def get_image_layer_relationships(image_obj):
'''Given an image object, return a list of dictionaries describing the
relationship between each layer "package" and the image "package".
For SPDX JSON format this will typically look like:
{
"spdxElementId" : "SPDXRef-image",
"relatedSpdxElement" : "SPDXRef-layer",
"relationshipType" : "CONTAINS"
}'''
layer_relationships = []
image_ref = spdx_common.get_image_spdxref(image_obj)
for index, layer in enumerate(image_obj.layers):
layer_ref = spdx_common.get_layer_spdxref(layer)
# Create a list of dictionaries.
# First, add dictionaries for the layer relationship to the image
layer_relationships.append(
json_formats.get_relationship_dict(image_ref, layer_ref,
'CONTAINS'))
# Next, add dictionary of the layer relationship to other layers
if index != 0:
prev_layer_ref = spdx_common.get_layer_spdxref(
image_obj.layers[index - 1])
layer_relationships.append(
json_formats.get_relationship_dict(prev_layer_ref, layer_ref,
'HAS_PREREQUISITE'))
return layer_relationships
def get_layer_snapshot_relationships(layer_obj, docref):
"""Given a layer object, and the SPDX ref of the document, return a list
of dictionaries describing the relationship between the snapshot document
and the packages listed therein"""
relationships = []
# document level DESCRIBES
relationships.append(
json_formats.get_relationship_dict(json_formats.spdx_id, docref,
'DESCRIBES'))
# package relationships
for package in layer_obj.packages:
pkg_ref, _ = spdx_common.get_package_spdxref(package)
relationships.append(
json_formats.get_relationship_dict(docref, pkg_ref, 'CONTAINS'))
return relationships
def get_image_layer_relationships(image_obj):
'''Given an image object, return a list of dictionaries describing the
relationship between each layer "package" and the image and packages
related to it.
For SPDX JSON format this will typically look like:
{
"spdxElementId" : "SPDXRef-image",
"relatedSpdxElement" : "SPDXRef-layer",
"relationshipType" : "CONTAINS"
}'''
layer_relationships = []
image_ref = spdx_common.get_image_spdxref(image_obj)
# Required - DOCUMENT_DESCRIBES relationship
layer_relationships.append(
json_formats.get_relationship_dict(json_formats.spdx_id, image_ref,
'DESCRIBES'))
for index, layer in enumerate(image_obj.layers):
layer_ref = spdx_common.get_layer_spdxref(layer)
# Create a list of dictionaries.
# First, add dictionaries for the layer relationship to the image
layer_relationships.append(
json_formats.get_relationship_dict(image_ref, layer_ref,
'CONTAINS'))
# Next, add dictionary of the layer relationship to other layers
if index != 0:
prev_layer_ref = spdx_common.get_layer_spdxref(
image_obj.layers[index - 1])
layer_relationships.append(
json_formats.get_relationship_dict(prev_layer_ref, layer_ref,
'HAS_PREREQUISITE'))
# Finally, add package releationships for the layer
if layer.packages:
for package in layer.packages:
pkg_ref, src_ref = spdx_common.get_package_spdxref(package)
layer_relationships.append(
json_formats.get_relationship_dict(layer_ref, pkg_ref,
'CONTAINS'))
if src_ref:
layer_relationships.append(
json_formats.get_relationship_dict(
pkg_ref, src_ref, 'GENERATED_FROM'))
return layer_relationships
def get_document_dict_snapshot(layer_obj, template):
"""This is the SPDX document containing just the packages found at
container build time"""
timestamp = spdx_common.get_timestamp()
docu_dict = {
'SPDXID': json_formats.spdx_id,
'spdxVersion': json_formats.spdx_version,
'creationInfo': {
'created':
json_formats.created.format(timestamp=timestamp),
'creators':
json_formats.creator.format(version=get_git_rev_or_version()[1]),
'licenseListVersion':
json_formats.license_list_version,
},
'name': json_formats.document_name_snapshot,
'dataLicense': json_formats.data_license,
'comment': json_formats.document_comment,
'documentNamespace': get_document_namespace_snapshot(timestamp),
# we will list all the unique package SPDXRefs here later
'documentDescribes': [],
# these will contain just the packages as there is no layer
# package at the time of this document's generation
'packages': [],
# we will fill in document to package ref relationships later
'relationships': []
}
# Add list of package dictionaries to packages list, if they exist
pkgs_dict_list, package_refs = phelpers.get_layer_packages_list(
layer_obj, template)
if pkgs_dict_list:
docu_dict['packages'] = pkgs_dict_list
docu_dict['documentDescribes'] = package_refs
# add the package relationships to the document
for ref in package_refs:
docu_dict['relationships'].append(
json_formats.get_relationship_dict(json_formats.spdx_id, ref,
'DESCRIBES'))
# Add list of file dictionaries, if they exist
files = fhelpers.get_layer_files_list(layer_obj, template, timestamp)
if files:
docu_dict['files'] = files
# Add package and file extracted license texts, if they exist
extracted_texts = lhelpers.get_layer_extracted_licenses(layer_obj)
if extracted_texts:
docu_dict['hasExtractedLicensingInfos'] = extracted_texts
return docu_dict