diff --git a/setup.cfg b/setup.cfg index 8d463c8f..94425c72 100644 --- a/setup.cfg +++ b/setup.cfg @@ -52,11 +52,16 @@ tern.formats = yaml = tern.formats.yaml.generator:YAML html = tern.formats.html.generator:HTML cyclonedxjson = tern.formats.cyclonedx.cyclonedxjson.generator:CycloneDXJSON - spdxjson_new = tern.formats.spdx_new.spdxjson.generator:SpdxJSON - spdxyaml_new = tern.formats.spdx_new.spdxyaml.generator:SpdxYAML - spdxxml_new = tern.formats.spdx_new.spdxxml.generator:SpdxXML - spdxrdf_new = tern.formats.spdx_new.spdxrdf.generator:SpdxRDF - spdxtagvalue_new = tern.formats.spdx_new.spdxtagvalue.generator:SpdxTagValue + spdxjson22 = tern.formats.spdx_new.spdxjson22.generator:SpdxJSON22 + spdxyaml22 = tern.formats.spdx_new.spdxyaml22.generator:SpdxYAML22 + spdxxml22 = tern.formats.spdx_new.spdxxml22.generator:SpdxXML22 + spdxrdf22 = tern.formats.spdx_new.spdxrdf22.generator:SpdxRDF22 + spdxtagvalue22 = tern.formats.spdx_new.spdxtagvalue22.generator:SpdxTagValue22 + spdxjson23 = tern.formats.spdx_new.spdxjson23.generator:SpdxJSON23 + spdxyaml23 = tern.formats.spdx_new.spdxyaml23.generator:SpdxYAML23 + spdxxml23 = tern.formats.spdx_new.spdxxml23.generator:SpdxXML23 + spdxrdf23 = tern.formats.spdx_new.spdxrdf23.generator:SpdxRDF23 + spdxtagvalue23 = tern.formats.spdx_new.spdxtagvalue23.generator:SpdxTagValue23 tern.extensions = cve_bin_tool = tern.extensions.cve_bin_tool.executor:CveBinTool scancode = tern.extensions.scancode.executor:Scancode diff --git a/tern/formats/spdx_new/general_helpers.py b/tern/formats/spdx_new/general_helpers.py index 7fc682aa..22e7c847 100644 --- a/tern/formats/spdx_new/general_helpers.py +++ b/tern/formats/spdx_new/general_helpers.py @@ -7,14 +7,13 @@ General helpers for SPDX document generator """ import hashlib -import io import re import uuid from datetime import datetime -from typing import Union, Callable, IO, Tuple +from typing import Union, Tuple from license_expression import get_spdx_licensing, LicenseExpression, Licensing -from spdx_tools.spdx.model import SpdxNone, Document +from spdx_tools.spdx.model import SpdxNone from tern.classes.file_data import FileData from tern.classes.image import Image @@ -77,12 +76,6 @@ def get_package_license_declared(package_license_declared: str) -> Union[License return SpdxNone() -def get_serialized_document_string(spdx_document: Document, writer_function: Callable[[Document, IO[str]], str]) -> str: - with io.StringIO() as stream: - writer_function(spdx_document, stream, validate=False) - return stream.getvalue() - - ########################################################################################### # central place for SPDXRef-generators to avoid circular imports as these are widely used # ########################################################################################### diff --git a/tern/formats/spdx_new/make_spdx_model.py b/tern/formats/spdx_new/make_spdx_model.py index 9d839f78..9d1d26e9 100644 --- a/tern/formats/spdx_new/make_spdx_model.py +++ b/tern/formats/spdx_new/make_spdx_model.py @@ -4,17 +4,16 @@ # SPDX-License-Identifier: BSD-2-Clause """ -Common functions that are useful for all SPDX serialization formats +Functions to create an SPDX model instance from a list of Images or an ImageLayer """ -import logging from typing import List from spdx_tools.spdx.model import Document, CreationInfo, Actor, ActorType, Relationship, RelationshipType from tern.classes.image_layer import ImageLayer from tern.classes.template import Template -from tern.formats.spdx_new.constants import DOCUMENT_ID, DOCUMENT_NAME, SPDX_VERSION, DATA_LICENSE, DOCUMENT_COMMENT, \ +from tern.formats.spdx_new.constants import DOCUMENT_ID, DOCUMENT_NAME, DATA_LICENSE, DOCUMENT_COMMENT, \ LICENSE_LIST_VERSION, CREATOR_NAME, DOCUMENT_NAME_SNAPSHOT, DOCUMENT_NAMESPACE_SNAPSHOT from tern.formats.spdx_new.file_helpers import get_layer_files_list from tern.formats.spdx_new.general_helpers import get_current_timestamp, get_uuid @@ -25,15 +24,11 @@ get_image_dict, get_document_namespace from tern.formats.spdx_new.layer_helpers import get_layer_dict, get_image_layer_relationships, get_layer_extracted_licenses from tern.formats.spdx_new.package_helpers import get_packages_list, get_layer_packages_list -from tern.utils import constants from tern.utils.general import get_git_rev_or_version -# global logger -logger = logging.getLogger(constants.logger_name) - -def make_spdx_model(image_obj_list: List[Image]) -> Document: +def make_spdx_model(image_obj_list: List[Image], spdx_version: str) -> Document: template = SPDX() # we still don't know how SPDX documents could represent multiple # images. Hence, we will assume only one image is analyzed and the @@ -41,7 +36,7 @@ def make_spdx_model(image_obj_list: List[Image]) -> Document: image_obj = image_obj_list[0] creation_info = CreationInfo( - spdx_version=SPDX_VERSION, + spdx_version=spdx_version, spdx_id=DOCUMENT_ID, name=DOCUMENT_NAME.format(image_name=image_obj.name), document_namespace=get_document_namespace(image_obj), @@ -73,13 +68,13 @@ def make_spdx_model(image_obj_list: List[Image]) -> Document: ) -def make_spdx_model_snapshot(layer_obj: ImageLayer, template: Template) -> Document: +def make_spdx_model_snapshot(layer_obj: ImageLayer, template: Template, spdx_version: str) -> Document: """This is the SPDX document containing just the packages found at container build time""" timestamp = get_current_timestamp() creation_info = CreationInfo( - spdx_version=SPDX_VERSION, + spdx_version=spdx_version, spdx_id=DOCUMENT_ID, name=DOCUMENT_NAME_SNAPSHOT, document_namespace=DOCUMENT_NAMESPACE_SNAPSHOT.format(timestamp=timestamp, uuid=get_uuid()), diff --git a/tern/formats/spdx_new/spdx_formats_helper.py b/tern/formats/spdx_new/spdx_formats_helper.py new file mode 100644 index 00000000..f88ff35c --- /dev/null +++ b/tern/formats/spdx_new/spdx_formats_helper.py @@ -0,0 +1,78 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +Handle imports and logging for different SPDX formats +""" +import io +import logging +from typing import Callable, IO, List + +from spdx_tools.spdx.model import Document + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats.spdx.spdx import SPDX +from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot +from tern.utils import constants + +logger = logging.getLogger(constants.logger_name) + + +def get_spdx_from_image_list(image_obj_list: List[Image], spdx_format: str, spdx_version: str) -> str: + """Generate an SPDX document + WARNING: This assumes that the list consists of one image or the base + image and a stub image, in which case, the information in the stub + image is not applicable in the SPDX case as it is an empty image + object with no metadata as nothing got built. + + For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each + layer which is also a 'Package' which 'CONTAINS' the real Packages""" + logger.debug(f"Generating SPDX {spdx_format} document...") + + spdx_document: Document = make_spdx_model(image_obj_list, spdx_version) + + return convert_document_to_serialized_string(spdx_document, spdx_format) + + +def get_spdx_from_layer(layer: ImageLayer, spdx_format: str, spdx_version: str) -> str: + """Generate an SPDX document containing package and file information + at container build time""" + logger.debug(f"Generating SPDX {spdx_format} snapshot document...") + + template = SPDX() + spdx_document: Document = make_spdx_model_snapshot(layer, template, spdx_version) + + return convert_document_to_serialized_string(spdx_document, spdx_format) + + +def convert_document_to_serialized_string(spdx_document: Document, spdx_format: str) -> str: + if spdx_format == "JSON": + from spdx_tools.spdx.writer.json.json_writer import write_document_to_stream + return get_serialized_document_string(spdx_document, write_document_to_stream) + if spdx_format == "YAML": + from spdx_tools.spdx.writer.yaml.yaml_writer import write_document_to_stream + return get_serialized_document_string(spdx_document, write_document_to_stream) + if spdx_format == "XML": + from spdx_tools.spdx.writer.xml.xml_writer import write_document_to_stream + return get_serialized_document_string(spdx_document, write_document_to_stream) + if spdx_format == "RDF-XML": + return get_serialized_rdf_document_string(spdx_document) + if spdx_format == "Tag-Value": + from spdx_tools.spdx.writer.tagvalue.tagvalue_writer import write_document_to_stream + return get_serialized_document_string(spdx_document, write_document_to_stream) + + +def get_serialized_document_string(spdx_document: Document, writer_function: Callable[[Document, IO[str]], str]) -> str: + with io.StringIO() as stream: + writer_function(spdx_document, stream, validate=False) + return stream.getvalue() + + +def get_serialized_rdf_document_string(spdx_document: Document) -> str: + from spdx_tools.spdx.writer.rdf.rdf_writer import write_document_to_stream + with io.BytesIO() as stream: + write_document_to_stream(spdx_document, stream, validate=False) + return stream.getvalue().decode("UTF-8") diff --git a/tern/formats/spdx_new/spdxjson/generator.py b/tern/formats/spdx_new/spdxjson/generator.py deleted file mode 100644 index 1ab8a6a5..00000000 --- a/tern/formats/spdx_new/spdxjson/generator.py +++ /dev/null @@ -1,50 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright (c) 2021 VMware, Inc. All Rights Reserved. -# SPDX-License-Identifier: BSD-2-Clause - -""" -SPDX JSON document generator -""" -import logging -from typing import List - -from spdx_tools.spdx.model import Document -from spdx_tools.spdx.writer.json.json_writer import write_document_to_stream - -from tern.classes.image import Image -from tern.classes.image_layer import ImageLayer -from tern.formats import generator -from tern.formats.spdx.spdx import SPDX -from tern.formats.spdx_new.general_helpers import get_serialized_document_string -from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot -from tern.utils import constants - -# global logger -logger = logging.getLogger(constants.logger_name) - - -class SpdxJSON(generator.Generate): - def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: - """Generate an SPDX document - WARNING: This assumes that the list consists of one image or the base - image and a stub image, in which case, the information in the stub - image is not applicable in the SPDX case as it is an empty image - object with no metadata as nothing got built. - - For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each - layer which is also a 'Package' which 'CONTAINS' the real Packages""" - logger.debug("Generating SPDX JSON document...") - - spdx_document: Document = make_spdx_model(image_obj_list) - - return get_serialized_document_string(spdx_document, write_document_to_stream) - - def generate_layer(self, layer: ImageLayer) -> str: - """Generate an SPDX document containing package and file information - at container build time""" - logger.debug("Generating SPDX JSON snapshot document...") - template = SPDX() - spdx_document: Document = make_spdx_model_snapshot(layer, template) - - return get_serialized_document_string(spdx_document, write_document_to_stream) diff --git a/tern/formats/spdx_new/spdxjson/__init__.py b/tern/formats/spdx_new/spdxjson22/__init__.py similarity index 100% rename from tern/formats/spdx_new/spdxjson/__init__.py rename to tern/formats/spdx_new/spdxjson22/__init__.py diff --git a/tern/formats/spdx_new/spdxjson22/generator.py b/tern/formats/spdx_new/spdxjson22/generator.py new file mode 100644 index 00000000..61da7483 --- /dev/null +++ b/tern/formats/spdx_new/spdxjson22/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.2 JSON document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxJSON22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "JSON", "SPDX-2.2") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "JSON", "SPDX-2.2") diff --git a/tern/formats/spdx_new/spdxrdf/__init__.py b/tern/formats/spdx_new/spdxjson23/__init__.py similarity index 100% rename from tern/formats/spdx_new/spdxrdf/__init__.py rename to tern/formats/spdx_new/spdxjson23/__init__.py diff --git a/tern/formats/spdx_new/spdxjson23/generator.py b/tern/formats/spdx_new/spdxjson23/generator.py new file mode 100644 index 00000000..6d5ce834 --- /dev/null +++ b/tern/formats/spdx_new/spdxjson23/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.3 JSON document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxJSON22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "JSON", "SPDX-2.3") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "JSON", "SPDX-2.3") diff --git a/tern/formats/spdx_new/spdxrdf/generator.py b/tern/formats/spdx_new/spdxrdf/generator.py deleted file mode 100644 index 8fdc3cbe..00000000 --- a/tern/formats/spdx_new/spdxrdf/generator.py +++ /dev/null @@ -1,57 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright (c) 2021 VMware, Inc. All Rights Reserved. -# SPDX-License-Identifier: BSD-2-Clause - -""" -SPDX RDF-XML document generator -""" -import io -import logging -from typing import List - -from spdx_tools.spdx.model import Document -from spdx_tools.spdx.writer.rdf.rdf_writer import write_document_to_stream - -from tern.classes.image import Image -from tern.classes.image_layer import ImageLayer -from tern.formats import generator -from tern.formats.spdx.spdx import SPDX -from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot -from tern.utils import constants - -# global logger -logger = logging.getLogger(constants.logger_name) - - -class SpdxRDF(generator.Generate): - def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: - """Generate an SPDX document - WARNING: This assumes that the list consists of one image or the base - image and a stub image, in which case, the information in the stub - image is not applicable in the SPDX case as it is an empty image - object with no metadata as nothing got built. - - For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each - layer which is also a 'Package' which 'CONTAINS' the real Packages""" - logger.debug("Generating SPDX RDF-XML document...") - - spdx_document: Document = make_spdx_model(image_obj_list) - - return get_serialized_rdf_document_string(spdx_document) - - - def generate_layer(self, layer: ImageLayer) -> str: - """Generate an SPDX document containing package and file information - at container build time""" - logger.debug("Generating SPDX RDF-XML snapshot document...") - template = SPDX() - spdx_document: Document = make_spdx_model_snapshot(layer, template) - - return get_serialized_rdf_document_string(spdx_document) - - -def get_serialized_rdf_document_string(spdx_document): - with io.BytesIO() as stream: - write_document_to_stream(spdx_document, stream, validate=False) - return stream.getvalue().decode("UTF-8") diff --git a/tern/formats/spdx_new/spdxtagvalue/__init__.py b/tern/formats/spdx_new/spdxrdf22/__init__.py similarity index 100% rename from tern/formats/spdx_new/spdxtagvalue/__init__.py rename to tern/formats/spdx_new/spdxrdf22/__init__.py diff --git a/tern/formats/spdx_new/spdxrdf22/generator.py b/tern/formats/spdx_new/spdxrdf22/generator.py new file mode 100644 index 00000000..3351aea9 --- /dev/null +++ b/tern/formats/spdx_new/spdxrdf22/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.2 RDF-XML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxRDF22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "RDF-XML", "SPDX-2.2") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "RDF-XML", "SPDX-2.2") diff --git a/tern/formats/spdx_new/spdxxml/__init__.py b/tern/formats/spdx_new/spdxrdf23/__init__.py similarity index 100% rename from tern/formats/spdx_new/spdxxml/__init__.py rename to tern/formats/spdx_new/spdxrdf23/__init__.py diff --git a/tern/formats/spdx_new/spdxrdf23/generator.py b/tern/formats/spdx_new/spdxrdf23/generator.py new file mode 100644 index 00000000..f6c5b83e --- /dev/null +++ b/tern/formats/spdx_new/spdxrdf23/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.3 RDF-XML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxRDF22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "RDF-XML", "SPDX-2.3") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "RDF-XML", "SPDX-2.3") diff --git a/tern/formats/spdx_new/spdxtagvalue/generator.py b/tern/formats/spdx_new/spdxtagvalue/generator.py deleted file mode 100644 index 928ccdfd..00000000 --- a/tern/formats/spdx_new/spdxtagvalue/generator.py +++ /dev/null @@ -1,51 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright (c) 2021 VMware, Inc. All Rights Reserved. -# SPDX-License-Identifier: BSD-2-Clause - -""" -SPDX Tag-Value document generator -""" - -import logging -from typing import List - -from spdx_tools.spdx.model import Document -from spdx_tools.spdx.writer.tagvalue.tagvalue_writer import write_document_to_stream - -from tern.classes.image import Image -from tern.classes.image_layer import ImageLayer -from tern.formats import generator -from tern.formats.spdx.spdx import SPDX -from tern.formats.spdx_new.general_helpers import get_serialized_document_string -from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot -from tern.utils import constants - -# global logger -logger = logging.getLogger(constants.logger_name) - - -class SpdxTagValue(generator.Generate): - def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: - """Generate an SPDX document - WARNING: This assumes that the list consists of one image or the base - image and a stub image, in which case, the information in the stub - image is not applicable in the SPDX case as it is an empty image - object with no metadata as nothing got built. - - For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each - layer which is also a 'Package' which 'CONTAINS' the real Packages""" - logger.debug("Generating SPDX Tag-Value document...") - - spdx_document: Document = make_spdx_model(image_obj_list) - - return get_serialized_document_string(spdx_document, write_document_to_stream) - - def generate_layer(self, layer: ImageLayer) -> str: - """Generate an SPDX document containing package and file information - at container build time""" - logger.debug("Generating SPDX Tag-Value snapshot document...") - template = SPDX() - spdx_document: Document = make_spdx_model_snapshot(layer, template) - - return get_serialized_document_string(spdx_document, write_document_to_stream) diff --git a/tern/formats/spdx_new/spdxyaml/__init__.py b/tern/formats/spdx_new/spdxtagvalue22/__init__.py similarity index 100% rename from tern/formats/spdx_new/spdxyaml/__init__.py rename to tern/formats/spdx_new/spdxtagvalue22/__init__.py diff --git a/tern/formats/spdx_new/spdxtagvalue22/generator.py b/tern/formats/spdx_new/spdxtagvalue22/generator.py new file mode 100644 index 00000000..90a38b3f --- /dev/null +++ b/tern/formats/spdx_new/spdxtagvalue22/generator.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.2 Tag-Value document generator +""" + +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxTagValue22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "Tag-Value", "SPDX-2.2") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "Tag-Value", "SPDX-2.2") diff --git a/tern/formats/spdx_new/spdxtagvalue23/__init__.py b/tern/formats/spdx_new/spdxtagvalue23/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tern/formats/spdx_new/spdxtagvalue23/generator.py b/tern/formats/spdx_new/spdxtagvalue23/generator.py new file mode 100644 index 00000000..ce1d7dde --- /dev/null +++ b/tern/formats/spdx_new/spdxtagvalue23/generator.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.3 Tag-Value document generator +""" + +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxTagValue22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "Tag-Value", "SPDX-2.3") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "Tag-Value", "SPDX-2.3") diff --git a/tern/formats/spdx_new/spdxxml/generator.py b/tern/formats/spdx_new/spdxxml/generator.py deleted file mode 100644 index 4e85d9a5..00000000 --- a/tern/formats/spdx_new/spdxxml/generator.py +++ /dev/null @@ -1,50 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright (c) 2021 VMware, Inc. All Rights Reserved. -# SPDX-License-Identifier: BSD-2-Clause - -""" -SPDX XML document generator -""" -import logging -from typing import List - -from spdx_tools.spdx.model import Document -from spdx_tools.spdx.writer.xml.xml_writer import write_document_to_stream - -from tern.classes.image import Image -from tern.classes.image_layer import ImageLayer -from tern.formats import generator -from tern.formats.spdx.spdx import SPDX -from tern.formats.spdx_new.general_helpers import get_serialized_document_string -from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot -from tern.utils import constants - -# global logger -logger = logging.getLogger(constants.logger_name) - - -class SpdxXML(generator.Generate): - def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: - """Generate an SPDX document - WARNING: This assumes that the list consists of one image or the base - image and a stub image, in which case, the information in the stub - image is not applicable in the SPDX case as it is an empty image - object with no metadata as nothing got built. - - For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each - layer which is also a 'Package' which 'CONTAINS' the real Packages""" - logger.debug("Generating SPDX XML document...") - - spdx_document: Document = make_spdx_model(image_obj_list) - - return get_serialized_document_string(spdx_document, write_document_to_stream) - - def generate_layer(self, layer: ImageLayer) -> str: - """Generate an SPDX document containing package and file information - at container build time""" - logger.debug("Generating SPDX XML snapshot document...") - template = SPDX() - spdx_document: Document = make_spdx_model_snapshot(layer, template) - - return get_serialized_document_string(spdx_document, write_document_to_stream) diff --git a/tern/formats/spdx_new/spdxxml22/__init__.py b/tern/formats/spdx_new/spdxxml22/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tern/formats/spdx_new/spdxxml22/generator.py b/tern/formats/spdx_new/spdxxml22/generator.py new file mode 100644 index 00000000..7bb10d91 --- /dev/null +++ b/tern/formats/spdx_new/spdxxml22/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.2 XML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxXML22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "XML", "SPDX-2.2") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "XML", "SPDX-2.2") diff --git a/tern/formats/spdx_new/spdxxml23/__init__.py b/tern/formats/spdx_new/spdxxml23/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tern/formats/spdx_new/spdxxml23/generator.py b/tern/formats/spdx_new/spdxxml23/generator.py new file mode 100644 index 00000000..1adfe2a9 --- /dev/null +++ b/tern/formats/spdx_new/spdxxml23/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.3 XML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxXML22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "XML", "SPDX-2.3") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "XML", "SPDX-2.3") diff --git a/tern/formats/spdx_new/spdxyaml/generator.py b/tern/formats/spdx_new/spdxyaml/generator.py deleted file mode 100644 index bd1439e6..00000000 --- a/tern/formats/spdx_new/spdxyaml/generator.py +++ /dev/null @@ -1,50 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright (c) 2021 VMware, Inc. All Rights Reserved. -# SPDX-License-Identifier: BSD-2-Clause - -""" -SPDX YAML document generator -""" -import logging -from typing import List - -from spdx_tools.spdx.model import Document -from spdx_tools.spdx.writer.yaml.yaml_writer import write_document_to_stream - -from tern.classes.image import Image -from tern.classes.image_layer import ImageLayer -from tern.formats import generator -from tern.formats.spdx.spdx import SPDX -from tern.formats.spdx_new.general_helpers import get_serialized_document_string -from tern.formats.spdx_new.make_spdx_model import make_spdx_model, make_spdx_model_snapshot -from tern.utils import constants - -# global logger -logger = logging.getLogger(constants.logger_name) - - -class SpdxYAML(generator.Generate): - def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: - """Generate an SPDX document - WARNING: This assumes that the list consists of one image or the base - image and a stub image, in which case, the information in the stub - image is not applicable in the SPDX case as it is an empty image - object with no metadata as nothing got built. - - For the sake of SPDX, an image is a 'Package' which 'CONTAINS' each - layer which is also a 'Package' which 'CONTAINS' the real Packages""" - logger.debug("Generating SPDX YAML document...") - - spdx_document: Document = make_spdx_model(image_obj_list) - - return get_serialized_document_string(spdx_document, write_document_to_stream) - - def generate_layer(self, layer: ImageLayer) -> str: - """Generate an SPDX document containing package and file information - at container build time""" - logger.debug("Generating SPDX YAML snapshot document...") - template = SPDX() - spdx_document: Document = make_spdx_model_snapshot(layer, template) - - return get_serialized_document_string(spdx_document, write_document_to_stream) diff --git a/tern/formats/spdx_new/spdxyaml22/__init__.py b/tern/formats/spdx_new/spdxyaml22/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tern/formats/spdx_new/spdxyaml22/generator.py b/tern/formats/spdx_new/spdxyaml22/generator.py new file mode 100644 index 00000000..ef337d9b --- /dev/null +++ b/tern/formats/spdx_new/spdxyaml22/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.2 YAML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxYAML22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "YAML", "SPDX-2.2") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "YAML", "SPDX-2.2") diff --git a/tern/formats/spdx_new/spdxyaml23/__init__.py b/tern/formats/spdx_new/spdxyaml23/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tern/formats/spdx_new/spdxyaml23/generator.py b/tern/formats/spdx_new/spdxyaml23/generator.py new file mode 100644 index 00000000..d8a0add7 --- /dev/null +++ b/tern/formats/spdx_new/spdxyaml23/generator.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 VMware, Inc. All Rights Reserved. +# SPDX-License-Identifier: BSD-2-Clause + +""" +SPDX-2.3 YAML document generator +""" +from typing import List + +from tern.classes.image import Image +from tern.classes.image_layer import ImageLayer +from tern.formats import generator +from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer + + +class SpdxYAML22(generator.Generate): + def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str: + return get_spdx_from_image_list(image_obj_list, "YAML", "SPDX-2.3") + + def generate_layer(self, layer: ImageLayer) -> str: + return get_spdx_from_layer(layer, "YAML", "SPDX-2.3")