def get_image_block(image_obj, template):
'''Given an image object and the template object for SPDX, return the
SPDX document block for the given image. For SPDX, the image is a package
and hence follows the spec for packages.
The mapping for images should have these keys:
PackageName
PackageVersion
PackageDownloadLocation'''
block = ''
mapping = image_obj.to_dict(template)
# Package Name
block += 'PackageName: {}\n'.format(mapping['PackageName'])
# Package SPDXID
block += 'SPDXID: {}\n'.format(spdx_common.get_image_spdxref(image_obj))
# Package Version
block += 'PackageVersion: {}\n'.format(mapping['PackageVersion'])
# Package Download Location (always NOASSERTION)
block += 'PackageDownloadLocation: NOASSERTION\n'
# Files Analyzed (always false)
block += 'FilesAnalyzed: {}\n'.format(False)
# Concluded Package License (always NOASSERTION)
block += 'PackageLicenseConcluded: NOASSERTION\n'
# Declared Package License (always NOASSERTION)
block += 'PackageLicenseDeclared: NOASSERTION\n'
# Package Copyright Text (always NOASSERTION)
block += 'PackageCopyrightText: NOASSERTION\n'
# blank line
block += '\n'
# Since files are not analyzed within the image we move to relationships
block += spdx_formats.describes.format(
doc="SPDXRef-DOCUMENT",
image=spdx_common.get_image_spdxref(image_obj)) + '\n'
block += get_image_layer_relationships(image_obj) + '\n'
# blank line
block += '\n'
# Describe each layer 'package' that the image contains
for index, layer in enumerate(image_obj.layers):
block += lhelpers.get_layer_block(layer, template) + '\n'
# print layer relationship to previous layer if there is one
if index != 0:
block += lhelpers.get_layer_prereq(
image_obj.layers[index], image_obj.layers[index - 1]) + '\n'
# if the layer has packages, print out the relationships
if layer.packages:
block += lhelpers.get_layer_package_relationships(layer) + '\n'
# print out all the packages if they are known
pkg_block = get_image_packages_block(image_obj, template)
if pkg_block:
# add a blank line before adding the package block
block += pkg_block + '\n'
# print out the license block for packages
block += get_image_packages_license_block(image_obj)
block += get_image_file_license_block(image_obj)
return block
def get_image_layer_relationships(image_obj):
'''Given an image object, return a list of dictionaries describing the
relationship between each layer "package" and the image "package".
For SPDX JSON format this will typically look like:
{
"spdxElementId" : "SPDXRef-image",
"relatedSpdxElement" : "SPDXRef-layer",
"relationshipType" : "CONTAINS"
}'''
layer_relationships = []
image_ref = spdx_common.get_image_spdxref(image_obj)
for index, layer in enumerate(image_obj.layers):
layer_ref = spdx_common.get_layer_spdxref(layer)
# Create a list of dictionaries.
# First, add dictionaries for the layer relationship to the image
layer_relationships.append(
json_formats.get_relationship_dict(image_ref, layer_ref,
'CONTAINS'))
# Next, add dictionary of the layer relationship to other layers
if index != 0:
prev_layer_ref = spdx_common.get_layer_spdxref(
image_obj.layers[index - 1])
layer_relationships.append(
json_formats.get_relationship_dict(prev_layer_ref, layer_ref,
'HAS_PREREQUISITE'))
return layer_relationships
def get_image_layer_relationships(image_obj):
'''Given the image object, return the relationships to the layers'''
block = ''
image_reference = spdx_common.get_image_spdxref(image_obj)
for layer in image_obj.layers:
block = block + spdx_formats.contains.format(
outer=image_reference,
inner=lhelpers.spdx_common.get_layer_spdxref(layer)) + '\n'
return block
def get_document_dict(image_obj, template):
'''Return document info as a dictionary'''
# docu_dict = {"Document": {}}
docu_dict = {
'SPDXID':
json_formats.spdx_id,
'spdxVersion':
json_formats.spdx_version,
'creationInfo': {
'created':
json_formats.created.format(timestamp=datetime.datetime.utcnow().
strftime("%Y-%m-%dT%H:%M:%SZ")),
'creators':
json_formats.creator.format(version=get_git_rev_or_version()[1]),
'licenseListVersion':
json_formats.license_list_version,
},
'name':
json_formats.document_name.format(image_name=image_obj.name),
'dataLicense':
json_formats.data_license,
'comment':
json_formats.document_comment,
'documentNamespace':
get_document_namespace(image_obj),
'documentDescribes': [spdx_common.get_image_spdxref(image_obj)],
'packages': [
# image dict will be a single dictionary
# we'll add the layer and package dicts later if available
mhelpers.get_image_dict(image_obj, template)
],
'relationships':
lhelpers.get_image_layer_relationships(image_obj)
}
# Add list of layer dictionaries to packages list
docu_dict['packages'] += lhelpers.get_layers_list(image_obj)
# Add list of package dictionaries to packages list, if they exist
pkgs_dict_list = phelpers.get_packages_list(image_obj, template)
if pkgs_dict_list:
docu_dict['packages'] += pkgs_dict_list
# Add list of file dictionaries, if they exist
files = fhelpers.get_files_list(image_obj, template)
if files:
docu_dict['files'] = files
# Add package and file extracted license texts, if they exist
extracted_texts = mhelpers.get_image_extracted_licenses(image_obj)
if extracted_texts:
docu_dict['hasExtractedLicensingInfos'] = extracted_texts
return docu_dict
def get_image_layer_relationships(image_obj):
'''Given an image object, return a list of dictionaries describing the
relationship between each layer "package" and the image and packages
related to it.
For SPDX JSON format this will typically look like:
{
"spdxElementId" : "SPDXRef-image",
"relatedSpdxElement" : "SPDXRef-layer",
"relationshipType" : "CONTAINS"
}'''
layer_relationships = []
image_ref = spdx_common.get_image_spdxref(image_obj)
# Required - DOCUMENT_DESCRIBES relationship
layer_relationships.append(
json_formats.get_relationship_dict(json_formats.spdx_id, image_ref,
'DESCRIBES'))
for index, layer in enumerate(image_obj.layers):
layer_ref = spdx_common.get_layer_spdxref(layer)
# Create a list of dictionaries.
# First, add dictionaries for the layer relationship to the image
layer_relationships.append(
json_formats.get_relationship_dict(image_ref, layer_ref,
'CONTAINS'))
# Next, add dictionary of the layer relationship to other layers
if index != 0:
prev_layer_ref = spdx_common.get_layer_spdxref(
image_obj.layers[index - 1])
layer_relationships.append(
json_formats.get_relationship_dict(prev_layer_ref, layer_ref,
'HAS_PREREQUISITE'))
# Finally, add package releationships for the layer
if layer.packages:
for package in layer.packages:
pkg_ref, src_ref = spdx_common.get_package_spdxref(package)
layer_relationships.append(
json_formats.get_relationship_dict(layer_ref, pkg_ref,
'CONTAINS'))
if src_ref:
layer_relationships.append(
json_formats.get_relationship_dict(
pkg_ref, src_ref, 'GENERATED_FROM'))
return layer_relationships
def get_image_dict(image_obj, template):
'''Given an image object and the template object for SPDX, return the
SPDX document dictionary for the given image. For SPDX, the image is a
package and hence follows the JSON spec for packages.
The mapping for images should have these keys:
name
versionInfo
downloadLocation'''
image_dict = {}
mapping = image_obj.to_dict(template)
image_dict = {
# describe the image as an SPDX package
'name': mapping['PackageName'],
'SPDXID': spdx_common.get_image_spdxref(image_obj),
'versionInfo': mapping['PackageVersion'],
'downloadLocation': 'NOASSERTION', # always NOASSERTION
'filesAnalyzed': 'false', # always false
'licenseConcluded': 'NOASSERTION', # always NOASSERTION
'licenseDeclared': 'NOASSERTION', # always NOASSERTION
'copyrightText': 'NOASSERTION' # always NOASSERTION
}
return image_dict
