Documentation
¶
Index ¶
- Constants
- Variables
- func DisplayLicenseListJson(output io.Writer)
- func DisplayLicenseListSummary(output io.Writer)
- func DisplayLicenseListSummaryCSV(output io.Writer) error
- func DisplayLicensePolicies(output io.Writer) error
- func DisplayLicensePoliciesCSV(output io.Writer) error
- func Execute()
- func FinalizeCompoundPolicy(expression *CompoundExpression)
- func FindPolicy(licenseInfo LicenseInfo) (matchedPolicy schema.LicensePolicy)
- func FindPolicyByFamilyName(name string) (policyValue string, matchedPolicy schema.LicensePolicy)
- func FindPolicyBySpdxId(id string) (policyValue string, matchedPolicy schema.LicensePolicy)
- func IsValidFamilyKey(key string) bool
- func IsValidPolicyEntry(policy schema.LicensePolicy) bool
- func IsValidSpdxId(id string) bool
- func ListErrors(errs []gojsonschema.ResultError)
- func ListLicenses(output io.Writer, format string, summary bool) error
- func LoadInputFileAndUnmarshal() (*schema.Sbom, error)
- func NewCommandLicense() *cobra.Command
- func NewCommandList() *cobra.Command
- func NewCommandPolicy() *cobra.Command
- func NewCommandQuery() *cobra.Command
- func NewCommandSchema() *cobra.Command
- func NewCommandValidate() *cobra.Command
- func NewCommandVersion() *cobra.Command
- func RootCmdImpl(cmd *cobra.Command, args []string) error
- func Validate() (valid bool, err error)
- func ValidateProperties() (valid bool, err error)
- type CDXAttachment
- type CDXBom
- type CDXComponent
- type CDXComposition
- type CDXDependency
- type CDXExternalReference
- type CDXHash
- type CDXLicense
- type CDXLicenseChoice
- type CDXMetadata
- type CDXOrganizationalContact
- type CDXOrganizationalEntity
- type CDXProperty
- type CDXService
- type CDXTool
- type CompoundExpression
- type LicenseInfo
- type QueryRequest
- type QueryResponse
Constants ¶
View Source
const ( KEY_METADATA = "metadata" KEY_COMPONENTS = "components" KEY_LICENSES = "licenses" )
View Source
const ( SUBCOMMAND_LIST = "list" SUBCOMMAND_POLICY = "policy" )
View Source
const ( LC_TYPE_INVALID = 0 LC_TYPE_ID = 1 LC_TYPE_NAME = 2 LC_TYPE_EXPRESSION = 3 )
LicenseChoice - Choice type
View Source
const ( AND string = "AND" OR string = "OR" WITH string = "WITH" )
Supported conjunctions and prepositions
View Source
const ( LEFT_PARENS string = "(" RIGHT_PARENS string = ")" PLUS_OPERATOR string = "+" )
Tokens
View Source
const ( FLAG_LICENSE_SUMMARY_HELP = "Summarize licenses and component references in table format" FLAG_LIST_OUTPUT_FORMAT_HELP = "Format output using the specific type. Valid values: \"json\"" )
Query command flag help messages
View Source
const ( POLICY_ALLOW = "allow" POLICY_DENY = "deny" POLICY_UNMATCHED = "UNMATCHED" )
View Source
const ( FLAG_OUTPUT_FORMAT = "format" FLAG_QUERY_SELECT = "select" FLAG_QUERY_FROM = "from" FLAG_QUERY_WHERE = "where" FLAG_QUERY_ORDER_BY = "orderby" )
Query command flags
View Source
const ( FLAG_OUTPUT_FORMAT_HELP = "Format output using the specific type. Valid values: \"json\"" FLAG_QUERY_SELECT_HELP = "comma-separated list of JSON keynames used to select fields within the object designated by the FROM flag." FLAG_QUERY_FROM_HELP = "dot-separated list of JSON keynames used to dereference into the JSON document." FLAG_QUERY_WHERE_HELP = "TODO" FLAG_QUERY_ORDER_BY_HELP = "TODO" )
Query command flag help messages
View Source
const ( MSG_INVALID_JSON_MAP = "invalid JSON map" MSG_INVALID_QUERY_REQUEST = "invalid query request" MSG_INVALID_QUERY_RESPONSE = "invalid query response" MSG_INVALID_QUERY_REQUEST_OBJ = "invalid query request object" MSG_INVALID_QUERY_RESPONSE_OBJ = "invalid query response object" MSG_QUERY_INVALID_SELECT_CLAUSE = "invalid SELECT clause" MSG_QUERY_INVALID_FROM_CLAUSE = "invalid FROM clause" MSG_QUERY_INVALID_WHERE_CLAUSE = "invalid WHERE clause" MSG_QUERY_INVALID_ORDER_BY_CLAUSE = "invalid ORDERBY clause" MSG_QUERY_MISSING_FROM_SELECTORS = "missing `--from` selectors" )
Query error types
View Source
const ( MSG_ERROR_FROM_KEY_NOT_FOUND = "key not found in path" MSG_ERROR_FROM_KEY_INVALID_OBJECT = "key does not reference a valid JSON object" MSG_ERROR_SELECT_WILDARD = "wildcard cannot be used with other values" )
Query error details
View Source
const ( ERROR_APPLICATION = 1 ERROR_VALIDATION = 2 )
View Source
const ( FLAG_TRACE = "trace" FLAG_TRACE_SHORT = "t" FLAG_DEBUG = "debug" FLAG_DEBUG_SHORT = "d" FLAG_FILENAME_INPUT = "input-file" FLAG_FILENAME_INPUT_SHORT = "i" FLAG_FILENAME_OUTPUT = "output-file" FLAG_FILENAME_OUTPUT_SHORT = "o" FLAG_QUIET_MODE = "quiet" FLAG_QUIET_MODE_SHORT = "q" FLAG_LOG_OUTPUT_INDENT = "indent" FLAG_FILE_OUTPUT_FORMAT = "format" )
View Source
const ( DEFAULT_CONFIG = "config.json" DEFAULT_LICENSE_POLICIES = "license.json" )
View Source
const ( VALID = true INVALID = false )
View Source
const (
FLAG_LICENSE_SUMMARY = "summary"
)
Subcommand flags
View Source
const (
FLAG_POLICY_OUTPUT_FORMAT_HELP = "Format output using the specific type. Valid values: \"txt\", \"csv\""
)
Subcommand flags
View Source
const (
FLAG_VALUE_OUTPUT_JSON = "json"
)
Valid `--format` formats
View Source
const (
REGEX_VALID_SPDX_ID = "^[a-zA-Z0-9.-]+$"
)
Note: the SPDX spec. does not provide regex for an SPDX ID, but provides the following in ABNF:
dstring = 1*(ALPHA / DIGIT / "-" / "." )
Currently, the regex below tests composition of of only alphanum, "-", and "." characters and disallows empty strings TODO:
- First and last chars are not "-" or "."
- Enforce reasonable min/.max length. In theory, we can check overall length with positive lookahead (e.g., min 3 max 128): (?=.{3,128}$) However, this does not appear to be supported in `regexp` package or perhaps it must be a compiled expression TBD
Variables ¶
View Source
var ComponentLicenses []LicenseInfo
View Source
var EMPTY_CDXLicense = CDXLicense{}
For convenience, we provide named vars. for testing for zero-length (empty) structs
View Source
var LC_TYPE_NAMES = [...]string{"invalid", "id", "name", "exp"}
Declare a fixed-sized array for LC type names
View Source
var ProjectLogger *log.MiniLogger
View Source
var TestInfraInitialized bool = false
View Source
var TestLogLevelError = flag.Bool("error", false, "")
View Source
var TestLogLevelTrace = flag.Bool("trace", false, "")
!!! SECRET SAUCE !!! NOTE: Go test framework uses the "flags" package and all we need do is declare a new global for it to be recognized. USAGE: to set on command line and have it parsed, simply append it as follows: '--args -trace'
View Source
var TestLogQuiet = flag.Bool("quiet", false, "")
View Source
var VALID_SUBCOMMANDS = []string{SUBCOMMAND_LIST, SUBCOMMAND_POLICY}
View Source
var VALID_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY}
Functions ¶
func DisplayLicenseListJson ¶
TODO: Support de-duplication of license records (MUST be exact using deep comparison)
func DisplayLicensePolicies ¶
TODO: Allow caller to pass flag to truncate or not (perhaps with value)
func FinalizeCompoundPolicy ¶
func FinalizeCompoundPolicy(expression *CompoundExpression)
func FindPolicy ¶
func FindPolicy(licenseInfo LicenseInfo) (matchedPolicy schema.LicensePolicy)
func FindPolicyByFamilyName ¶
func FindPolicyByFamilyName(name string) (policyValue string, matchedPolicy schema.LicensePolicy)
NOTE: for now, we will look for the "family" name encoded in the License.Name field (until) we can get additional fields/properties added to the CDX LicenseChoice schema
func FindPolicyBySpdxId ¶
func FindPolicyBySpdxId(id string) (policyValue string, matchedPolicy schema.LicensePolicy)
func IsValidFamilyKey ¶
func IsValidPolicyEntry ¶
func IsValidPolicyEntry(policy schema.LicensePolicy) bool
NOTE: policy.Id == "" we allow as "valid" as this indicates a potential "family" entry (i.e., group of SPDX IDs)
func IsValidSpdxId ¶
func ListErrors ¶
func ListErrors(errs []gojsonschema.ResultError)
func NewCommandLicense ¶
func NewCommandList ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandPolicy ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandQuery ¶
func NewCommandSchema ¶
func NewCommandValidate ¶
func NewCommandVersion ¶
func ValidateProperties ¶
This function is used to validate required or optional prescriptive properties and if present, their values also adhere to specified requirements
Types ¶
type CDXAttachment ¶
type CDXBom ¶
type CDXBom struct {
BomFormat string `json:"bomFormat"`
SpecVersion string `json:"specVersion"`
SerialNumber string `json:"serialNumber"`
Version string `json:"version"`
Metadata CDXMetadata `json:"metadata"`
Components []CDXComponent `json:"components"`
Services []CDXService `json:"services"`
Dependencies []CDXDependency `json:"dependencies"`
ExternalReferences []CDXExternalReference `json:"externalReferences"`
Compositions []CDXComposition `json:"compositions"`
}
NOTE: These structure are coded to the 1.3 schema, 1.4 field are ignored for now
type CDXComponent ¶
type CDXComponent struct {
Purl string `json:"purl"`
BomRef string `json:"bom-ref"`
Type string `json:"type"`
MimeType string `json:"mime-type"`
Name string `json:"name"`
Version string `json:"version"`
Description string `json:"description"`
Copyright string `json:"copyright"`
Publisher string `json:"publisher"`
Group string `json:"group"`
Scope string `json:"scope"`
Modified bool `json:"modified"`
Manufacturer CDXOrganizationalEntity `json:"manufacturer"`
Supplier CDXOrganizationalEntity `json:"supplier"`
Licenses []CDXLicenseChoice `json:"licenses"`
Hashes []CDXHash `json:"hashes"`
Author []CDXOrganizationalContact `json:"author"`
ExternalReferences []CDXExternalReference `json:"externalReferences"`
Properties []CDXProperty `json:"properties"`
Components []CDXComponent `json:"components"`
// TODO: pedigree
// TODO: evidence
// Deprecated
Cpe string `json:"cpe"`
Swid string `json:"swid"`
}
func UnMarshalComponent ¶
func UnMarshalComponent(data interface{}) (CDXComponent, error)
TODO return pointer
type CDXComposition ¶
type CDXDependency ¶
type CDXExternalReference ¶
type CDXLicense ¶
type CDXLicense struct {
Id string `json:"id"`
Name string `json:"name"`
Text CDXAttachment `json:"text"`
Url string `json:"url"`
}
NOTE: "oneOf": ["id", "name"] is required
type CDXLicenseChoice ¶
type CDXLicenseChoice struct {
License CDXLicense `json:"license"`
Expression string `json:"expression"`
}
NOTE: "oneOf": ["license", "expression"] is required
func UnMarshalLicenseChoice ¶
func UnMarshalLicenseChoice(data interface{}) (CDXLicenseChoice, error)
TODO return pointer
type CDXMetadata ¶
type CDXMetadata struct {
Timestamp string `json:"timestamp"`
Tools []CDXTool `json:"tools"`
Authors []CDXOrganizationalContact `json:"authors"`
Manufacturer CDXOrganizationalEntity `json:"manufacturer"`
Supplier CDXOrganizationalEntity `json:"supplier"`
Component CDXComponent `json:"component"`
Hashes []CDXHash `json:"hashes"`
Licenses []CDXLicenseChoice `json:"licenses"`
Properties []CDXProperty `json:"properties"`
}
type CDXOrganizationalEntity ¶
type CDXOrganizationalEntity struct {
Name string `json:"name"`
Url []string `json:"url"`
Contact []CDXOrganizationalContact `json:"contact"`
}
type CDXProperty ¶
type CDXService ¶
type CompoundExpression ¶
type CompoundExpression struct {
SimpleLeft string
SimpleLeftHasPlus bool
LeftPolicy schema.LicensePolicy
LeftUsagePolicy string
SimpleRight string
SimpleRightHasPlus bool
RightPolicy schema.LicensePolicy
RightUsagePolicy string
Conjunction string
PrepRight string
PrepLeft string
CompoundLeft *CompoundExpression
CompoundRight *CompoundExpression
CompoundUsagePolicy string
}
func NewCompoundExpression ¶
func NewCompoundExpression() *CompoundExpression
type LicenseInfo ¶
type LicenseInfo struct {
LicenseChoiceType int
LicenseChoice CDXLicenseChoice
Component CDXComponent
}
type QueryRequest ¶
type QueryRequest struct {
// contains filtered or unexported fields
}
query JSON map and return selected subset SELECT
<key.1>, <key.2>, ... // "firstname, lastname, email" || * (default)
FROM
<key path> // "product.customers"
WHERE
<key.X> == <value> // "country='Germany'"
ORDER BY
<key.N> // "lastname"
e.g.,SELECT * FROM product.customers WHERE country="Germany"; TODO: design abbreviated WHERE syntax for command line TODO: design abbreviated ORDERBY syntax for command line
func (*QueryRequest) String ¶
func (qr *QueryRequest) String() string
Implement the Stringer interface for QueryRequest
type QueryResponse ¶
type QueryResponse struct {
// contains filtered or unexported fields
}
func NewQueryResponse ¶
func NewQueryResponse() *QueryResponse
Source Files
Click to show internal directories.
Click to hide internal directories.