Example #1
0
def get_layer_dict(layer_obj):
    '''Given an layer object, return a SPDX JSON/dictionary representation
    of the layer. An image layer in SPDX behaves like a Package. The analyzed
    files will go in a separate dictionary for the JSON document.'''

    layer_dict = {
        'name':
        os.path.basename(layer_obj.tar_file),
        'SPDXID':
        spdx_common.get_layer_spdxref(layer_obj),
        'packageFileName':
        layer_obj.tar_file,
        'downloadLocation':
        'NONE',
        'filesAnalyzed':
        bool(layer_obj.files_analyzed),
        'checksums': [{
            'algorithm':
            spdx_common.get_layer_checksum(layer_obj).split(': ',
                                                            maxsplit=1)[0],
            'checksumValue':
            spdx_common.get_layer_checksum(layer_obj).split(': ')[1]
        }],
        'licenseConcluded':
        'NOASSERTION',  # always NOASSERTION
        'licenseDeclared':
        'NOASSERTION',  # always NOASSERTION
        'copyrightText':
        'NOASSERTION',  # always NOASSERTION
    }

    # Only include layer file information if file data is available
    if layer_obj.files_analyzed:
        layer_dict['hasFiles'] = get_layer_file_data_list(layer_obj)

    # packageVerificationCode must be omitted if filesAnalyzed is false
    if layer_obj.files_analyzed:
        layer_dict['packageVerificationCode'] = {
            'packageVerificationCodeValue':
            spdx_common.get_layer_verification_code(layer_obj)
        }

    # Include layer package comment only if it exists
    layer_pkg_comment = get_layer_package_comment(layer_obj)
    if layer_pkg_comment:
        layer_dict['comment'] = layer_pkg_comment

    # Include layer licenses from files only if they exist
    # List will be blank if no filedata information exists
    layer_licenses = spdx_common.get_layer_licenses(layer_obj)
    layer_license_refs = []
    if layer_licenses:
        # Use the layer LicenseRef in the list instead of license expression
        for lic in layer_licenses:
            layer_license_refs.append(spdx_common.get_license_ref(lic))
        layer_dict['licenseInfoFromFiles'] = layer_license_refs

    return layer_dict
Example #2
0
def get_layer_file_data_list(layer_obj):
    '''Given a layer object return the SPDX list of file refs in the layer.
    Return an empty string if the files are not analyzed'''
    layer_lics = []
    if layer_obj.files_analyzed:
        layer_checksum = spdx_common.get_layer_checksum(layer_obj)
        # some files are located in different places in the filesystem
        # they would occur as duplicates in this list
        # keep a list of previously printed file spdx-refs
        file_refs = set()
        # file data
        for filedata in layer_obj.files:
            # we use the layer checksum as the layer id
            file_ref = spdx_common.get_file_spdxref(filedata, layer_checksum)
            if file_ref not in file_refs:
                layer_lics.append(spdx_common.get_file_spdxref(
                    filedata, layer_checksum))
                file_refs.add(file_ref)
    return layer_lics
Example #3
0
def get_files_list(image_obj, template):
    '''Given a image_obj object, and the SPDX template mapping, return a list
    of SPDX dictionary representations for each file in each layer of the
    image.'''
    file_dicts = []

    # use file refs to keep track of duplicate files that may be located
    # in different places in the filesystem
    file_refs = set()
    for layer in image_obj.layers:
        if layer.files_analyzed:
            layer_checksum = spdx_common.get_layer_checksum(layer)
            for filedata in layer.files:
                # we use the layer checksum as the layer id
                file_ref = spdx_common.get_file_spdxref(
                    filedata, layer_checksum)
                if file_ref not in file_refs:
                    file_dicts.append(
                        get_file_dict(filedata, template, layer_checksum))
                    file_refs.add(file_ref)
    return file_dicts
Example #4
0
def get_layer_block(layer_obj, template):
    '''Given a layer object and its SPDX template mapping, return a SPDX
    document block for the layer. An image layer in SPDX behaves like a
    Package with relationships to the Packages within it. If the files
    are analyzed though, we just list the files in the block. The mapping
    should have keys:
        PackageFileName'''
    block = ''
    # Package Name
    block += 'PackageName: {}\n'.format(os.path.basename(layer_obj.tar_file))
    # Package SPDXID
    block += 'SPDXID: {}\n'.format(spdx_common.get_layer_spdxref(layer_obj))
    # Package File Name
    block += 'PackageFileName: {}\n'.format(layer_obj.tar_file)
    # Package Download Location (always NONE for layers)
    block += 'PackageDownloadLocation: NOASSERTION\n'
    # Files Analyzed
    if layer_obj.files_analyzed:
        # we need a package verification code
        block += 'FilesAnalyzed: true\n'
        block += 'PackageVerificationCode: {}\n'.format(
            spdx_common.get_layer_verification_code(layer_obj))
    else:
        block += 'FilesAnalyzed: false\n'
    # Package Checksum
    block += 'PackageChecksum: {}\n'.format(
        spdx_common.get_layer_checksum(layer_obj))
    # Package License Concluded (always NOASSERTION)
    block += 'PackageLicenseConcluded: NOASSERTION\n'
    # All licenses info from files if files_analyzed is true
    block += get_package_license_info_block(layer_obj)
    # Package License Declared (always NOASSERTION)
    block += 'PackageLicenseDeclared: NOASSERTION\n'
    # Package Copyright (always NOASSERTION)
    block += 'PackageCopyrightText: NOASSERTION\n'
    # Package comments if any
    block += get_layer_comment(layer_obj) + '\n'
    # put the file data here if files_analyzed is true
    block += get_layer_file_data_block(layer_obj, template)
    return block
Example #5
0
def get_layer_file_data_block(layer_obj, template):
    '''Given a layer object and the template object, return the SPDX document
    block with file data. Return an empty string if the files are not
    analyzed'''
    block = ''
    if layer_obj.files_analyzed:
        layer_checksum = spdx_common.get_layer_checksum(layer_obj)
        # insert a blank line in the beginning
        block += '\n'
        # some files are located in different places in the filesystem
        # they would occur as duplicates in this block
        # keep a list of previously printed file spdx-refs
        file_refs = set()
        # file data
        for filedata in layer_obj.files:
            # we use the layer checksum as the layer id
            file_ref = spdx_common.get_file_spdxref(filedata, layer_checksum)
            if file_ref not in file_refs:
                block += fhelpers.get_file_block(filedata, template,
                                                 layer_checksum) + '\n'
                file_refs.add(file_ref)
    return block