tools-python/src/spdx_tools/spdx/model/package.py at 47c75dcfe0dadfc9d36f53fd6a00294268eb47e9 · bact/tools-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# SPDX-FileCopyrightText: 2022 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
from dataclasses import field
from datetime import datetime
from enum import Enum, auto

from beartype.typing import Dict, List, Optional, Union
from license_expression import LicenseExpression

from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
from spdx_tools.spdx.model import Actor, Checksum, SpdxNoAssertion, SpdxNone


class PackagePurpose(Enum):
    APPLICATION = auto()
    FRAMEWORK = auto()
    LIBRARY = auto()
    CONTAINER = auto()
    OPERATING_SYSTEM = auto()
    DEVICE = auto()
    FIRMWARE = auto()
    SOURCE = auto()
    ARCHIVE = auto()
    FILE = auto()
    INSTALL = auto()
    OTHER = auto()


@dataclass_with_properties
class PackageVerificationCode:
    value: str
    excluded_files: List[str] = field(default_factory=list)

    def __init__(self, value: str, excluded_files: List[str] | None = None):
        excluded_files = [] if excluded_files is None else excluded_files
        check_types_and_set_values(self, locals())


class ExternalPackageRefCategory(Enum):
    SECURITY = auto()
    PACKAGE_MANAGER = auto()
    PERSISTENT_ID = auto()
    OTHER = auto()


CATEGORY_TO_EXTERNAL_PACKAGE_REF_TYPES: Dict[ExternalPackageRefCategory, List[str]] = {
    ExternalPackageRefCategory.SECURITY: ["cpe22Type", "cpe23Type", "advisory", "fix", "url", "swid"],
    ExternalPackageRefCategory.PACKAGE_MANAGER: ["maven-central", "npm", "nuget", "bower", "purl"],
    ExternalPackageRefCategory.PERSISTENT_ID: ["swh", "gitoid"],
    ExternalPackageRefCategory.OTHER: [],
}


@dataclass_with_properties
class ExternalPackageRef:
    category: ExternalPackageRefCategory
    # In theory, once could refine the typing,
    # see https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/. But it's probably not worth the
    # effort.
    reference_type: str
    locator: str
    comment: Optional[str] = None

    def __init__(
        self, category: ExternalPackageRefCategory, reference_type: str, locator: str, comment: Optional[str] = None
    ):
        check_types_and_set_values(self, locals())


@dataclass_with_properties
class Package:
    spdx_id: str
    name: str
    download_location: Union[str, SpdxNoAssertion, SpdxNone]
    version: Optional[str] = None
    file_name: Optional[str] = None
    supplier: Optional[Union[Actor, SpdxNoAssertion]] = None
    originator: Optional[Union[Actor, SpdxNoAssertion]] = None
    files_analyzed: bool = True
    verification_code: Optional[PackageVerificationCode] = None
    checksums: List[Checksum] = field(default_factory=list)
    homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
    source_info: Optional[str] = None
    license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
    license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = field(default_factory=list)
    license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
    license_comment: Optional[str] = None
    copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
    summary: Optional[str] = None
    description: Optional[str] = None
    comment: Optional[str] = None
    external_references: List[ExternalPackageRef] = field(default_factory=list)
    attribution_texts: List[str] = field(default_factory=list)
    primary_package_purpose: Optional[PackagePurpose] = None
    release_date: Optional[datetime] = None
    built_date: Optional[datetime] = None
    valid_until_date: Optional[datetime] = None

    def __init__(
        self,
        spdx_id: str,
        name: str,
        download_location: Union[str, SpdxNoAssertion, SpdxNone],
        version: Optional[str] = None,
        file_name: Optional[str] = None,
        supplier: Optional[Union[Actor, SpdxNoAssertion]] = None,
        originator: Optional[Union[Actor, SpdxNoAssertion]] = None,
        files_analyzed: bool = True,
        verification_code: Optional[PackageVerificationCode] = None,
        checksums: List[Checksum] | None = None,
        homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
        source_info: Optional[str] = None,
        license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
        license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] | None = None,
        license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
        license_comment: Optional[str] = None,
        copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
        summary: Optional[str] = None,
        description: Optional[str] = None,
        comment: Optional[str] = None,
        external_references: List[ExternalPackageRef] | None = None,
        attribution_texts: List[str] | None = None,
        primary_package_purpose: Optional[PackagePurpose] = None,
        release_date: Optional[datetime] = None,
        built_date: Optional[datetime] = None,
        valid_until_date: Optional[datetime] = None,
    ):
        checksums = [] if checksums is None else checksums
        license_info_from_files = [] if license_info_from_files is None else license_info_from_files
        external_references = [] if external_references is None else external_references
        attribution_texts = [] if attribution_texts is None else attribution_texts
        check_types_and_set_values(self, locals())