def get_image_block(image_obj, template): '''Given an image object and the template object for SPDX, return the SPDX document block for the given image. For SPDX, the image is a package and hence follows the spec for packages. The mapping for images should have these keys: PackageName PackageVersion PackageDownloadLocation''' block = '' mapping = image_obj.to_dict(template) # Package Name block += 'PackageName: {}\n'.format(mapping['PackageName']) # Package SPDXID block += 'SPDXID: {}\n'.format(spdx_common.get_image_spdxref(image_obj)) # Package Version block += 'PackageVersion: {}\n'.format(mapping['PackageVersion']) # Package Download Location (always NOASSERTION) block += 'PackageDownloadLocation: NOASSERTION\n' # Files Analyzed (always false) block += 'FilesAnalyzed: {}\n'.format(False) # Concluded Package License (always NOASSERTION) block += 'PackageLicenseConcluded: NOASSERTION\n' # Declared Package License (always NOASSERTION) block += 'PackageLicenseDeclared: NOASSERTION\n' # Package Copyright Text (always NOASSERTION) block += 'PackageCopyrightText: NOASSERTION\n' # blank line block += '\n' # Since files are not analyzed within the image we move to relationships block += spdx_formats.describes.format( doc="SPDXRef-DOCUMENT", image=spdx_common.get_image_spdxref(image_obj)) + '\n' block += get_image_layer_relationships(image_obj) + '\n' # blank line block += '\n' # Describe each layer 'package' that the image contains for index, layer in enumerate(image_obj.layers): block += lhelpers.get_layer_block(layer, template) + '\n' # print layer relationship to previous layer if there is one if index != 0: block += lhelpers.get_layer_prereq( image_obj.layers[index], image_obj.layers[index - 1]) + '\n' # if the layer has packages, print out the relationships if layer.packages: block += lhelpers.get_layer_package_relationships(layer) + '\n' # print out all the packages if they are known pkg_block = get_image_packages_block(image_obj, template) if pkg_block: # add a blank line before adding the package block block += pkg_block + '\n' # print out the license block for packages block += get_image_packages_license_block(image_obj) block += get_image_file_license_block(image_obj) return block
def get_image_layer_relationships(image_obj): '''Given an image object, return a list of dictionaries describing the relationship between each layer "package" and the image "package". For SPDX JSON format this will typically look like: { "spdxElementId" : "SPDXRef-image", "relatedSpdxElement" : "SPDXRef-layer", "relationshipType" : "CONTAINS" }''' layer_relationships = [] image_ref = spdx_common.get_image_spdxref(image_obj) for index, layer in enumerate(image_obj.layers): layer_ref = spdx_common.get_layer_spdxref(layer) # Create a list of dictionaries. # First, add dictionaries for the layer relationship to the image layer_relationships.append( json_formats.get_relationship_dict(image_ref, layer_ref, 'CONTAINS')) # Next, add dictionary of the layer relationship to other layers if index != 0: prev_layer_ref = spdx_common.get_layer_spdxref( image_obj.layers[index - 1]) layer_relationships.append( json_formats.get_relationship_dict(prev_layer_ref, layer_ref, 'HAS_PREREQUISITE')) return layer_relationships
def get_image_layer_relationships(image_obj): '''Given the image object, return the relationships to the layers''' block = '' image_reference = spdx_common.get_image_spdxref(image_obj) for layer in image_obj.layers: block = block + spdx_formats.contains.format( outer=image_reference, inner=lhelpers.spdx_common.get_layer_spdxref(layer)) + '\n' return block
def get_document_dict(image_obj, template): '''Return document info as a dictionary''' # docu_dict = {"Document": {}} docu_dict = { 'SPDXID': json_formats.spdx_id, 'spdxVersion': json_formats.spdx_version, 'creationInfo': { 'created': json_formats.created.format(timestamp=datetime.datetime.utcnow(). strftime("%Y-%m-%dT%H:%M:%SZ")), 'creators': json_formats.creator.format(version=get_git_rev_or_version()[1]), 'licenseListVersion': json_formats.license_list_version, }, 'name': json_formats.document_name.format(image_name=image_obj.name), 'dataLicense': json_formats.data_license, 'comment': json_formats.document_comment, 'documentNamespace': get_document_namespace(image_obj), 'documentDescribes': [spdx_common.get_image_spdxref(image_obj)], 'packages': [ # image dict will be a single dictionary # we'll add the layer and package dicts later if available mhelpers.get_image_dict(image_obj, template) ], 'relationships': lhelpers.get_image_layer_relationships(image_obj) } # Add list of layer dictionaries to packages list docu_dict['packages'] += lhelpers.get_layers_list(image_obj) # Add list of package dictionaries to packages list, if they exist pkgs_dict_list = phelpers.get_packages_list(image_obj, template) if pkgs_dict_list: docu_dict['packages'] += pkgs_dict_list # Add list of file dictionaries, if they exist files = fhelpers.get_files_list(image_obj, template) if files: docu_dict['files'] = files # Add package and file extracted license texts, if they exist extracted_texts = mhelpers.get_image_extracted_licenses(image_obj) if extracted_texts: docu_dict['hasExtractedLicensingInfos'] = extracted_texts return docu_dict
def get_image_layer_relationships(image_obj): '''Given an image object, return a list of dictionaries describing the relationship between each layer "package" and the image and packages related to it. For SPDX JSON format this will typically look like: { "spdxElementId" : "SPDXRef-image", "relatedSpdxElement" : "SPDXRef-layer", "relationshipType" : "CONTAINS" }''' layer_relationships = [] image_ref = spdx_common.get_image_spdxref(image_obj) # Required - DOCUMENT_DESCRIBES relationship layer_relationships.append( json_formats.get_relationship_dict(json_formats.spdx_id, image_ref, 'DESCRIBES')) for index, layer in enumerate(image_obj.layers): layer_ref = spdx_common.get_layer_spdxref(layer) # Create a list of dictionaries. # First, add dictionaries for the layer relationship to the image layer_relationships.append( json_formats.get_relationship_dict(image_ref, layer_ref, 'CONTAINS')) # Next, add dictionary of the layer relationship to other layers if index != 0: prev_layer_ref = spdx_common.get_layer_spdxref( image_obj.layers[index - 1]) layer_relationships.append( json_formats.get_relationship_dict(prev_layer_ref, layer_ref, 'HAS_PREREQUISITE')) # Finally, add package releationships for the layer if layer.packages: for package in layer.packages: pkg_ref, src_ref = spdx_common.get_package_spdxref(package) layer_relationships.append( json_formats.get_relationship_dict(layer_ref, pkg_ref, 'CONTAINS')) if src_ref: layer_relationships.append( json_formats.get_relationship_dict( pkg_ref, src_ref, 'GENERATED_FROM')) return layer_relationships
def get_image_dict(image_obj, template): '''Given an image object and the template object for SPDX, return the SPDX document dictionary for the given image. For SPDX, the image is a package and hence follows the JSON spec for packages. The mapping for images should have these keys: name versionInfo downloadLocation''' image_dict = {} mapping = image_obj.to_dict(template) image_dict = { # describe the image as an SPDX package 'name': mapping['PackageName'], 'SPDXID': spdx_common.get_image_spdxref(image_obj), 'versionInfo': mapping['PackageVersion'], 'downloadLocation': 'NOASSERTION', # always NOASSERTION 'filesAnalyzed': 'false', # always false 'licenseConcluded': 'NOASSERTION', # always NOASSERTION 'licenseDeclared': 'NOASSERTION', # always NOASSERTION 'copyrightText': 'NOASSERTION' # always NOASSERTION } return image_dict