def get_image_extracted_licenses(image_obj):
'''Given an image_obj, return a unique list of extractedText dictionaries
that contain all the file and package license key-value pairs for a
LicenseRef and its corresponding plain text. The dictionaries will
contain the following information:
{
"extractedText": "Plain text of license",
"licenseId": "Corresponding LicenseRef"
}'''
unique_licenses = set()
for layer in image_obj.layers:
# Get all of the unique file licenses, if they exist
unique_licenses.update(spdx_common.get_layer_licenses(layer))
# Next, collect any package licenses not already accounted for
for package in layer.packages:
if package.pkg_license:
unique_licenses.add(package.pkg_license)
extracted_texts = []
for lic in list(unique_licenses):
extracted_texts.append(
json_formats.get_extracted_text_dict(
extracted_text=lic,
license_ref=spdx_common.get_license_ref(lic)))
return extracted_texts
def get_layer_dict(layer_obj):
'''Given an layer object, return a SPDX JSON/dictionary representation
of the layer. An image layer in SPDX behaves like a Package. The analyzed
files will go in a separate dictionary for the JSON document.'''
layer_dict = {
'name':
os.path.basename(layer_obj.tar_file),
'SPDXID':
spdx_common.get_layer_spdxref(layer_obj),
'packageFileName':
layer_obj.tar_file,
'downloadLocation':
'NONE',
'filesAnalyzed':
bool(layer_obj.files_analyzed),
'checksums': [{
'algorithm':
spdx_common.get_layer_checksum(layer_obj).split(': ',
maxsplit=1)[0],
'checksumValue':
spdx_common.get_layer_checksum(layer_obj).split(': ')[1]
}],
'licenseConcluded':
'NOASSERTION', # always NOASSERTION
'licenseDeclared':
'NOASSERTION', # always NOASSERTION
'copyrightText':
'NOASSERTION', # always NOASSERTION
}
# Only include layer file information if file data is available
if layer_obj.files_analyzed:
layer_dict['hasFiles'] = get_layer_file_data_list(layer_obj)
# packageVerificationCode must be omitted if filesAnalyzed is false
if layer_obj.files_analyzed:
layer_dict['packageVerificationCode'] = {
'packageVerificationCodeValue':
spdx_common.get_layer_verification_code(layer_obj)
}
# Include layer package comment only if it exists
layer_pkg_comment = get_layer_package_comment(layer_obj)
if layer_pkg_comment:
layer_dict['comment'] = layer_pkg_comment
# Include layer licenses from files only if they exist
# List will be blank if no filedata information exists
layer_licenses = spdx_common.get_layer_licenses(layer_obj)
layer_license_refs = []
if layer_licenses:
# Use the layer LicenseRef in the list instead of license expression
for lic in layer_licenses:
layer_license_refs.append(spdx_common.get_license_ref(lic))
layer_dict['licenseInfoFromFiles'] = layer_license_refs
return layer_dict
def get_package_license_info_block(layer_obj):
'''Given a layer object, return the SPDX document block with licenses
from the files in the layer. Return an empty string if the files are
not analyzed'''
block = ''
if layer_obj.files_analyzed:
licenses = spdx_common.get_layer_licenses(layer_obj)
if licenses:
for lic in licenses:
block += 'PackageLicenseInfoFromFiles: {}\n'.format(
spdx_common.get_license_ref(lic))
else:
block = 'PackageLicenseInfoFromFiles: NONE\n'
return block
def get_image_file_license_block(image_obj):
'''Given the image object, get all the licenses found for the files
in the image. We will make use of some helper functions from the layer
and file helpers'''
block = ''
licenses = set()
for layer in image_obj.layers:
if layer.files_analyzed:
for lic in spdx_common.get_layer_licenses(layer):
licenses.add(lic)
for lic in licenses:
block += spdx_formats.license_id.format(
license_ref=spdx_common.get_license_ref(lic)) + '\n'
block += spdx_formats.extracted_text.format(orig_license=lic) + '\n'
return block
