2 struct { - // 8.1: Annotator - // Cardinality: conditional (mandatory, one) if there is an Annotation - Annotator Annotator `json:"annotator"` - - // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationDate string `json:"annotationDate"` - - // 8.3: Annotation Type: "REVIEW" or "OTHER" - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationType string `json:"annotationType"` - - // 8.4: SPDX Identifier Reference - // Cardinality: conditional (mandatory, one) if there is an Annotation - // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. - AnnotationSPDXIdentifier DocElementID `json:"-"` - - // 8.5: Annotation Comment - // Cardinality: conditional (mandatory, one) if there is an Annotation - AnnotationComment string `json:"comment"` -} diff --git a/spdx/checksum.go b/spdx/checksum.go deleted file mode 100644 index 3295969..0000000 --- a/spdx/checksum.go +++ /dev/null @@ -1,26 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -// ChecksumAlgorithm represents the algorithm used to generate the file checksum in the Checksum struct. -type ChecksumAlgorithm string - -// The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum -const ( - SHA224 ChecksumAlgorithm = "SHA224" - SHA1 ChecksumAlgorithm = "SHA1" - SHA256 ChecksumAlgorithm = "SHA256" - SHA384 ChecksumAlgorithm = "SHA384" - SHA512 ChecksumAlgorithm = "SHA512" - MD2 ChecksumAlgorithm = "MD2" - MD4 ChecksumAlgorithm = "MD4" - MD5 ChecksumAlgorithm = "MD5" - MD6 ChecksumAlgorithm = "MD6" -) - -// Checksum provides a unique identifier to match analysis information on each specific file in a package. -// The Algorithm field describes the ChecksumAlgorithm used and the Value represents the file checksum -type Checksum struct { - Algorithm ChecksumAlgorithm `json:"algorithm"` - Value string `json:"checksumValue"` -} diff --git a/spdx/common/annotation.go b/spdx/common/annotation.go new file mode 100644 index 0000000..e77d7b7 --- /dev/null +++ b/spdx/common/annotation.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +import ( + "encoding/json" + "fmt" + "strings" +) + +type Annotator struct { + Annotator string + // including AnnotatorType: one of "Person", "Organization" or "Tool" + AnnotatorType string +} + +// UnmarshalJSON takes an annotator in the typical one-line format and parses it into an Annotator struct. +// This function is also used when unmarshalling YAML +func (a *Annotator) UnmarshalJSON(data []byte) error { + // annotator will simply be a string + annotatorStr := string(data) + annotatorStr = strings.Trim(annotatorStr, "\"") + + annotatorFields := strings.SplitN(annotatorStr, ": ", 2) + + if len(annotatorFields) != 2 { + return fmt.Errorf("failed to parse Annotator '%s'", annotatorStr) + } + + a.AnnotatorType = annotatorFields[0] + a.Annotator = annotatorFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing an Annotator in string form. +// This function is also used when marshalling to YAML +func (a Annotator) MarshalJSON() ([]byte, error) { + if a.Annotator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", a.AnnotatorType, a.Annotator)) + } + + return []byte{}, nil +} diff --git a/spdx/common/checksum.go b/spdx/common/checksum.go new file mode 100644 index 0000000..02a57ff --- /dev/null +++ b/spdx/common/checksum.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +// ChecksumAlgorithm represents the algorithm used to generate the file checksum in the Checksum struct. +type ChecksumAlgorithm string + +// The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum +const ( + SHA224 ChecksumAlgorithm = "SHA224" + SHA1 ChecksumAlgorithm = "SHA1" + SHA256 ChecksumAlgorithm = "SHA256" + SHA384 ChecksumAlgorithm = "SHA384" + SHA512 ChecksumAlgorithm = "SHA512" + MD2 ChecksumAlgorithm = "MD2" + MD4 ChecksumAlgorithm = "MD4" + MD5 ChecksumAlgorithm = "MD5" + MD6 ChecksumAlgorithm = "MD6" +) + +// Checksum provides a unique identifier to match analysis information on each specific file in a package. +// The Algorithm field describes the ChecksumAlgorithm used and the Value represents the file checksum +type Checksum struct { + Algorithm ChecksumAlgorithm `json:"algorithm"` + Value string `json:"checksumValue"` +} diff --git a/spdx/common/creation_info.go b/spdx/common/creation_info.go new file mode 100644 index 0000000..c87ae7b --- /dev/null +++ b/spdx/common/creation_info.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +import ( + "encoding/json" + "fmt" + "strings" +) + +// Creator is a wrapper around the Creator SPDX field. The SPDX field contains two values, which requires special +// handling in order to marshal/unmarshal it to/from Go data types. +type Creator struct { + Creator string + // CreatorType should be one of "Person", "Organization", or "Tool" + CreatorType string +} + +// UnmarshalJSON takes an annotator in the typical one-line format and parses it into a Creator struct. +// This function is also used when unmarshalling YAML +func (c *Creator) UnmarshalJSON(data []byte) error { + str := string(data) + str = strings.Trim(str, "\"") + fields := strings.SplitN(str, ": ", 2) + + if len(fields) != 2 { + return fmt.Errorf("failed to parse Creator '%s'", str) + } + + c.CreatorType = fields[0] + c.Creator = fields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing a Creator in string form. +// This function is also used with marshalling to YAML +func (c Creator) MarshalJSON() ([]byte, error) { + if c.Creator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", c.CreatorType, c.Creator)) + } + + return []byte{}, nil +} diff --git a/spdx/common/identifier.go b/spdx/common/identifier.go new file mode 100644 index 0000000..d656867 --- /dev/null +++ b/spdx/common/identifier.go @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +import ( + "encoding/json" + "fmt" + "strings" +) + +// ElementID represents the identifier string portion of an SPDX element +// identifier. DocElementID should be used for any attributes which can +// contain identifiers defined in a different SPDX document. +// ElementIDs should NOT contain the mandatory 'SPDXRef-' portion. +type ElementID string + +// DocElementID represents an SPDX element identifier that could be defined +// in a different SPDX document, and therefore could have a "DocumentRef-" +// portion, such as Relationships and Annotations. +// ElementID is used for attributes in which a "DocumentRef-" portion cannot +// appear, such as a Package or File definition (since it is necessarily +// being defined in the present document). +// DocumentRefID will be the empty string for elements defined in the +// present document. +// DocElementIDs should NOT contain the mandatory 'DocumentRef-' or +// 'SPDXRef-' portions. +// SpecialID is used ONLY if the DocElementID matches a defined set of +// permitted special values for a particular field, e.g. "NONE" or +// "NOASSERTION" for the right-hand side of Relationships. If SpecialID +// is set, DocumentRefID and ElementRefID should be empty (and vice versa). +type DocElementID struct { + DocumentRefID string + ElementRefID ElementID + SpecialID string +} + +// UnmarshalJSON takes a SPDX Identifier string parses it into a DocElementID struct. +// This function is also used when unmarshalling YAML +func (d *DocElementID) UnmarshalJSON(data []byte) error { + // SPDX identifier will simply be a string + idStr := string(data) + idStr = strings.Trim(idStr, "\"") + + // handle special cases + if idStr == "NONE" || idStr == "NOASSERTION" { + d.SpecialID = idStr + return nil + } + + var idFields []string + // handle DocumentRef- if present + if strings.HasPrefix(idStr, "DocumentRef-") { + // strip out the "DocumentRef-" so we can get the value + idFields = strings.SplitN(idStr, "DocumentRef-", 2) + idStr = idFields[1] + + // an SPDXRef can appear after a DocumentRef, separated by a colon + idFields = strings.SplitN(idStr, ":", 2) + d.DocumentRefID = idFields[0] + + if len(idFields) == 2 { + idStr = idFields[1] + } else { + return nil + } + } + + // handle SPDXRef- + idFields = strings.SplitN(idStr, "SPDXRef-", 2) + if len(idFields) != 2 { + return fmt.Errorf("failed to parse SPDX Identifier '%s'", idStr) + } + + d.ElementRefID = ElementID(idFields[1]) + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing a DocElementID in string form. +// This function is also used when marshalling to YAML +func (d DocElementID) MarshalJSON() ([]byte, error) { + if d.DocumentRefID != "" && d.ElementRefID != "" { + return json.Marshal(fmt.Sprintf("DocumentRef-%s:SPDXRef-%s", d.DocumentRefID, d.ElementRefID)) + } else if d.ElementRefID != "" { + return json.Marshal(fmt.Sprintf("SPDXRef-%s", d.ElementRefID)) + } else if d.SpecialID != "" { + return json.Marshal(d.SpecialID) + } + + return []byte{}, fmt.Errorf("failed to marshal empty DocElementID") +} + +// TODO: add equivalents for LicenseRef- identifiers + +// MakeDocElementID takes strings (without prefixes) for the DocumentRef- +// and SPDXRef- identifiers, and returns a DocElementID. An empty string +// should be used for the DocumentRef- portion if it is referring to the +// present document. +func MakeDocElementID(docRef string, eltRef string) DocElementID { + return DocElementID{ + DocumentRefID: docRef, + ElementRefID: ElementID(eltRef), + } +} + +// MakeDocElementSpecial takes a "special" string (e.g. "NONE" or +// "NOASSERTION" for the right side of a Relationship), nd returns +// a DocElementID with it in the SpecialID field. Other fields will +// be empty. +func MakeDocElementSpecial(specialID string) DocElementID { + return DocElementID{SpecialID: specialID} +} + +// RenderElementID takes an ElementID and returns the string equivalent, +// with the SPDXRef- prefix reinserted. +func RenderElementID(eID ElementID) string { + return "SPDXRef-" + string(eID) +} + +// RenderDocElementID takes a DocElementID and returns the string equivalent, +// with the SPDXRef- prefix (and, if applicable, the DocumentRef- prefix) +// reinserted. If a SpecialID is present, it will be rendered verbatim and +// DocumentRefID and ElementRefID will be ignored. +func RenderDocElementID(deID DocElementID) string { + if deID.SpecialID != "" { + return deID.SpecialID + } + prefix := "" + if deID.DocumentRefID != "" { + prefix = "DocumentRef-" + deID.DocumentRefID + ":" + } + return prefix + "SPDXRef-" + string(deID.ElementRefID) +} diff --git a/spdx/common/package.go b/spdx/common/package.go new file mode 100644 index 0000000..e0635df --- /dev/null +++ b/spdx/common/package.go @@ -0,0 +1,105 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +import ( + "encoding/json" + "fmt" + "strings" +) + +type Supplier struct { + // can be "NOASSERTION" + Supplier string + // SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION" + SupplierType string +} + +// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct. +// This function is also used when unmarshalling YAML +func (s *Supplier) UnmarshalJSON(data []byte) error { + // the value is just a string presented as a slice of bytes + supplierStr := string(data) + supplierStr = strings.Trim(supplierStr, "\"") + + if supplierStr == "NOASSERTION" { + s.Supplier = supplierStr + return nil + } + + supplierFields := strings.SplitN(supplierStr, ": ", 2) + + if len(supplierFields) != 2 { + return fmt.Errorf("failed to parse Supplier '%s'", supplierStr) + } + + s.SupplierType = supplierFields[0] + s.Supplier = supplierFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form. +// This function is also used when marshalling to YAML +func (s Supplier) MarshalJSON() ([]byte, error) { + if s.Supplier == "NOASSERTION" { + return json.Marshal(s.Supplier) + } else if s.SupplierType != "" && s.Supplier != "" { + return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier)) + } + + return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s) +} + +type Originator struct { + // can be "NOASSERTION" + Originator string + // OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION" + OriginatorType string +} + +// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct. +// This function is also used when unmarshalling YAML +func (o *Originator) UnmarshalJSON(data []byte) error { + // the value is just a string presented as a slice of bytes + originatorStr := string(data) + originatorStr = strings.Trim(originatorStr, "\"") + + if originatorStr == "NOASSERTION" { + o.Originator = originatorStr + return nil + } + + originatorFields := strings.SplitN(originatorStr, ": ", 2) + + if len(originatorFields) != 2 { + return fmt.Errorf("failed to parse Originator '%s'", originatorStr) + } + + o.OriginatorType = originatorFields[0] + o.Originator = originatorFields[1] + + return nil +} + +// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form. +// This function is also used when marshalling to YAML +func (o Originator) MarshalJSON() ([]byte, error) { + if o.Originator == "NOASSERTION" { + return json.Marshal(o.Originator) + } else if o.Originator != "" { + return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator)) + } + + return []byte{}, nil +} + +type PackageVerificationCode struct { + // Cardinality: mandatory, one if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + Value string `json:"packageVerificationCodeValue"` + // Spec also allows specifying files to exclude from the + // verification code algorithm; intended to enable exclusion of + // the SPDX document file itself. + ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"` +} diff --git a/spdx/common/snippet.go b/spdx/common/snippet.go new file mode 100644 index 0000000..63afac3 --- /dev/null +++ b/spdx/common/snippet.go @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package common + +type SnippetRangePointer struct { + // 5.3: Snippet Byte Range: [start byte]:[end byte] + // Cardinality: mandatory, one + Offset int `json:"offset,omitempty"` + + // 5.4: Snippet Line Range: [start line]:[end line] + // Cardinality: optional, one + LineNumber int `json:"lineNumber,omitempty"` + + FileSPDXIdentifier ElementID `json:"reference"` +} + +type SnippetRange struct { + StartPointer SnippetRangePointer `json:"startPointer"` + EndPointer SnippetRangePointer `json:"endPointer"` +} diff --git a/spdx/creation_info.go b/spdx/creation_info.go deleted file mode 100644 index c0b6f63..0000000 --- a/spdx/creation_info.go +++ /dev/null @@ -1,86 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -import ( - "encoding/json" - "fmt" - "strings" -) - -// Creator is a wrapper around the Creator SPDX field. The SPDX field contains two values, which requires special -// handling in order to marshal/unmarshal it to/from Go data types. -type Creator struct { - Creator string - // CreatorType should be one of "Person", "Organization", or "Tool" - CreatorType string -} - -// UnmarshalJSON takes an annotator in the typical one-line format and parses it into a Creator struct. -// This function is also used when unmarshalling YAML -func (c *Creator) UnmarshalJSON(data []byte) error { - str := string(data) - str = strings.Trim(str, "\"") - fields := strings.SplitN(str, ": ", 2) - - if len(fields) != 2 { - return fmt.Errorf("failed to parse Creator '%s'", str) - } - - c.CreatorType = fields[0] - c.Creator = fields[1] - - return nil -} - -// MarshalJSON converts the receiver into a slice of bytes representing a Creator in string form. -// This function is also used with marshalling to YAML -func (c Creator) MarshalJSON() ([]byte, error) { - if c.Creator != "" { - return json.Marshal(fmt.Sprintf("%s: %s", c.CreatorType, c.Creator)) - } - - return []byte{}, nil -} - -// CreationInfo2_1 is a Document Creation Information section of an -// SPDX Document for version 2.1 of the spec. -type CreationInfo2_1 struct { - // 2.7: License List Version - // Cardinality: optional, one - LicenseListVersion string `json:"licenseListVersion"` - - // 2.8: Creators: may have multiple keys for Person, Organization - // and/or Tool - // Cardinality: mandatory, one or many - Creators []Creator `json:"creators"` - - // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ - // Cardinality: mandatory, one - Created string `json:"created"` - - // 2.10: Creator Comment - // Cardinality: optional, one - CreatorComment string `json:"comment"` -} - -// CreationInfo2_2 is a Document Creation Information section of an -// SPDX Document for version 2.2 of the spec. -type CreationInfo2_2 struct { - // 2.7: License List Version - // Cardinality: optional, one - LicenseListVersion string `json:"licenseListVersion"` - - // 2.8: Creators: may have multiple keys for Person, Organization - // and/or Tool - // Cardinality: mandatory, one or many - Creators []Creator `json:"creators"` - - // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ - // Cardinality: mandatory, one - Created string `json:"created"` - - // 2.10: Creator Comment - // Cardinality: optional, one - CreatorComment string `json:"comment"` -} diff --git a/spdx/document.go b/spdx/document.go deleted file mode 100644 index a3117cb..0000000 --- a/spdx/document.go +++ /dev/null @@ -1,122 +0,0 @@ -// Package spdx contains the struct definition for an SPDX Document -// and its constituent parts. -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -package spdx - -// ExternalDocumentRef2_1 is a reference to an external SPDX document -// as defined in section 2.6 for version 2.1 of the spec. -type ExternalDocumentRef2_1 struct { - // DocumentRefID is the ID string defined in the start of the - // reference. It should _not_ contain the "DocumentRef-" part - // of the mandatory ID string. - DocumentRefID string `json:"externalDocumentId"` - - // URI is the URI defined for the external document - URI string `json:"spdxDocument"` - - // Checksum is the actual hash data - Checksum Checksum `json:"checksum"` -} - -// ExternalDocumentRef2_2 is a reference to an external SPDX document -// as defined in section 2.6 for version 2.2 of the spec. -type ExternalDocumentRef2_2 struct { - // DocumentRefID is the ID string defined in the start of the - // reference. It should _not_ contain the "DocumentRef-" part - // of the mandatory ID string. - DocumentRefID string `json:"externalDocumentId"` - - // URI is the URI defined for the external document - URI string `json:"spdxDocument"` - - // Checksum is the actual hash data - Checksum Checksum `json:"checksum"` -} - -// Document2_1 is an SPDX Document for version 2.1 of the spec. -// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf -type Document2_1 struct { - // 2.1: SPDX Version; should be in the format "SPDX-2.1" - // Cardinality: mandatory, one - SPDXVersion string `json:"spdxVersion"` - - // 2.2: Data License; should be "CC0-1.0" - // Cardinality: mandatory, one - DataLicense string `json:"dataLicense"` - - // 2.3: SPDX Identifier; should be "DOCUMENT" to represent - // mandatory identifier of SPDXRef-DOCUMENT - // Cardinality: mandatory, one - SPDXIdentifier ElementID `json:"SPDXID"` - - // 2.4: Document Name - // Cardinality: mandatory, one - DocumentName string `json:"name"` - - // 2.5: Document Namespace - // Cardinality: mandatory, one - DocumentNamespace string `json:"documentNamespace"` - - // 2.6: External Document References - // Cardinality: optional, one or many - ExternalDocumentReferences []ExternalDocumentRef2_1 `json:"externalDocumentRefs,omitempty"` - - // 2.11: Document Comment - // Cardinality: optional, one - DocumentComment string `json:"comment,omitempty"` - - CreationInfo *CreationInfo2_1 `json:"creationInfo"` - Packages []*Package2_1 `json:"packages"` - Files []*File2_1 `json:"files"` - OtherLicenses []*OtherLicense2_1 `json:"hasExtractedLicensingInfos"` - Relationships []*Relationship2_1 `json:"relationships"` - Annotations []*Annotation2_1 `json:"annotations"` - Snippets []Snippet2_1 `json:"snippets"` - - // DEPRECATED in version 2.0 of spec - Reviews []*Review2_1 -} - -// Document2_2 is an SPDX Document for version 2.2 of the spec. -// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT) -type Document2_2 struct { - // 2.1: SPDX Version; should be in the format "SPDX-2.2" - // Cardinality: mandatory, one - SPDXVersion string `json:"spdxVersion"` - - // 2.2: Data License; should be "CC0-1.0" - // Cardinality: mandatory, one - DataLicense string `json:"dataLicense"` - - // 2.3: SPDX Identifier; should be "DOCUMENT" to represent - // mandatory identifier of SPDXRef-DOCUMENT - // Cardinality: mandatory, one - SPDXIdentifier ElementID `json:"SPDXID"` - - // 2.4: Document Name - // Cardinality: mandatory, one - DocumentName string `json:"name"` - - // 2.5: Document Namespace - // Cardinality: mandatory, one - DocumentNamespace string `json:"documentNamespace"` - - // 2.6: External Document References - // Cardinality: optional, one or many - ExternalDocumentReferences []ExternalDocumentRef2_2 `json:"externalDocumentRefs,omitempty"` - - // 2.11: Document Comment - // Cardinality: optional, one - DocumentComment string `json:"comment,omitempty"` - - CreationInfo *CreationInfo2_2 `json:"creationInfo"` - Packages []*Package2_2 `json:"packages"` - Files []*File2_2 `json:"files"` - OtherLicenses []*OtherLicense2_2 `json:"hasExtractedLicensingInfos"` - Relationships []*Relationship2_2 `json:"relationships"` - Annotations []*Annotation2_2 `json:"annotations"` - Snippets []Snippet2_2 `json:"snippets"` - - // DEPRECATED in version 2.0 of spec - Reviews []*Review2_2 -} diff --git a/spdx/file.go b/spdx/file.go deleted file mode 100644 index 01dbb36..0000000 --- a/spdx/file.go +++ /dev/null @@ -1,177 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -// File2_1 is a File section of an SPDX Document for version 2.1 of the spec. -type File2_1 struct { - // 4.1: File Name - // Cardinality: mandatory, one - FileName string `json:"fileName"` - - // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - FileSPDXIdentifier ElementID `json:"SPDXID"` - - // 4.3: File Types - // Cardinality: optional, multiple - FileTypes []string `json:"fileTypes,omitempty"` - - // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 - // Cardinality: mandatory, one SHA1, others may be optionally provided - Checksums []Checksum `json:"checksums"` - - // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - LicenseConcluded string `json:"licenseConcluded"` - - // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one or many - LicenseInfoInFiles []string `json:"licenseInfoInFiles"` - - // 4.7: Comments on License - // Cardinality: optional, one - LicenseComments string `json:"licenseComments,omitempty"` - - // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - FileCopyrightText string `json:"copyrightText"` - - // DEPRECATED in version 2.1 of spec - // 4.9-4.11: Artifact of Project variables (defined below) - // Cardinality: optional, one or many - ArtifactOfProjects []*ArtifactOfProject2_1 `json:"-"` - - // 4.12: File Comment - // Cardinality: optional, one - FileComment string `json:"comment,omitempty"` - - // 4.13: File Notice - // Cardinality: optional, one - FileNotice string `json:"noticeText,omitempty"` - - // 4.14: File Contributor - // Cardinality: optional, one or many - FileContributors []string `json:"fileContributors,omitempty"` - - // DEPRECATED in version 2.0 of spec - // 4.15: File Dependencies - // Cardinality: optional, one or many - FileDependencies []string `json:"-"` - - // Snippets contained in this File - // Note that Snippets could be defined in a different Document! However, - // the only ones that _THIS_ document can contain are the ones that are - // defined here -- so this should just be an ElementID. - Snippets map[ElementID]*Snippet2_1 `json:"-"` - - Annotations []Annotation2_1 `json:"annotations"` -} - -// ArtifactOfProject2_1 is a DEPRECATED collection of data regarding -// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec. -type ArtifactOfProject2_1 struct { - - // DEPRECATED in version 2.1 of spec - // 4.9: Artifact of Project Name - // Cardinality: conditional, required if present, one per AOP - Name string - - // DEPRECATED in version 2.1 of spec - // 4.10: Artifact of Project Homepage: URL or "UNKNOWN" - // Cardinality: optional, one per AOP - HomePage string - - // DEPRECATED in version 2.1 of spec - // 4.11: Artifact of Project Uniform Resource Identifier - // Cardinality: optional, one per AOP - URI string -} - -// File2_2 is a File section of an SPDX Document for version 2.2 of the spec. -type File2_2 struct { - // 4.1: File Name - // Cardinality: mandatory, one - FileName string `json:"fileName"` - - // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - FileSPDXIdentifier ElementID `json:"SPDXID"` - - // 4.3: File Types - // Cardinality: optional, multiple - FileTypes []string `json:"fileTypes,omitempty"` - - // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 - // Cardinality: mandatory, one SHA1, others may be optionally provided - Checksums []Checksum `json:"checksums"` - - // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - LicenseConcluded string `json:"licenseConcluded"` - - // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one or many - LicenseInfoInFiles []string `json:"licenseInfoInFiles"` - - // 4.7: Comments on License - // Cardinality: optional, one - LicenseComments string `json:"licenseComments,omitempty"` - - // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - FileCopyrightText string `json:"copyrightText"` - - // DEPRECATED in version 2.1 of spec - // 4.9-4.11: Artifact of Project variables (defined below) - // Cardinality: optional, one or many - ArtifactOfProjects []*ArtifactOfProject2_2 `json:"-"` - - // 4.12: File Comment - // Cardinality: optional, one - FileComment string `json:"comment,omitempty"` - - // 4.13: File Notice - // Cardinality: optional, one - FileNotice string `json:"noticeText,omitempty"` - - // 4.14: File Contributor - // Cardinality: optional, one or many - FileContributors []string `json:"fileContributors,omitempty"` - - // 4.15: File Attribution Text - // Cardinality: optional, one or many - FileAttributionTexts []string `json:"attributionTexts,omitempty"` - - // DEPRECATED in version 2.0 of spec - // 4.16: File Dependencies - // Cardinality: optional, one or many - FileDependencies []string `json:"-"` - - // Snippets contained in this File - // Note that Snippets could be defined in a different Document! However, - // the only ones that _THIS_ document can contain are this ones that are - // defined here -- so this should just be an ElementID. - Snippets map[ElementID]*Snippet2_2 `json:"-"` - - Annotations []Annotation2_2 `json:"annotations,omitempty"` -} - -// ArtifactOfProject2_2 is a DEPRECATED collection of data regarding -// a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec. -type ArtifactOfProject2_2 struct { - - // DEPRECATED in version 2.1 of spec - // 4.9: Artifact of Project Name - // Cardinality: conditional, required if present, one per AOP - Name string - - // DEPRECATED in version 2.1 of spec - // 4.10: Artifact of Project Homepage: URL or "UNKNOWN" - // Cardinality: optional, one per AOP - HomePage string - - // DEPRECATED in version 2.1 of spec - // 4.11: Artifact of Project Uniform Resource Identifier - // Cardinality: optional, one per AOP - URI string -} diff --git a/spdx/identifier.go b/spdx/identifier.go deleted file mode 100644 index 56f8ffc..0000000 --- a/spdx/identifier.go +++ /dev/null @@ -1,133 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -import ( - "encoding/json" - "fmt" - "strings" -) - -// ElementID represents the identifier string portion of an SPDX element -// identifier. DocElementID should be used for any attributes which can -// contain identifiers defined in a different SPDX document. -// ElementIDs should NOT contain the mandatory 'SPDXRef-' portion. -type ElementID string - -// DocElementID represents an SPDX element identifier that could be defined -// in a different SPDX document, and therefore could have a "DocumentRef-" -// portion, such as Relationships and Annotations. -// ElementID is used for attributes in which a "DocumentRef-" portion cannot -// appear, such as a Package or File definition (since it is necessarily -// being defined in the present document). -// DocumentRefID will be the empty string for elements defined in the -// present document. -// DocElementIDs should NOT contain the mandatory 'DocumentRef-' or -// 'SPDXRef-' portions. -// SpecialID is used ONLY if the DocElementID matches a defined set of -// permitted special values for a particular field, e.g. "NONE" or -// "NOASSERTION" for the right-hand side of Relationships. If SpecialID -// is set, DocumentRefID and ElementRefID should be empty (and vice versa). -type DocElementID struct { - DocumentRefID string - ElementRefID ElementID - SpecialID string -} - -// UnmarshalJSON takes a SPDX Identifier string parses it into a DocElementID struct. -// This function is also used when unmarshalling YAML -func (d *DocElementID) UnmarshalJSON(data []byte) error { - // SPDX identifier will simply be a string - idStr := string(data) - idStr = strings.Trim(idStr, "\"") - - // handle special cases - if idStr == "NONE" || idStr == "NOASSERTION" { - d.SpecialID = idStr - return nil - } - - var idFields []string - // handle DocumentRef- if present - if strings.HasPrefix(idStr, "DocumentRef-") { - // strip out the "DocumentRef-" so we can get the value - idFields = strings.SplitN(idStr, "DocumentRef-", 2) - idStr = idFields[1] - - // an SPDXRef can appear after a DocumentRef, separated by a colon - idFields = strings.SplitN(idStr, ":", 2) - d.DocumentRefID = idFields[0] - - if len(idFields) == 2 { - idStr = idFields[1] - } else { - return nil - } - } - - // handle SPDXRef- - idFields = strings.SplitN(idStr, "SPDXRef-", 2) - if len(idFields) != 2 { - return fmt.Errorf("failed to parse SPDX Identifier '%s'", idStr) - } - - d.ElementRefID = ElementID(idFields[1]) - - return nil -} - -// MarshalJSON converts the receiver into a slice of bytes representing a DocElementID in string form. -// This function is also used when marshalling to YAML -func (d DocElementID) MarshalJSON() ([]byte, error) { - if d.DocumentRefID != "" && d.ElementRefID != "" { - return json.Marshal(fmt.Sprintf("DocumentRef-%s:SPDXRef-%s", d.DocumentRefID, d.ElementRefID)) - } else if d.ElementRefID != "" { - return json.Marshal(fmt.Sprintf("SPDXRef-%s", d.ElementRefID)) - } else if d.SpecialID != "" { - return json.Marshal(d.SpecialID) - } - - return []byte{}, fmt.Errorf("failed to marshal empty DocElementID") -} - -// TODO: add equivalents for LicenseRef- identifiers - -// MakeDocElementID takes strings (without prefixes) for the DocumentRef- -// and SPDXRef- identifiers, and returns a DocElementID. An empty string -// should be used for the DocumentRef- portion if it is referring to the -// present document. -func MakeDocElementID(docRef string, eltRef string) DocElementID { - return DocElementID{ - DocumentRefID: docRef, - ElementRefID: ElementID(eltRef), - } -} - -// MakeDocElementSpecial takes a "special" string (e.g. "NONE" or -// "NOASSERTION" for the right side of a Relationship), nd returns -// a DocElementID with it in the SpecialID field. Other fields will -// be empty. -func MakeDocElementSpecial(specialID string) DocElementID { - return DocElementID{SpecialID: specialID} -} - -// RenderElementID takes an ElementID and returns the string equivalent, -// with the SPDXRef- prefix reinserted. -func RenderElementID(eID ElementID) string { - return "SPDXRef-" + string(eID) -} - -// RenderDocElementID takes a DocElementID and returns the string equivalent, -// with the SPDXRef- prefix (and, if applicable, the DocumentRef- prefix) -// reinserted. If a SpecialID is present, it will be rendered verbatim and -// DocumentRefID and ElementRefID will be ignored. -func RenderDocElementID(deID DocElementID) string { - if deID.SpecialID != "" { - return deID.SpecialID - } - prefix := "" - if deID.DocumentRefID != "" { - prefix = "DocumentRef-" + deID.DocumentRefID + ":" - } - return prefix + "SPDXRef-" + string(deID.ElementRefID) -} diff --git a/spdx/other_license.go b/spdx/other_license.go deleted file mode 100644 index 6e43676..0000000 --- a/spdx/other_license.go +++ /dev/null @@ -1,59 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -// OtherLicense2_1 is an Other License Information section of an -// SPDX Document for version 2.1 of the spec. -type OtherLicense2_1 struct { - // 6.1: License Identifier: "LicenseRef-[idstring]" - // Cardinality: conditional (mandatory, one) if license is not - // on SPDX License List - LicenseIdentifier string `json:"licenseId"` - - // 6.2: Extracted Text - // Cardinality: conditional (mandatory, one) if there is a - // License Identifier assigned - ExtractedText string `json:"extractedText"` - - // 6.3: License Name: single line of text or "NOASSERTION" - // Cardinality: conditional (mandatory, one) if license is not - // on SPDX License List - LicenseName string `json:"name,omitempty"` - - // 6.4: License Cross Reference - // Cardinality: conditional (optional, one or many) if license - // is not on SPDX License List - LicenseCrossReferences []string `json:"seeAlsos,omitempty"` - - // 6.5: License Comment - // Cardinality: optional, one - LicenseComment string `json:"comment,omitempty"` -} - -// OtherLicense2_2 is an Other License Information section of an -// SPDX Document for version 2.2 of the spec. -type OtherLicense2_2 struct { - // 6.1: License Identifier: "LicenseRef-[idstring]" - // Cardinality: conditional (mandatory, one) if license is not - // on SPDX License List - LicenseIdentifier string `json:"licenseId"` - - // 6.2: Extracted Text - // Cardinality: conditional (mandatory, one) if there is a - // License Identifier assigned - ExtractedText string `json:"extractedText"` - - // 6.3: License Name: single line of text or "NOASSERTION" - // Cardinality: conditional (mandatory, one) if license is not - // on SPDX License List - LicenseName string `json:"name,omitempty"` - - // 6.4: License Cross Reference - // Cardinality: conditional (optional, one or many) if license - // is not on SPDX License List - LicenseCrossReferences []string `json:"seeAlsos,omitempty"` - - // 6.5: License Comment - // Cardinality: optional, one - LicenseComment string `json:"comment,omitempty"` -} diff --git a/spdx/package.go b/spdx/package.go deleted file mode 100644 index e6c4522..0000000 --- a/spdx/package.go +++ /dev/null @@ -1,348 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -import ( - "encoding/json" - "fmt" - "strings" -) - -type Supplier struct { - // can be "NOASSERTION" - Supplier string - // SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION" - SupplierType string -} - -// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct. -// This function is also used when unmarshalling YAML -func (s *Supplier) UnmarshalJSON(data []byte) error { - // the value is just a string presented as a slice of bytes - supplierStr := string(data) - supplierStr = strings.Trim(supplierStr, "\"") - - if supplierStr == "NOASSERTION" { - s.Supplier = supplierStr - return nil - } - - supplierFields := strings.SplitN(supplierStr, ": ", 2) - - if len(supplierFields) != 2 { - return fmt.Errorf("failed to parse Supplier '%s'", supplierStr) - } - - s.SupplierType = supplierFields[0] - s.Supplier = supplierFields[1] - - return nil -} - -// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form. -// This function is also used when marshalling to YAML -func (s Supplier) MarshalJSON() ([]byte, error) { - if s.Supplier == "NOASSERTION" { - return json.Marshal(s.Supplier) - } else if s.SupplierType != "" && s.Supplier != "" { - return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier)) - } - - return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s) -} - -type Originator struct { - // can be "NOASSERTION" - Originator string - // OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION" - OriginatorType string -} - -// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct. -// This function is also used when unmarshalling YAML -func (o *Originator) UnmarshalJSON(data []byte) error { - // the value is just a string presented as a slice of bytes - originatorStr := string(data) - originatorStr = strings.Trim(originatorStr, "\"") - - if originatorStr == "NOASSERTION" { - o.Originator = originatorStr - return nil - } - - originatorFields := strings.SplitN(originatorStr, ": ", 2) - - if len(originatorFields) != 2 { - return fmt.Errorf("failed to parse Originator '%s'", originatorStr) - } - - o.OriginatorType = originatorFields[0] - o.Originator = originatorFields[1] - - return nil -} - -// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form. -// This function is also used when marshalling to YAML -func (o Originator) MarshalJSON() ([]byte, error) { - if o.Originator == "NOASSERTION" { - return json.Marshal(o.Originator) - } else if o.Originator != "" { - return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator)) - } - - return []byte{}, nil -} - -type PackageVerificationCode struct { - // Cardinality: mandatory, one if filesAnalyzed is true / omitted; - // zero (must be omitted) if filesAnalyzed is false - Value string `json:"packageVerificationCodeValue"` - // Spec also allows specifying files to exclude from the - // verification code algorithm; intended to enable exclusion of - // the SPDX document file itself. - ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"` -} - -// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec. -type Package2_1 struct { - // 3.1: Package Name - // Cardinality: mandatory, one - PackageName string `json:"name"` - - // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - PackageSPDXIdentifier ElementID `json:"SPDXID"` - - // 3.3: Package Version - // Cardinality: optional, one - PackageVersion string `json:"versionInfo,omitempty"` - - // 3.4: Package File Name - // Cardinality: optional, one - PackageFileName string `json:"packageFileName,omitempty"` - - // 3.5: Package Supplier: may have single result for either Person or Organization, - // or NOASSERTION - // Cardinality: optional, one - PackageSupplier *Supplier `json:"supplier,omitempty"` - - // 3.6: Package Originator: may have single result for either Person or Organization, - // or NOASSERTION - // Cardinality: optional, one - PackageOriginator *Originator `json:"originator,omitempty"` - - // 3.7: Package Download Location - // Cardinality: mandatory, one - PackageDownloadLocation string `json:"downloadLocation"` - - // 3.8: FilesAnalyzed - // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` - // NOT PART OF SPEC: did FilesAnalyzed tag appear? - IsFilesAnalyzedTagPresent bool `json:"-"` - - // 3.9: Package Verification Code - PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"` - - // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 - // Cardinality: optional, one or many - PackageChecksums []Checksum `json:"checksums,omitempty"` - - // 3.11: Package Home Page - // Cardinality: optional, one - PackageHomePage string `json:"homepage,omitempty"` - - // 3.12: Source Information - // Cardinality: optional, one - PackageSourceInfo string `json:"sourceInfo,omitempty"` - - // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageLicenseConcluded string `json:"licenseConcluded"` - - // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; - // zero (must be omitted) if filesAnalyzed is false - PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` - - // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageLicenseDeclared string `json:"licenseDeclared"` - - // 3.16: Comments on License - // Cardinality: optional, one - PackageLicenseComments string `json:"licenseComments,omitempty"` - - // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageCopyrightText string `json:"copyrightText"` - - // 3.18: Package Summary Description - // Cardinality: optional, one - PackageSummary string `json:"summary,omitempty"` - - // 3.19: Package Detailed Description - // Cardinality: optional, one - PackageDescription string `json:"description,omitempty"` - - // 3.20: Package Comment - // Cardinality: optional, one - PackageComment string `json:"comment,omitempty"` - - // 3.21: Package External Reference - // Cardinality: optional, one or many - PackageExternalReferences []*PackageExternalReference2_1 `json:"externalRefs,omitempty"` - - // Files contained in this Package - Files []*File2_1 - - Annotations []Annotation2_1 `json:"annotations,omitempty"` -} - -// PackageExternalReference2_1 is an External Reference to additional info -// about a Package, as defined in section 3.21 in version 2.1 of the spec. -type PackageExternalReference2_1 struct { - // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" - Category string `json:"referenceCategory"` - - // type is an [idstring] as defined in Appendix VI; - // called RefType here due to "type" being a Golang keyword - RefType string `json:"referenceType"` - - // locator is a unique string to access the package-specific - // info, metadata or content within the target location - Locator string `json:"referenceLocator"` - - // 3.22: Package External Reference Comment - // Cardinality: conditional (optional, one) for each External Reference - ExternalRefComment string `json:"comment"` -} - -// Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec. -type Package2_2 struct { - // NOT PART OF SPEC - // flag: does this "package" contain files that were in fact "unpackaged", - // e.g. included directly in the Document without being in a Package? - IsUnpackaged bool - - // 3.1: Package Name - // Cardinality: mandatory, one - PackageName string `json:"name"` - - // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - PackageSPDXIdentifier ElementID `json:"SPDXID"` - - // 3.3: Package Version - // Cardinality: optional, one - PackageVersion string `json:"versionInfo,omitempty"` - - // 3.4: Package File Name - // Cardinality: optional, one - PackageFileName string `json:"packageFileName,omitempty"` - - // 3.5: Package Supplier: may have single result for either Person or Organization, - // or NOASSERTION - // Cardinality: optional, one - PackageSupplier *Supplier `json:"supplier,omitempty"` - - // 3.6: Package Originator: may have single result for either Person or Organization, - // or NOASSERTION - // Cardinality: optional, one - PackageOriginator *Originator `json:"originator,omitempty"` - - // 3.7: Package Download Location - // Cardinality: mandatory, one - PackageDownloadLocation string `json:"downloadLocation"` - - // 3.8: FilesAnalyzed - // Cardinality: optional, one; default value is "true" if omitted - FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` - // NOT PART OF SPEC: did FilesAnalyzed tag appear? - IsFilesAnalyzedTagPresent bool - - // 3.9: Package Verification Code - PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"` - - // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 - // Cardinality: optional, one or many - PackageChecksums []Checksum `json:"checksums"` - - // 3.11: Package Home Page - // Cardinality: optional, one - PackageHomePage string `json:"homepage,omitempty"` - - // 3.12: Source Information - // Cardinality: optional, one - PackageSourceInfo string `json:"sourceInfo,omitempty"` - - // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageLicenseConcluded string `json:"licenseConcluded"` - - // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; - // zero (must be omitted) if filesAnalyzed is false - PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` - - // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageLicenseDeclared string `json:"licenseDeclared"` - - // 3.16: Comments on License - // Cardinality: optional, one - PackageLicenseComments string `json:"licenseComments,omitempty"` - - // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - PackageCopyrightText string `json:"copyrightText"` - - // 3.18: Package Summary Description - // Cardinality: optional, one - PackageSummary string `json:"summary,omitempty"` - - // 3.19: Package Detailed Description - // Cardinality: optional, one - PackageDescription string `json:"description,omitempty"` - - // 3.20: Package Comment - // Cardinality: optional, one - PackageComment string `json:"comment,omitempty"` - - // 3.21: Package External Reference - // Cardinality: optional, one or many - PackageExternalReferences []*PackageExternalReference2_2 `json:"externalRefs,omitempty"` - - // 3.22: Package External Reference Comment - // Cardinality: conditional (optional, one) for each External Reference - // contained within PackageExternalReference2_1 struct, if present - - // 3.23: Package Attribution Text - // Cardinality: optional, one or many - PackageAttributionTexts []string `json:"attributionTexts,omitempty"` - - // Files contained in this Package - Files []*File2_2 - - Annotations []Annotation2_2 `json:"annotations"` -} - -// PackageExternalReference2_2 is an External Reference to additional info -// about a Package, as defined in section 3.21 in version 2.2 of the spec. -type PackageExternalReference2_2 struct { - // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" - Category string `json:"referenceCategory"` - - // type is an [idstring] as defined in Appendix VI; - // called RefType here due to "type" being a Golang keyword - RefType string `json:"referenceType"` - - // locator is a unique string to access the package-specific - // info, metadata or content within the target location - Locator string `json:"referenceLocator"` - - // 3.22: Package External Reference Comment - // Cardinality: conditional (optional, one) for each External Reference - ExternalRefComment string `json:"comment"` -} diff --git a/spdx/relationship.go b/spdx/relationship.go deleted file mode 100644 index 9127727..0000000 --- a/spdx/relationship.go +++ /dev/null @@ -1,39 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -// Relationship2_1 is a Relationship section of an SPDX Document for -// version 2.1 of the spec. -type Relationship2_1 struct { - - // 7.1: Relationship - // Cardinality: optional, one or more; one per Relationship2_1 - // one mandatory for SPDX Document with multiple packages - // RefA and RefB are first and second item - // Relationship is type from 7.1.1 - RefA DocElementID `json:"spdxElementId"` - RefB DocElementID `json:"relatedSpdxElement"` - Relationship string `json:"relationshipType"` - - // 7.2: Relationship Comment - // Cardinality: optional, one - RelationshipComment string `json:"comment,omitempty"` -} - -// Relationship2_2 is a Relationship section of an SPDX Document for -// version 2.2 of the spec. -type Relationship2_2 struct { - - // 7.1: Relationship - // Cardinality: optional, one or more; one per Relationship2_2 - // one mandatory for SPDX Document with multiple packages - // RefA and RefB are first and second item - // Relationship is type from 7.1.1 - RefA DocElementID `json:"spdxElementId"` - RefB DocElementID `json:"relatedSpdxElement"` - Relationship string `json:"relationshipType"` - - // 7.2: Relationship Comment - // Cardinality: optional, one - RelationshipComment string `json:"comment,omitempty"` -} diff --git a/spdx/review.go b/spdx/review.go deleted file mode 100644 index 8ca6a77..0000000 --- a/spdx/review.go +++ /dev/null @@ -1,47 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -// Review2_1 is a Review section of an SPDX Document for version 2.1 of the spec. -// DEPRECATED in version 2.0 of spec; retained here for compatibility. -type Review2_1 struct { - - // DEPRECATED in version 2.0 of spec - // 9.1: Reviewer - // Cardinality: optional, one - Reviewer string - // including AnnotatorType: one of "Person", "Organization" or "Tool" - ReviewerType string - - // DEPRECATED in version 2.0 of spec - // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ - // Cardinality: conditional (mandatory, one) if there is a Reviewer - ReviewDate string - - // DEPRECATED in version 2.0 of spec - // 9.3: Review Comment - // Cardinality: optional, one - ReviewComment string -} - -// Review2_2 is a Review section of an SPDX Document for version 2.2 of the spec. -// DEPRECATED in version 2.0 of spec; retained here for compatibility. -type Review2_2 struct { - - // DEPRECATED in version 2.0 of spec - // 9.1: Reviewer - // Cardinality: optional, one - Reviewer string - // including AnnotatorType: one of "Person", "Organization" or "Tool" - ReviewerType string - - // DEPRECATED in version 2.0 of spec - // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ - // Cardinality: conditional (mandatory, one) if there is a Reviewer - ReviewDate string - - // DEPRECATED in version 2.0 of spec - // 9.3: Review Comment - // Cardinality: optional, one - ReviewComment string -} diff --git a/spdx/snippet.go b/spdx/snippet.go deleted file mode 100644 index 6bffb8c..0000000 --- a/spdx/snippet.go +++ /dev/null @@ -1,102 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -package spdx - -type SnippetRangePointer struct { - // 5.3: Snippet Byte Range: [start byte]:[end byte] - // Cardinality: mandatory, one - Offset int `json:"offset,omitempty"` - - // 5.4: Snippet Line Range: [start line]:[end line] - // Cardinality: optional, one - LineNumber int `json:"lineNumber,omitempty"` - - FileSPDXIdentifier ElementID `json:"reference"` -} - -type SnippetRange struct { - StartPointer SnippetRangePointer `json:"startPointer"` - EndPointer SnippetRangePointer `json:"endPointer"` -} - -// Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec. -type Snippet2_1 struct { - - // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - SnippetSPDXIdentifier ElementID `json:"SPDXID"` - - // 5.2: Snippet from File SPDX Identifier - // Cardinality: mandatory, one - SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"` - - // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to - Ranges []SnippetRange `json:"ranges"` - - // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - SnippetLicenseConcluded string `json:"licenseConcluded"` - - // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: optional, one or many - LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` - - // 5.7: Snippet Comments on License - // Cardinality: optional, one - SnippetLicenseComments string `json:"licenseComments,omitempty"` - - // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - SnippetCopyrightText string `json:"copyrightText"` - - // 5.9: Snippet Comment - // Cardinality: optional, one - SnippetComment string `json:"comment,omitempty"` - - // 5.10: Snippet Name - // Cardinality: optional, one - SnippetName string `json:"name,omitempty"` -} - -// Snippet2_2 is a Snippet section of an SPDX Document for version 2.2 of the spec. -type Snippet2_2 struct { - - // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" - // Cardinality: mandatory, one - SnippetSPDXIdentifier ElementID `json:"SPDXID"` - - // 5.2: Snippet from File SPDX Identifier - // Cardinality: mandatory, one - SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"` - - // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to - Ranges []SnippetRange `json:"ranges"` - - // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - SnippetLicenseConcluded string `json:"licenseConcluded"` - - // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" - // Cardinality: optional, one or many - LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` - - // 5.7: Snippet Comments on License - // Cardinality: optional, one - SnippetLicenseComments string `json:"licenseComments,omitempty"` - - // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" - // Cardinality: mandatory, one - SnippetCopyrightText string `json:"copyrightText"` - - // 5.9: Snippet Comment - // Cardinality: optional, one - SnippetComment string `json:"comment,omitempty"` - - // 5.10: Snippet Name - // Cardinality: optional, one - SnippetName string `json:"name,omitempty"` - - // 5.11: Snippet Attribution Text - // Cardinality: optional, one or many - SnippetAttributionTexts []string `json:"-"` -} diff --git a/spdx/v2_1/annotation.go b/spdx/v2_1/annotation.go new file mode 100644 index 0000000..45fcd13 --- /dev/null +++ b/spdx/v2_1/annotation.go @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// Annotation is an Annotation section of an SPDX Document for version 2.1 of the spec. +type Annotation struct { + // 8.1: Annotator + // Cardinality: conditional (mandatory, one) if there is an Annotation + Annotator common.Annotator `json:"annotator"` + + // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationDate string `json:"annotationDate"` + + // 8.3: Annotation Type: "REVIEW" or "OTHER" + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationType string `json:"annotationType"` + + // 8.4: SPDX Identifier Reference + // Cardinality: conditional (mandatory, one) if there is an Annotation + // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. + AnnotationSPDXIdentifier common.DocElementID `json:"-"` + + // 8.5: Annotation Comment + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationComment string `json:"comment"` +} diff --git a/spdx/v2_1/creation_info.go b/spdx/v2_1/creation_info.go new file mode 100644 index 0000000..f4c4f41 --- /dev/null +++ b/spdx/v2_1/creation_info.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// CreationInfo is a Document Creation Information section of an +// SPDX Document for version 2.1 of the spec. +type CreationInfo struct { + // 2.7: License List Version + // Cardinality: optional, one + LicenseListVersion string `json:"licenseListVersion"` + + // 2.8: Creators: may have multiple keys for Person, Organization + // and/or Tool + // Cardinality: mandatory, one or many + Creators []common.Creator `json:"creators"` + + // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ + // Cardinality: mandatory, one + Created string `json:"created"` + + // 2.10: Creator Comment + // Cardinality: optional, one + CreatorComment string `json:"comment"` +} diff --git a/spdx/v2_1/document.go b/spdx/v2_1/document.go new file mode 100644 index 0000000..9721463 --- /dev/null +++ b/spdx/v2_1/document.go @@ -0,0 +1,65 @@ +// Package spdx contains the struct definition for an SPDX Document +// and its constituent parts. +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// ExternalDocumentRef is a reference to an external SPDX document +// as defined in section 2.6 for version 2.1 of the spec. +type ExternalDocumentRef struct { + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string `json:"externalDocumentId"` + + // URI is the URI defined for the external document + URI string `json:"spdxDocument"` + + // Checksum is the actual hash data + Checksum common.Checksum `json:"checksum"` +} + +// Document is an SPDX Document for version 2.1 of the spec. +// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf +type Document struct { + // 2.1: SPDX Version; should be in the format "SPDX-2.1" + // Cardinality: mandatory, one + SPDXVersion string `json:"spdxVersion"` + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string `json:"dataLicense"` + + // 2.3: SPDX Identifier; should be "DOCUMENT" to represent + // mandatory identifier of SPDXRef-DOCUMENT + // Cardinality: mandatory, one + SPDXIdentifier common.ElementID `json:"SPDXID"` + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string `json:"name"` + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string `json:"documentNamespace"` + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"` + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string `json:"comment,omitempty"` + + CreationInfo *CreationInfo `json:"creationInfo"` + Packages []*Package `json:"packages"` + Files []*File `json:"files"` + OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos"` + Relationships []*Relationship `json:"relationships"` + Annotations []*Annotation `json:"annotations"` + Snippets []Snippet `json:"snippets"` + + // DEPRECATED in version 2.0 of spec + Reviews []*Review +} diff --git a/spdx/v2_1/file.go b/spdx/v2_1/file.go new file mode 100644 index 0000000..ffdec94 --- /dev/null +++ b/spdx/v2_1/file.go @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// File is a File section of an SPDX Document for version 2.1 of the spec. +type File struct { + // 4.1: File Name + // Cardinality: mandatory, one + FileName string `json:"fileName"` + + // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + FileSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 4.3: File Types + // Cardinality: optional, multiple + FileTypes []string `json:"fileTypes,omitempty"` + + // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: mandatory, one SHA1, others may be optionally provided + Checksums []common.Checksum `json:"checksums"` + + // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + LicenseConcluded string `json:"licenseConcluded"` + + // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many + LicenseInfoInFiles []string `json:"licenseInfoInFiles"` + + // 4.7: Comments on License + // Cardinality: optional, one + LicenseComments string `json:"licenseComments,omitempty"` + + // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + FileCopyrightText string `json:"copyrightText"` + + // DEPRECATED in version 2.1 of spec + // 4.9-4.11: Artifact of Project variables (defined below) + // Cardinality: optional, one or many + ArtifactOfProjects []*ArtifactOfProject `json:"-"` + + // 4.12: File Comment + // Cardinality: optional, one + FileComment string `json:"comment,omitempty"` + + // 4.13: File Notice + // Cardinality: optional, one + FileNotice string `json:"noticeText,omitempty"` + + // 4.14: File Contributor + // Cardinality: optional, one or many + FileContributors []string `json:"fileContributors,omitempty"` + + // DEPRECATED in version 2.0 of spec + // 4.15: File Dependencies + // Cardinality: optional, one or many + FileDependencies []string `json:"-"` + + // Snippets contained in this File + // Note that Snippets could be defined in a different Document! However, + // the only ones that _THIS_ document can contain are the ones that are + // defined here -- so this should just be an ElementID. + Snippets map[common.ElementID]*Snippet `json:"-"` + + Annotations []Annotation `json:"annotations"` +} + +// ArtifactOfProject is a DEPRECATED collection of data regarding +// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec. +type ArtifactOfProject struct { + + // DEPRECATED in version 2.1 of spec + // 4.9: Artifact of Project Name + // Cardinality: conditional, required if present, one per AOP + Name string + + // DEPRECATED in version 2.1 of spec + // 4.10: Artifact of Project Homepage: URL or "UNKNOWN" + // Cardinality: optional, one per AOP + HomePage string + + // DEPRECATED in version 2.1 of spec + // 4.11: Artifact of Project Uniform Resource Identifier + // Cardinality: optional, one per AOP + URI string +} diff --git a/spdx/v2_1/other_license.go b/spdx/v2_1/other_license.go new file mode 100644 index 0000000..6ae09fe --- /dev/null +++ b/spdx/v2_1/other_license.go @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +// OtherLicense is an Other License Information section of an +// SPDX Document for version 2.1 of the spec. +type OtherLicense struct { + // 6.1: License Identifier: "LicenseRef-[idstring]" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseIdentifier string `json:"licenseId"` + + // 6.2: Extracted Text + // Cardinality: conditional (mandatory, one) if there is a + // License Identifier assigned + ExtractedText string `json:"extractedText"` + + // 6.3: License Name: single line of text or "NOASSERTION" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseName string `json:"name,omitempty"` + + // 6.4: License Cross Reference + // Cardinality: conditional (optional, one or many) if license + // is not on SPDX License List + LicenseCrossReferences []string `json:"seeAlsos,omitempty"` + + // 6.5: License Comment + // Cardinality: optional, one + LicenseComment string `json:"comment,omitempty"` +} diff --git a/spdx/v2_1/package.go b/spdx/v2_1/package.go new file mode 100644 index 0000000..4bf5636 --- /dev/null +++ b/spdx/v2_1/package.go @@ -0,0 +1,120 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// Package is a Package section of an SPDX Document for version 2.1 of the spec. +type Package struct { + // 3.1: Package Name + // Cardinality: mandatory, one + PackageName string `json:"name"` + + // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + PackageSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 3.3: Package Version + // Cardinality: optional, one + PackageVersion string `json:"versionInfo,omitempty"` + + // 3.4: Package File Name + // Cardinality: optional, one + PackageFileName string `json:"packageFileName,omitempty"` + + // 3.5: Package Supplier: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageSupplier *common.Supplier `json:"supplier,omitempty"` + + // 3.6: Package Originator: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageOriginator *common.Originator `json:"originator,omitempty"` + + // 3.7: Package Download Location + // Cardinality: mandatory, one + PackageDownloadLocation string `json:"downloadLocation"` + + // 3.8: FilesAnalyzed + // Cardinality: optional, one; default value is "true" if omitted + FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` + // NOT PART OF SPEC: did FilesAnalyzed tag appear? + IsFilesAnalyzedTagPresent bool `json:"-"` + + // 3.9: Package Verification Code + PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"` + + // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: optional, one or many + PackageChecksums []common.Checksum `json:"checksums,omitempty"` + + // 3.11: Package Home Page + // Cardinality: optional, one + PackageHomePage string `json:"homepage,omitempty"` + + // 3.12: Source Information + // Cardinality: optional, one + PackageSourceInfo string `json:"sourceInfo,omitempty"` + + // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseConcluded string `json:"licenseConcluded"` + + // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` + + // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseDeclared string `json:"licenseDeclared"` + + // 3.16: Comments on License + // Cardinality: optional, one + PackageLicenseComments string `json:"licenseComments,omitempty"` + + // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageCopyrightText string `json:"copyrightText"` + + // 3.18: Package Summary Description + // Cardinality: optional, one + PackageSummary string `json:"summary,omitempty"` + + // 3.19: Package Detailed Description + // Cardinality: optional, one + PackageDescription string `json:"description,omitempty"` + + // 3.20: Package Comment + // Cardinality: optional, one + PackageComment string `json:"comment,omitempty"` + + // 3.21: Package External Reference + // Cardinality: optional, one or many + PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"` + + // Files contained in this Package + Files []*File + + Annotations []Annotation `json:"annotations,omitempty"` +} + +// PackageExternalReference is an External Reference to additional info +// about a Package, as defined in section 3.21 in version 2.1 of the spec. +type PackageExternalReference struct { + // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" + Category string `json:"referenceCategory"` + + // type is an [idstring] as defined in Appendix VI; + // called RefType here due to "type" being a Golang keyword + RefType string `json:"referenceType"` + + // locator is a unique string to access the package-specific + // info, metadata or content within the target location + Locator string `json:"referenceLocator"` + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + ExternalRefComment string `json:"comment"` +} diff --git a/spdx/v2_1/relationship.go b/spdx/v2_1/relationship.go new file mode 100644 index 0000000..006e23f --- /dev/null +++ b/spdx/v2_1/relationship.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// Relationship is a Relationship section of an SPDX Document for +// version 2.1 of the spec. +type Relationship struct { + + // 7.1: Relationship + // Cardinality: optional, one or more; one per Relationship + // one mandatory for SPDX Document with multiple packages + // RefA and RefB are first and second item + // Relationship is type from 7.1.1 + RefA common.DocElementID `json:"spdxElementId"` + RefB common.DocElementID `json:"relatedSpdxElement"` + Relationship string `json:"relationshipType"` + + // 7.2: Relationship Comment + // Cardinality: optional, one + RelationshipComment string `json:"comment,omitempty"` +} diff --git a/spdx/v2_1/review.go b/spdx/v2_1/review.go new file mode 100644 index 0000000..8d70d00 --- /dev/null +++ b/spdx/v2_1/review.go @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +// Review is a Review section of an SPDX Document for version 2.1 of the spec. +// DEPRECATED in version 2.0 of spec; retained here for compatibility. +type Review struct { + + // DEPRECATED in version 2.0 of spec + // 9.1: Reviewer + // Cardinality: optional, one + Reviewer string + // including AnnotatorType: one of "Person", "Organization" or "Tool" + ReviewerType string + + // DEPRECATED in version 2.0 of spec + // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is a Reviewer + ReviewDate string + + // DEPRECATED in version 2.0 of spec + // 9.3: Review Comment + // Cardinality: optional, one + ReviewComment string +} diff --git a/spdx/v2_1/snippet.go b/spdx/v2_1/snippet.go new file mode 100644 index 0000000..e4d2f59 --- /dev/null +++ b/spdx/v2_1/snippet.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_1 + +import "github.com/spdx/tools-golang/spdx/common" + +// Snippet is a Snippet section of an SPDX Document for version 2.1 of the spec. +type Snippet struct { + + // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + SnippetSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 5.2: Snippet from File SPDX Identifier + // Cardinality: mandatory, one + SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"` + + // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to + Ranges []common.SnippetRange `json:"ranges"` + + // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetLicenseConcluded string `json:"licenseConcluded"` + + // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: optional, one or many + LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` + + // 5.7: Snippet Comments on License + // Cardinality: optional, one + SnippetLicenseComments string `json:"licenseComments,omitempty"` + + // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetCopyrightText string `json:"copyrightText"` + + // 5.9: Snippet Comment + // Cardinality: optional, one + SnippetComment string `json:"comment,omitempty"` + + // 5.10: Snippet Name + // Cardinality: optional, one + SnippetName string `json:"name,omitempty"` +} diff --git a/spdx/v2_2/annotation.go b/spdx/v2_2/annotation.go new file mode 100644 index 0000000..f2d5bc8 --- /dev/null +++ b/spdx/v2_2/annotation.go @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// Annotation is an Annotation section of an SPDX Document for version 2.2 of the spec. +type Annotation struct { + // 8.1: Annotator + // Cardinality: conditional (mandatory, one) if there is an Annotation + Annotator common.Annotator `json:"annotator"` + + // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationDate string `json:"annotationDate"` + + // 8.3: Annotation Type: "REVIEW" or "OTHER" + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationType string `json:"annotationType"` + + // 8.4: SPDX Identifier Reference + // Cardinality: conditional (mandatory, one) if there is an Annotation + // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML. + AnnotationSPDXIdentifier common.DocElementID `json:"-"` + + // 8.5: Annotation Comment + // Cardinality: conditional (mandatory, one) if there is an Annotation + AnnotationComment string `json:"comment"` +} diff --git a/spdx/v2_2/creation_info.go b/spdx/v2_2/creation_info.go new file mode 100644 index 0000000..b68dade --- /dev/null +++ b/spdx/v2_2/creation_info.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// CreationInfo is a Document Creation Information section of an +// SPDX Document for version 2.2 of the spec. +type CreationInfo struct { + // 2.7: License List Version + // Cardinality: optional, one + LicenseListVersion string `json:"licenseListVersion"` + + // 2.8: Creators: may have multiple keys for Person, Organization + // and/or Tool + // Cardinality: mandatory, one or many + Creators []common.Creator `json:"creators"` + + // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ + // Cardinality: mandatory, one + Created string `json:"created"` + + // 2.10: Creator Comment + // Cardinality: optional, one + CreatorComment string `json:"comment"` +} diff --git a/spdx/v2_2/document.go b/spdx/v2_2/document.go new file mode 100644 index 0000000..d239194 --- /dev/null +++ b/spdx/v2_2/document.go @@ -0,0 +1,65 @@ +// Package spdx contains the struct definition for an SPDX Document +// and its constituent parts. +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// ExternalDocumentRef is a reference to an external SPDX document +// as defined in section 2.6 for version 2.2 of the spec. +type ExternalDocumentRef struct { + // DocumentRefID is the ID string defined in the start of the + // reference. It should _not_ contain the "DocumentRef-" part + // of the mandatory ID string. + DocumentRefID string `json:"externalDocumentId"` + + // URI is the URI defined for the external document + URI string `json:"spdxDocument"` + + // Checksum is the actual hash data + Checksum common.Checksum `json:"checksum"` +} + +// Document is an SPDX Document for version 2.2 of the spec. +// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT) +type Document struct { + // 2.1: SPDX Version; should be in the format "SPDX-2.2" + // Cardinality: mandatory, one + SPDXVersion string `json:"spdxVersion"` + + // 2.2: Data License; should be "CC0-1.0" + // Cardinality: mandatory, one + DataLicense string `json:"dataLicense"` + + // 2.3: SPDX Identifier; should be "DOCUMENT" to represent + // mandatory identifier of SPDXRef-DOCUMENT + // Cardinality: mandatory, one + SPDXIdentifier common.ElementID `json:"SPDXID"` + + // 2.4: Document Name + // Cardinality: mandatory, one + DocumentName string `json:"name"` + + // 2.5: Document Namespace + // Cardinality: mandatory, one + DocumentNamespace string `json:"documentNamespace"` + + // 2.6: External Document References + // Cardinality: optional, one or many + ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"` + + // 2.11: Document Comment + // Cardinality: optional, one + DocumentComment string `json:"comment,omitempty"` + + CreationInfo *CreationInfo `json:"creationInfo"` + Packages []*Package `json:"packages"` + Files []*File `json:"files"` + OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos"` + Relationships []*Relationship `json:"relationships"` + Annotations []*Annotation `json:"annotations"` + Snippets []Snippet `json:"snippets"` + + // DEPRECATED in version 2.0 of spec + Reviews []*Review +} diff --git a/spdx/v2_2/file.go b/spdx/v2_2/file.go new file mode 100644 index 0000000..43c2608 --- /dev/null +++ b/spdx/v2_2/file.go @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// File is a File section of an SPDX Document for version 2.2 of the spec. +type File struct { + // 4.1: File Name + // Cardinality: mandatory, one + FileName string `json:"fileName"` + + // 4.2: File SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + FileSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 4.3: File Types + // Cardinality: optional, multiple + FileTypes []string `json:"fileTypes,omitempty"` + + // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: mandatory, one SHA1, others may be optionally provided + Checksums []common.Checksum `json:"checksums"` + + // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + LicenseConcluded string `json:"licenseConcluded"` + + // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many + LicenseInfoInFiles []string `json:"licenseInfoInFiles"` + + // 4.7: Comments on License + // Cardinality: optional, one + LicenseComments string `json:"licenseComments,omitempty"` + + // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + FileCopyrightText string `json:"copyrightText"` + + // DEPRECATED in version 2.1 of spec + // 4.9-4.11: Artifact of Project variables (defined below) + // Cardinality: optional, one or many + ArtifactOfProjects []*ArtifactOfProject `json:"-"` + + // 4.12: File Comment + // Cardinality: optional, one + FileComment string `json:"comment,omitempty"` + + // 4.13: File Notice + // Cardinality: optional, one + FileNotice string `json:"noticeText,omitempty"` + + // 4.14: File Contributor + // Cardinality: optional, one or many + FileContributors []string `json:"fileContributors,omitempty"` + + // 4.15: File Attribution Text + // Cardinality: optional, one or many + FileAttributionTexts []string `json:"attributionTexts,omitempty"` + + // DEPRECATED in version 2.0 of spec + // 4.16: File Dependencies + // Cardinality: optional, one or many + FileDependencies []string `json:"-"` + + // Snippets contained in this File + // Note that Snippets could be defined in a different Document! However, + // the only ones that _THIS_ document can contain are this ones that are + // defined here -- so this should just be an ElementID. + Snippets map[common.ElementID]*Snippet `json:"-"` + + Annotations []Annotation `json:"annotations,omitempty"` +} + +// ArtifactOfProject is a DEPRECATED collection of data regarding +// a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec. +type ArtifactOfProject struct { + + // DEPRECATED in version 2.1 of spec + // 4.9: Artifact of Project Name + // Cardinality: conditional, required if present, one per AOP + Name string + + // DEPRECATED in version 2.1 of spec + // 4.10: Artifact of Project Homepage: URL or "UNKNOWN" + // Cardinality: optional, one per AOP + HomePage string + + // DEPRECATED in version 2.1 of spec + // 4.11: Artifact of Project Uniform Resource Identifier + // Cardinality: optional, one per AOP + URI string +} diff --git a/spdx/v2_2/other_license.go b/spdx/v2_2/other_license.go new file mode 100644 index 0000000..1580169 --- /dev/null +++ b/spdx/v2_2/other_license.go @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +// OtherLicense is an Other License Information section of an +// SPDX Document for version 2.2 of the spec. +type OtherLicense struct { + // 6.1: License Identifier: "LicenseRef-[idstring]" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseIdentifier string `json:"licenseId"` + + // 6.2: Extracted Text + // Cardinality: conditional (mandatory, one) if there is a + // License Identifier assigned + ExtractedText string `json:"extractedText"` + + // 6.3: License Name: single line of text or "NOASSERTION" + // Cardinality: conditional (mandatory, one) if license is not + // on SPDX License List + LicenseName string `json:"name,omitempty"` + + // 6.4: License Cross Reference + // Cardinality: conditional (optional, one or many) if license + // is not on SPDX License List + LicenseCrossReferences []string `json:"seeAlsos,omitempty"` + + // 6.5: License Comment + // Cardinality: optional, one + LicenseComment string `json:"comment,omitempty"` +} diff --git a/spdx/v2_2/package.go b/spdx/v2_2/package.go new file mode 100644 index 0000000..f8eff78 --- /dev/null +++ b/spdx/v2_2/package.go @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// Package is a Package section of an SPDX Document for version 2.2 of the spec. +type Package struct { + // NOT PART OF SPEC + // flag: does this "package" contain files that were in fact "unpackaged", + // e.g. included directly in the Document without being in a Package? + IsUnpackaged bool + + // 3.1: Package Name + // Cardinality: mandatory, one + PackageName string `json:"name"` + + // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + PackageSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 3.3: Package Version + // Cardinality: optional, one + PackageVersion string `json:"versionInfo,omitempty"` + + // 3.4: Package File Name + // Cardinality: optional, one + PackageFileName string `json:"packageFileName,omitempty"` + + // 3.5: Package Supplier: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageSupplier *common.Supplier `json:"supplier,omitempty"` + + // 3.6: Package Originator: may have single result for either Person or Organization, + // or NOASSERTION + // Cardinality: optional, one + PackageOriginator *common.Originator `json:"originator,omitempty"` + + // 3.7: Package Download Location + // Cardinality: mandatory, one + PackageDownloadLocation string `json:"downloadLocation"` + + // 3.8: FilesAnalyzed + // Cardinality: optional, one; default value is "true" if omitted + FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` + // NOT PART OF SPEC: did FilesAnalyzed tag appear? + IsFilesAnalyzedTagPresent bool + + // 3.9: Package Verification Code + PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"` + + // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5 + // Cardinality: optional, one or many + PackageChecksums []common.Checksum `json:"checksums"` + + // 3.11: Package Home Page + // Cardinality: optional, one + PackageHomePage string `json:"homepage,omitempty"` + + // 3.12: Source Information + // Cardinality: optional, one + PackageSourceInfo string `json:"sourceInfo,omitempty"` + + // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseConcluded string `json:"licenseConcluded"` + + // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; + // zero (must be omitted) if filesAnalyzed is false + PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` + + // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageLicenseDeclared string `json:"licenseDeclared"` + + // 3.16: Comments on License + // Cardinality: optional, one + PackageLicenseComments string `json:"licenseComments,omitempty"` + + // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + PackageCopyrightText string `json:"copyrightText"` + + // 3.18: Package Summary Description + // Cardinality: optional, one + PackageSummary string `json:"summary,omitempty"` + + // 3.19: Package Detailed Description + // Cardinality: optional, one + PackageDescription string `json:"description,omitempty"` + + // 3.20: Package Comment + // Cardinality: optional, one + PackageComment string `json:"comment,omitempty"` + + // 3.21: Package External Reference + // Cardinality: optional, one or many + PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"` + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + // contained within PackageExternalReference2_1 struct, if present + + // 3.23: Package Attribution Text + // Cardinality: optional, one or many + PackageAttributionTexts []string `json:"attributionTexts,omitempty"` + + // Files contained in this Package + Files []*File + + Annotations []Annotation `json:"annotations"` +} + +// PackageExternalReference is an External Reference to additional info +// about a Package, as defined in section 3.21 in version 2.2 of the spec. +type PackageExternalReference struct { + // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" + Category string `json:"referenceCategory"` + + // type is an [idstring] as defined in Appendix VI; + // called RefType here due to "type" being a Golang keyword + RefType string `json:"referenceType"` + + // locator is a unique string to access the package-specific + // info, metadata or content within the target location + Locator string `json:"referenceLocator"` + + // 3.22: Package External Reference Comment + // Cardinality: conditional (optional, one) for each External Reference + ExternalRefComment string `json:"comment"` +} diff --git a/spdx/v2_2/relationship.go b/spdx/v2_2/relationship.go new file mode 100644 index 0000000..6b44898 --- /dev/null +++ b/spdx/v2_2/relationship.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// Relationship is a Relationship section of an SPDX Document for +// version 2.2 of the spec. +type Relationship struct { + + // 7.1: Relationship + // Cardinality: optional, one or more; one per Relationship + // one mandatory for SPDX Document with multiple packages + // RefA and RefB are first and second item + // Relationship is type from 7.1.1 + RefA common.DocElementID `json:"spdxElementId"` + RefB common.DocElementID `json:"relatedSpdxElement"` + Relationship string `json:"relationshipType"` + + // 7.2: Relationship Comment + // Cardinality: optional, one + RelationshipComment string `json:"comment,omitempty"` +} diff --git a/spdx/v2_2/review.go b/spdx/v2_2/review.go new file mode 100644 index 0000000..4cc7c42 --- /dev/null +++ b/spdx/v2_2/review.go @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +// Review is a Review section of an SPDX Document for version 2.2 of the spec. +// DEPRECATED in version 2.0 of spec; retained here for compatibility. +type Review struct { + + // DEPRECATED in version 2.0 of spec + // 9.1: Reviewer + // Cardinality: optional, one + Reviewer string + // including AnnotatorType: one of "Person", "Organization" or "Tool" + ReviewerType string + + // DEPRECATED in version 2.0 of spec + // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ + // Cardinality: conditional (mandatory, one) if there is a Reviewer + ReviewDate string + + // DEPRECATED in version 2.0 of spec + // 9.3: Review Comment + // Cardinality: optional, one + ReviewComment string +} diff --git a/spdx/v2_2/snippet.go b/spdx/v2_2/snippet.go new file mode 100644 index 0000000..913007a --- /dev/null +++ b/spdx/v2_2/snippet.go @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +package v2_2 + +import "github.com/spdx/tools-golang/spdx/common" + +// Snippet is a Snippet section of an SPDX Document for version 2.2 of the spec. +type Snippet struct { + + // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]" + // Cardinality: mandatory, one + SnippetSPDXIdentifier common.ElementID `json:"SPDXID"` + + // 5.2: Snippet from File SPDX Identifier + // Cardinality: mandatory, one + SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"` + + // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to + Ranges []common.SnippetRange `json:"ranges"` + + // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetLicenseConcluded string `json:"licenseConcluded"` + + // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION" + // Cardinality: optional, one or many + LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"` + + // 5.7: Snippet Comments on License + // Cardinality: optional, one + SnippetLicenseComments string `json:"licenseComments,omitempty"` + + // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" + // Cardinality: mandatory, one + SnippetCopyrightText string `json:"copyrightText"` + + // 5.9: Snippet Comment + // Cardinality: optional, one + SnippetComment string `json:"comment,omitempty"` + + // 5.10: Snippet Name + // Cardinality: optional, one + SnippetName string `json:"name,omitempty"` + + // 5.11: Snippet Attribution Text + // Cardinality: optional, one or many + SnippetAttributionTexts []string `json:"-"` +} -- cgit v1.2.3