1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package builder2v1
import (
"fmt"
"github.com/spdx/tools-golang/spdx"
"github.com/spdx/tools-golang/utils"
"path/filepath"
"regexp"
)
// BuildPackageSection2_1 creates an SPDX Package (version 2.1), returning
// that package or error if any is encountered. Arguments:
// - packageName: name of package / directory
// - dirRoot: path to directory to be analyzed
// - pathsIgnore: slice of strings for filepaths to ignore
func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []string) (*spdx.Package2_1, error) {
// build the file section first, so we'll have it available
// for calculating the package verification code
filepaths, err := utils.GetAllFilePaths(dirRoot, pathsIgnore)
if err != nil {
return nil, err
}
re, ok := regexp.Compile("/+")
if ok != nil {
return nil, err
}
files := map[spdx.ElementID]*spdx.File2_1{}
fileNumber := 0
for _, fp := range filepaths {
newFilePatch := filepath.FromSlash("./" + fp)
newFile, err := BuildFileSection2_1(re.ReplaceAllLiteralString(newFilePatch, string(filepath.Separator)), dirRoot, fileNumber)
if err != nil {
return nil, err
}
files[newFile.FileSPDXIdentifier] = newFile
fileNumber++
}
// get the verification code
code, err := utils.GetVerificationCode2_1(files, "")
if err != nil {
return nil, err
}
// now build the package section
pkg := &spdx.Package2_1{
PackageName: packageName,
PackageSPDXIdentifier: spdx.ElementID(fmt.Sprintf("Package-%s", packageName)),
PackageDownloadLocation: "NOASSERTION",
FilesAnalyzed: true,
IsFilesAnalyzedTagPresent: true,
PackageVerificationCode: code,
PackageLicenseConcluded: "NOASSERTION",
PackageLicenseInfoFromFiles: []string{},
PackageLicenseDeclared: "NOASSERTION",
PackageCopyrightText: "NOASSERTION",
Files: files,
}
return pkg, nil
}
|