def generate(self, image_obj_list, print_inclusive=False): '''Generate a yaml report''' report = formats.disclaimer_yaml.format( version_info=get_git_rev_or_version()) for image in image_obj_list: report = report + print_yaml_report(image) return report
def get_document_namespace(image_obj): '''Given the image object, return a unique SPDX document uri. This is a combination of the human readable id from the image object and the tool name''' return spdx_formats.document_namespace.format( image_id=image_obj.get_human_readable_id(), version=get_git_rev_or_version()[1])
def get_document_namespace(image_obj): '''Given the image object, return a unique SPDX document uri. This is a combination of the tool name and version, the image name and the uuid''' return json_formats.document_namespace.format( version=get_git_rev_or_version()[1], image=image_obj.name, uuid=spdx_common.get_uuid())
def generate_yaml(images): '''Generate a yaml report''' logger.debug('Creating YAML report...') report = formats.disclaimer_yaml.format( version_info=general.get_git_rev_or_version()) for image in images: report = report + content.print_yaml_report(image) return report
def get_version(): '''Return the version string for the --version command line option''' ver_type, commit_or_ver = general.get_git_rev_or_version() message = '' if ver_type == "package": message = "Tern version {}".format(commit_or_ver) else: message = "Tern at commit {}".format(commit_or_ver) return message
def get_document_dict(image_obj, template): '''Return document info as a dictionary''' # docu_dict = {"Document": {}} docu_dict = { 'SPDXID': json_formats.spdx_id, 'spdxVersion': json_formats.spdx_version, 'creationInfo': { 'created': json_formats.created.format(timestamp=datetime.datetime.utcnow(). strftime("%Y-%m-%dT%H:%M:%SZ")), 'creators': json_formats.creator.format(version=get_git_rev_or_version()[1]), 'licenseListVersion': json_formats.license_list_version, }, 'name': json_formats.document_name.format(image_name=image_obj.name), 'dataLicense': json_formats.data_license, 'comment': json_formats.document_comment, 'documentNamespace': get_document_namespace(image_obj), 'documentDescribes': [spdx_common.get_image_spdxref(image_obj)], 'packages': [ # image dict will be a single dictionary # we'll add the layer and package dicts later if available mhelpers.get_image_dict(image_obj, template) ], 'relationships': lhelpers.get_image_layer_relationships(image_obj) } # Add list of layer dictionaries to packages list docu_dict['packages'] += lhelpers.get_layers_list(image_obj) # Add list of package dictionaries to packages list, if they exist pkgs_dict_list = phelpers.get_packages_list(image_obj, template) if pkgs_dict_list: docu_dict['packages'] += pkgs_dict_list # Add list of file dictionaries, if they exist files = fhelpers.get_files_list(image_obj, template) if files: docu_dict['files'] = files # Add package and file extracted license texts, if they exist extracted_texts = mhelpers.get_image_extracted_licenses(image_obj) if extracted_texts: docu_dict['hasExtractedLicensingInfos'] = extracted_texts return docu_dict
def get_document_dict_snapshot(layer_obj, template): """This is the SPDX document containing just the packages found at container build time""" timestamp = spdx_common.get_timestamp() docu_dict = { 'SPDXID': json_formats.spdx_id, 'spdxVersion': json_formats.spdx_version, 'creationInfo': { 'created': json_formats.created.format(timestamp=timestamp), 'creators': json_formats.creator.format(version=get_git_rev_or_version()[1]), 'licenseListVersion': json_formats.license_list_version, }, 'name': json_formats.document_name_snapshot, 'dataLicense': json_formats.data_license, 'comment': json_formats.document_comment, 'documentNamespace': get_document_namespace_snapshot(timestamp), # we will list all the unique package SPDXRefs here later 'documentDescribes': [], # these will contain just the packages as there is no layer # package at the time of this document's generation 'packages': [], # we will fill in document to package ref relationships later 'relationships': [] } # Add list of package dictionaries to packages list, if they exist pkgs_dict_list, package_refs = phelpers.get_layer_packages_list( layer_obj, template) if pkgs_dict_list: docu_dict['packages'] = pkgs_dict_list docu_dict['documentDescribes'] = package_refs # add the package relationships to the document for ref in package_refs: docu_dict['relationships'].append( json_formats.get_relationship_dict(json_formats.spdx_id, ref, 'DESCRIBES')) # Add list of file dictionaries, if they exist files = fhelpers.get_layer_files_list(layer_obj, template, timestamp) if files: docu_dict['files'] = files # Add package and file extracted license texts, if they exist extracted_texts = lhelpers.get_layer_extracted_licenses(layer_obj) if extracted_texts: docu_dict['hasExtractedLicensingInfos'] = extracted_texts return docu_dict
def generate_verbose(is_summary, images): '''Generate a verbose report''' report = formats.disclaimer.format( version_info=general.get_git_rev_or_version()) if is_summary: logger.debug('Creating a summary of components in image...') for image in images: report = report + content.print_summary_report(image) else: logger.debug('Creating a detailed report of components in image...') for image in images: report = report + content.print_full_report(image) return report
def get_document_block(image_obj): '''Return document related SPDX tag-values''' block = spdx_formats.spdx_version + '\n' block = block + spdx_formats.data_license + '\n' block = block + spdx_formats.spdx_id + '\n' block = block + spdx_formats.document_name.format( image_name=image_obj.get_human_readable_id()) + '\n' block = block + get_document_namespace(image_obj) + '\n' block = block + spdx_formats.license_list_version + '\n' block = block + spdx_formats.creator.format( version=get_git_rev_or_version()[1]) + '\n' block = block + spdx_formats.created.format( timestamp=datetime.datetime.utcnow().strftime( "%Y-%m-%dT%H:%M:%SZ")) + '\n' block = block + spdx_formats.document_comment + '\n' return block
Common functions that are useful for CycloneDX document creation """ import datetime import uuid from tern.utils import general ################### # General Helpers # ################### # document level tool information metadata_tool = { 'vendor': 'Tern Tools', 'name': 'Tern', 'version': general.get_git_rev_or_version()[1] } # keys are what Tern uses, values what CycloneDX uses hash_type_mapping = { 'md5': 'MD5', 'sha1': 'SHA-1', 'sha256': 'SHA-256', } purl_types_with_namespaces = [ 'deb', 'rpm', 'apk', ]
def get_tool_version(): '''Return a string describing the version and where it came from''' ver_type, ver = get_git_rev_or_version() if ver_type == 'commit': return formats.commit_version.format(commit_sha=ver) return formats.packaged_version.format(version=ver)