Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def get_document_namespace(image_obj):
'''Given the image object, return a unique SPDX document uri.
This is a combination of the human readable id from the image
object and the tool name'''
return spdx_formats.document_namespace.format(
image_id=image_obj.get_human_readable_id(),
version=get_git_rev_or_version()[1])
def get_package_comment(origins):
'''Return a PackageComment tag-value text block for a list of
NoticeOrigin objects'''
comment = ''
if origins:
for notice_origin in origins:
comment = comment + content.print_notices(
notice_origin, '', '\t')
return spdx_formats.package_comment.format(comment=comment)
return comment
def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block
def get_layer_relationships(layer_obj, prev_layer_spdxref=None):
'''Given the layer object, return the relationships of the layer
objects to packages and to the previous layer'''
block = ''
layer_reference = get_layer_spdxref(layer_obj)
if prev_layer_spdxref:
block = block + spdx_formats.prereq.format(
after=layer_reference, before=prev_layer_spdxref) + '\n'
for package in layer_obj.packages:
block = block + spdx_formats.contains.format(
outer=layer_reference, inner=get_package_spdxref(package)) + '\n'
return block
def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block
def get_package_spdxref(package_obj):
'''Given the package object, return an SPDX reference ID'''
return 'SPDXRef-{}'.format(
spdx_formats.package_id.format(
name=package_obj.name,
ver=package_obj.version).replace(':', '-', 1))
def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block
# Add the package part for each package
# There are no relationships to be listed here
for layer_obj in image_obj.layers:
for package_obj in layer_obj.packages:
package_dict = package_obj.to_dict(template)
# update the PackageLicenseDeclared with a LicenseRef string
# only if the license data exists
if ('PackageLicenseDeclared' in package_dict.keys() and
package_obj.pkg_license):
package_dict['PackageLicenseDeclared'] = \
get_license_ref(package_obj.pkg_license)
if ('PackageCopyrightText' in package_dict.keys() and
package_obj.copyright):
package_dict['PackageCopyrightText'] = \
spdx_formats.block_text.format(
message=package_obj.copyright)
# collect all the individual licenses
if package_obj.pkg_license and package_obj.pkg_license \
not in licenses_found:
licenses_found.append(package_obj.pkg_license)
report = report + get_main_block(
package_dict,
package_obj.origins.origins,
SPDXID=get_package_spdxref(package_obj),
PackageLicenseConcluded='NOASSERTION',
FilesAnalyzed='false') + '\n'
return report + get_license_block(licenses_found)
def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block
def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block