def parse(location):
"""
Return a Nuget package from a nuspec file at location.
Return None if this is not a parsable nuspec.
"""
nuspec = parse_nuspec(location)
if not nuspec:
return
asserted_license = models.AssertedLicense(url=nuspec.get('licenseUrl'))
authors = [models.Party(
name=nuspec.get('authors'))] if nuspec.get('authors') else []
owners = [models.Party(
name=nuspec.get('owners'))] if nuspec.get('owners') else []
package = NugetPackage(
location=location,
name=nuspec.get('id'),
version=nuspec.get('version'),
summary=nuspec.get('title'),
description=nuspec.get('description'),
homepage_url=nuspec.get('projectUrl'),
authors=authors,
owners=owners,
asserted_licenses=[asserted_license],
copyrights=[nuspec.get('copyright')],
)
return package
def licensing_mapper(licenses, package):
"""
Update package licensing and return package.
Licensing data structure has evolved over time and is a tad messy.
https://getcomposer.org/doc/04-schema.md#license
licenses is either:
- a string with:
- an SPDX id or expression { "license": "(LGPL-2.1 or GPL-3.0+)" }
- array:
"license": [
"LGPL-2.1",
"GPL-3.0+"
]
"""
if not licenses:
return package
if isinstance(licenses, basestring):
package.asserted_licenses.append(
models.AssertedLicense(license=licenses))
elif isinstance(licenses, list):
"""
"license": [
"LGPL-2.1",
"GPL-3.0+"
]
"""
for lic in licenses:
if isinstance(lic, basestring):
package.asserted_licenses.append(
models.AssertedLicense(license=lic))
else:
# use the bare repr
if lic:
package.asserted_licenses.append(
models.AssertedLicense(license=repr(lic)))
else:
# use the bare repr
package.asserted_licenses.append(
models.AssertedLicense(license=repr(licenses)))
return package
def parse(location):
"""
Parse a pom file at location and return a Package or None.
"""
if not location.endswith('pom.xml') or location.endswith('.pom'):
return
pom = parse_pom(location)
def get_val(key):
val = pom.get(key)
if not val:
return
if isinstance(val, list) and len(val) == 1:
return val[0]
else:
return u'\n'.join(val)
group_artifact = ':'.join([get_val('maven_component_group_id'), get_val('maven_component_artifact_id')])
# FIXME: the way we collect nested tags is entirely WRONG, especially for licenses
# attempt to align licenses for now
licenses = izip_longest(
pom['maven_license'],
pom['maven_license_url'],
pom['maven_license_comments'],
)
licenses = [models.AssertedLicense(license=lic, url=url, notice=comments)
for lic, url, comments in licenses]
authors = izip_longest(
pom['maven_developer_name'],
pom['maven_developer_email'],
)
authors = [models.Party(type=models.party_person, name=name, email=email) for name, email in authors]
orgs = izip_longest(
pom['maven_organization_name'],
pom['maven_organization_url'],
)
orgs = [models.Party(type=models.party_org, name=name, url=url) for name, url in orgs]
package = MavenJar(
location=location,
name=group_artifact,
# FIXME: this is not right: name and identifier should be storable
summary=get_val('maven_project_name'),
version=get_val('maven_component_version'),
homepage_url=get_val('maven_project_url'),
description=get_val('maven_project_description'),
asserted_licenses=licenses,
authors=authors,
owners=orgs,
)
return package
def licensing_mapper(licenses, package):
"""
Update package licensing and return package.
Licensing data structure has evolved over time and is a tad messy.
https://docs.npmjs.com/files/package.json#license
licenses is either:
- a string with:
- an SPDX id or expression { "license" : "(ISC OR GPL-3.0)" }
- some license name or id
- "SEE LICENSE IN <filename>"
- (Deprecated) an array or a list of arrays of type, url.
"""
if not licenses:
return package
if isinstance(licenses, basestring):
package.asserted_licenses.append(
models.AssertedLicense(license=licenses))
elif isinstance(licenses, dict):
"""
"license": {
"type": "MIT",
"url": "http://github.com/kriskowal/q/raw/master/LICENSE"
}
"""
package.asserted_licenses.append(
models.AssertedLicense(license=licenses.get('type'),
url=licenses.get('url')))
elif isinstance(licenses, list):
"""
"licenses": ["type": "Apache License, Version 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0" } ]
or
"licenses": ["MIT"],
"""
# TODO: handle multiple values
for lic in licenses:
if isinstance(lic, basestring):
package.asserted_licenses.append(
models.AssertedLicense(license=lic))
elif isinstance(lic, dict):
package.asserted_licenses.append(
models.AssertedLicense(license=lic.get('type'),
url=lic.get('url')))
else:
# use the bare repr
if lic:
package.asserted_licenses.append(
models.AssertedLicense(license=repr(lic)))
else:
# use the bare repr
package.asserted_licenses.append(
models.AssertedLicense(license=repr(licenses)))
return package
def parse(location):
"""
Return an RpmPackage object for the file at location or None if the file is
not an RPM.
"""
infos = info(location, include_desc=True)
logger_debug('parse: infos', infos)
if not infos:
return
epoch = int(infos.epoch) if infos.epoch else None
asserted_licenses = []
if infos.license:
asserted_licenses = [models.AssertedLicense(license=infos.license)]
related_packages = []
if infos.source_rpm:
epoch, name, version, release, _arch = nevra.from_name(
infos.source_rpm)
evr = EVR(version, release, epoch)
related_packages = [
RPMRelatedPackage(name=name,
version=evr,
payload_type=models.payload_src)
]
package = RpmPackage(summary=infos.summary,
description=infos.description,
name=infos.name,
version=EVR(version=infos.version,
release=infos.release,
epoch=epoch or None),
homepage_url=infos.url,
distributors=[models.Party(name=infos.distribution)],
vendors=[models.Party(name=infos.vendor)],
asserted_licenses=asserted_licenses,
related_packages=related_packages)
return package
def licensing_mapper(licenses, package):
"""
Update package licensing and return package.
Licensing data structure has evolved over time and is a tad messy.
https://getcomposer.org/doc/04-schema.md#license
licenses is either:
- a string with:
- an SPDX id or expression { "license": "(LGPL-2.1 or GPL-3.0+)" }
- array:
"license": [
"LGPL-2.1",
"GPL-3.0+"
]
"""
if not licenses:
return package
if isinstance(licenses, list):
# For a package, when there is a choice between licenses
# ("disjunctive license"), multiple can be specified as array.
"""
"license": [
"LGPL-2.1",
"GPL-3.0+"
]
"""
# build a proper license expression
lics = [l.strip() for l in licenses if l and l.strip()]
lics = ' OR '.join(lics)
elif not isinstance(licenses, basestring):
lics = repr(licenses)
else:
lics = licenses
package.asserted_licenses.append(models.AssertedLicense(license=lics))
return package
def parse(location):
"""
Parse a pom file at location and return a Package or None.
"""
mavenpom = _get_mavenpom(location, check_is_pom=True)
if not mavenpom:
return
pom = mavenpom.to_dict()
licenses = []
for lic in pom['licenses']:
licenses.append(
models.AssertedLicense(license=lic['name'],
url=lic['url'],
notice=lic['comments']))
# FIXME: we are skipping all the organization related fields, roles and the id
authors = []
for dev in pom['developers']:
authors.append(
models.Party(
type=models.party_person,
name=dev['name'],
email=dev['email'],
url=dev['url'],
))
# FIXME: we are skipping all the organization related fields and roles
contributors = []
for cont in pom['contributors']:
contributors.append(
models.Party(
type=models.party_person,
name=cont['name'],
email=cont['email'],
url=cont['url'],
))
name = pom['organization_name']
url = pom['organization_url']
if name or url:
owners = [models.Party(type=models.party_org, name=name, url=url)]
else:
owners = []
dependencies = OrderedDict()
for scope, deps in pom['dependencies'].items():
scoped_deps = dependencies[scope] = []
for dep in deps:
scoped_deps.append(
models.Dependency(
name='{group_id}:{artifact_id}'.format(**dep),
version_constraint=dep['version'],
))
# FIXME: there are still a lot of other data to map in a Package
package = MavenJar(
location=location,
name='{group_id}:{artifact_id}'.format(**pom),
version=pom['version'],
summary=pom['name'],
description=pom['description'],
homepage_url=pom['url'],
asserted_licenses=licenses,
authors=authors,
owners=owners,
contributors=contributors,
dependencies=dependencies,
)
return package
def parse(location=None, text=None, check_is_pom=True, extra_properties=None):
"""
Return a Package or None.
Parse a pom file at `location` or using the provided `text` (one or
the other but not both).
Check if the location is a POM if `check_is_pom` is True.
When resolving the POM, use an optional `extra_properties` mapping
of name/value pairs to resolve properties.
"""
mavenpom = _get_mavenpom(location, text, check_is_pom, extra_properties)
if not mavenpom:
return
pom = mavenpom.to_dict()
licenses = []
for lic in pom['licenses']:
licenses.append(
models.AssertedLicense(license=lic['name'],
url=lic['url'],
notice=lic['comments']))
# FIXME: we are skipping all the organization related fields, roles and the id
authors = []
for dev in pom['developers']:
authors.append(
models.Party(
type=models.party_person,
name=dev['name'],
email=dev['email'],
url=dev['url'],
))
# FIXME: we are skipping all the organization related fields and roles
contributors = []
for cont in pom['contributors']:
contributors.append(
models.Party(
type=models.party_person,
name=cont['name'],
email=cont['email'],
url=cont['url'],
))
name = pom['organization_name']
url = pom['organization_url']
if name or url:
owners = [models.Party(type=models.party_org, name=name, url=url)]
else:
owners = []
dependencies = OrderedDict()
for scope, deps in pom['dependencies'].items():
scoped_deps = dependencies[scope] = []
for dep in deps:
scoped_deps.append(
models.Dependency(
name='{group_id}:{artifact_id}'.format(**dep),
version_constraint=dep['version'],
))
# FIXME: there are still a lot of other data to map in a Package
package = MavenPomPackage(
# FIXME: what is this location about?
location=location,
name='{group_id}:{artifact_id}'.format(**pom),
version=pom['version'],
summary=pom['name'],
description=pom['description'],
homepage_url=pom['url'],
asserted_licenses=licenses,
authors=authors,
owners=owners,
contributors=contributors,
dependencies=dependencies,
)
return package