Exemple #1
0
 def generate(self, image_obj_list, print_inclusive=False):
     '''Generate a yaml report'''
     report = formats.disclaimer_yaml.format(
         version_info=get_git_rev_or_version())
     for image in image_obj_list:
         report = report + print_yaml_report(image)
     return report
Exemple #2
0
def get_document_namespace(image_obj):
    '''Given the image object, return a unique SPDX document uri.
    This is a combination of the human readable id from the image
    object and the tool name'''
    return spdx_formats.document_namespace.format(
        image_id=image_obj.get_human_readable_id(),
        version=get_git_rev_or_version()[1])
Exemple #3
0
def get_document_namespace(image_obj):
    '''Given the image object, return a unique SPDX document uri.
    This is a combination of the tool name and version, the image name
    and the uuid'''
    return json_formats.document_namespace.format(
        version=get_git_rev_or_version()[1],
        image=image_obj.name,
        uuid=spdx_common.get_uuid())
Exemple #4
0
def generate_yaml(images):
    '''Generate a yaml report'''
    logger.debug('Creating YAML report...')
    report = formats.disclaimer_yaml.format(
        version_info=general.get_git_rev_or_version())
    for image in images:
        report = report + content.print_yaml_report(image)
    return report
Exemple #5
0
def get_version():
    '''Return the version string for the --version command line option'''
    ver_type, commit_or_ver = general.get_git_rev_or_version()
    message = ''
    if ver_type == "package":
        message = "Tern version {}".format(commit_or_ver)
    else:
        message = "Tern at commit {}".format(commit_or_ver)
    return message
Exemple #6
0
def get_document_dict(image_obj, template):
    '''Return document info as a dictionary'''
    # docu_dict = {"Document": {}}
    docu_dict = {
        'SPDXID':
        json_formats.spdx_id,
        'spdxVersion':
        json_formats.spdx_version,
        'creationInfo': {
            'created':
            json_formats.created.format(timestamp=datetime.datetime.utcnow().
                                        strftime("%Y-%m-%dT%H:%M:%SZ")),
            'creators':
            json_formats.creator.format(version=get_git_rev_or_version()[1]),
            'licenseListVersion':
            json_formats.license_list_version,
        },
        'name':
        json_formats.document_name.format(image_name=image_obj.name),
        'dataLicense':
        json_formats.data_license,
        'comment':
        json_formats.document_comment,
        'documentNamespace':
        get_document_namespace(image_obj),
        'documentDescribes': [spdx_common.get_image_spdxref(image_obj)],
        'packages': [
            # image dict will be a single dictionary
            # we'll add the layer and package dicts later if available
            mhelpers.get_image_dict(image_obj, template)
        ],
        'relationships':
        lhelpers.get_image_layer_relationships(image_obj)
    }

    # Add list of layer dictionaries to packages list
    docu_dict['packages'] += lhelpers.get_layers_list(image_obj)

    # Add list of package dictionaries to packages list, if they exist
    pkgs_dict_list = phelpers.get_packages_list(image_obj, template)
    if pkgs_dict_list:
        docu_dict['packages'] += pkgs_dict_list

    # Add list of file dictionaries, if they exist
    files = fhelpers.get_files_list(image_obj, template)
    if files:
        docu_dict['files'] = files

    # Add package and file extracted license texts, if they exist
    extracted_texts = mhelpers.get_image_extracted_licenses(image_obj)
    if extracted_texts:
        docu_dict['hasExtractedLicensingInfos'] = extracted_texts

    return docu_dict
Exemple #7
0
def get_document_dict_snapshot(layer_obj, template):
    """This is the SPDX document containing just the packages found at
    container build time"""
    timestamp = spdx_common.get_timestamp()
    docu_dict = {
        'SPDXID': json_formats.spdx_id,
        'spdxVersion': json_formats.spdx_version,
        'creationInfo': {
            'created':
            json_formats.created.format(timestamp=timestamp),
            'creators':
            json_formats.creator.format(version=get_git_rev_or_version()[1]),
            'licenseListVersion':
            json_formats.license_list_version,
        },
        'name': json_formats.document_name_snapshot,
        'dataLicense': json_formats.data_license,
        'comment': json_formats.document_comment,
        'documentNamespace': get_document_namespace_snapshot(timestamp),
        # we will list all the unique package SPDXRefs here later
        'documentDescribes': [],
        # these will contain just the packages as there is no layer
        # package at the time of this document's generation
        'packages': [],
        # we will fill in document to package ref relationships later
        'relationships': []
    }

    # Add list of package dictionaries to packages list, if they exist
    pkgs_dict_list, package_refs = phelpers.get_layer_packages_list(
        layer_obj, template)
    if pkgs_dict_list:
        docu_dict['packages'] = pkgs_dict_list
        docu_dict['documentDescribes'] = package_refs

    # add the package relationships to the document
    for ref in package_refs:
        docu_dict['relationships'].append(
            json_formats.get_relationship_dict(json_formats.spdx_id, ref,
                                               'DESCRIBES'))

    # Add list of file dictionaries, if they exist
    files = fhelpers.get_layer_files_list(layer_obj, template, timestamp)
    if files:
        docu_dict['files'] = files

    # Add package and file extracted license texts, if they exist
    extracted_texts = lhelpers.get_layer_extracted_licenses(layer_obj)
    if extracted_texts:
        docu_dict['hasExtractedLicensingInfos'] = extracted_texts

    return docu_dict
Exemple #8
0
def generate_verbose(is_summary, images):
    '''Generate a verbose report'''
    report = formats.disclaimer.format(
        version_info=general.get_git_rev_or_version())
    if is_summary:
        logger.debug('Creating a summary of components in image...')
        for image in images:
            report = report + content.print_summary_report(image)
    else:
        logger.debug('Creating a detailed report of components in image...')
        for image in images:
            report = report + content.print_full_report(image)
    return report
Exemple #9
0
def get_document_block(image_obj):
    '''Return document related SPDX tag-values'''
    block = spdx_formats.spdx_version + '\n'
    block = block + spdx_formats.data_license + '\n'
    block = block + spdx_formats.spdx_id + '\n'
    block = block + spdx_formats.document_name.format(
        image_name=image_obj.get_human_readable_id()) + '\n'
    block = block + get_document_namespace(image_obj) + '\n'
    block = block + spdx_formats.license_list_version + '\n'
    block = block + spdx_formats.creator.format(
        version=get_git_rev_or_version()[1]) + '\n'
    block = block + spdx_formats.created.format(
        timestamp=datetime.datetime.utcnow().strftime(
            "%Y-%m-%dT%H:%M:%SZ")) + '\n'
    block = block + spdx_formats.document_comment + '\n'
    return block
Exemple #10
0
Common functions that are useful for CycloneDX document creation
"""

import datetime
import uuid
from tern.utils import general

###################
# General Helpers #
###################

# document level tool information
metadata_tool = {
    'vendor': 'Tern Tools',
    'name': 'Tern',
    'version': general.get_git_rev_or_version()[1]
}

# keys are what Tern uses, values what CycloneDX uses
hash_type_mapping = {
    'md5': 'MD5',
    'sha1': 'SHA-1',
    'sha256': 'SHA-256',
}

purl_types_with_namespaces = [
    'deb',
    'rpm',
    'apk',
]
Exemple #11
0
def get_tool_version():
    '''Return a string describing the version and where it came from'''
    ver_type, ver = get_git_rev_or_version()
    if ver_type == 'commit':
        return formats.commit_version.format(commit_sha=ver)
    return formats.packaged_version.format(version=ver)