Documentation ¶
Index ¶
- Constants
- Variables
- func ClearGlobalLicenseData()
- func ClearGlobalResourceData()
- func ClearGlobalVulnerabilityData()
- func Diff(flags utils.CommandFlags) (err error)
- func DisplayLicenseListCSV(output io.Writer) (err error)
- func DisplayLicenseListJson(output io.Writer)
- func DisplayLicenseListMarkdown(output io.Writer)
- func DisplayLicenseListSummaryCSV(output io.Writer) (err error)
- func DisplayLicenseListSummaryMarkdown(output io.Writer)
- func DisplayLicenseListSummaryText(output io.Writer)
- func DisplayLicensePoliciesCSV(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayLicensePoliciesMarkdown(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayLicensePoliciesTabbedText(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayResourceListCSV(output io.Writer) (err error)
- func DisplayResourceListMarkdown(output io.Writer) (err error)
- func DisplayResourceListText(output io.Writer)
- func DisplaySchemaErrorsCsv(output io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemaErrorsJson(output io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemaErrorsText(output io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemasCSV(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplaySchemasMarkdown(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplaySchemasTabbedText(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplayVulnListCSV(output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func DisplayVulnListJson(output io.Writer, flags utils.VulnerabilityCommandFlags)
- func DisplayVulnListMarkdown(output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func DisplayVulnListText(output io.Writer, flags utils.VulnerabilityCommandFlags)
- func ErrorTypesMatch(err error, expected error) bool
- func Execute()
- func FinalizeCompoundPolicy(expression *CompoundExpression) (err error)
- func FormatSchemaErrors(output io.Writer, schemaErrors []gojsonschema.ResultError, ...) (formattedSchemaErrors string)
- func HasLogicalConjunctionOrPreposition(value string) bool
- func HashLicenseInfo(key string, licenseInfo LicenseInfo, whereFilters []WhereFilter)
- func IsInvalidSBOMError(err error) bool
- func IsValidFamilyKey(key string) bool
- func IsValidPolicyEntry(policy LicensePolicy) bool
- func IsValidSpdxId(id string) bool
- func IsValidUsagePolicy(usagePolicy string) bool
- func ListLicensePolicies(writer io.Writer, whereFilters []WhereFilter, flags utils.LicenseCommandFlags) (err error)
- func ListLicenses(output io.Writer, format string, whereFilters []WhereFilter, summary bool) (err error)
- func ListResources(output io.Writer, format string, resourceType string, ...) (err error)
- func ListSchemas(writer io.Writer, whereFilters []WhereFilter) (err error)
- func ListVulnerabilities(output io.Writer, format string, whereFilters []WhereFilter, ...) (err error)
- func LoadInputSbomFileAndDetectSchema() (document *schema.Sbom, err error)
- func NewCommandDiff() *cobra.Command
- func NewCommandLicense() *cobra.Command
- func NewCommandList() *cobra.Command
- func NewCommandPolicy() *cobra.Command
- func NewCommandQuery() *cobra.Command
- func NewCommandResource() *cobra.Command
- func NewCommandSchema() *cobra.Command
- func NewCommandValidate() *cobra.Command
- func NewCommandVersion() *cobra.Command
- func NewCommandVulnerability() *cobra.Command
- func RootCmdImpl(cmd *cobra.Command, args []string) error
- func Validate(output io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (valid bool, document *schema.Sbom, schemaErrors []gojsonschema.ResultError, ...)
- func VerifyPoliciesMatch(testPolicy LicensePolicy, policies []interface{}) bool
- type BaseError
- type ColumnFormatData
- type CompoundExpression
- type InvalidSBOMError
- type LicenseComplianceConfig
- func (config *LicenseComplianceConfig) GetFamilyNameMap() (hashmap *slicemultimap.MultiMap, err error)
- func (config *LicenseComplianceConfig) GetFilteredFamilyNameMap(whereFilters []WhereFilter) (hashmap *slicemultimap.MultiMap, err error)
- func (config *LicenseComplianceConfig) GetLicenseIdMap() (hashmap *slicemultimap.MultiMap, err error)
- func (config *LicenseComplianceConfig) HashLicensePolicies() (hashError error)
- func (config *LicenseComplianceConfig) LoadLicensePolicies(filename string) (err error)
- func (config *LicenseComplianceConfig) Reset()
- type LicenseInfo
- type LicensePolicy
- type QueryError
- type QueryRequest
- type QueryResponse
- type ResourceInfo
- type SBOMCompositionError
- type SBOMLicenseError
- type SBOMMetadataError
- type SBOMMetadataPropertyError
- type UtilityError
- type ValidationErrorResult
- func (validationErrResult *ValidationErrorResult) HashResultError()
- func (result *ValidationErrorResult) MapItemsMustBeUniqueError(flags utils.ValidateCommandFlags)
- func (result *ValidationErrorResult) MapResultError(flags utils.ValidateCommandFlags)
- func (validationErrResult *ValidationErrorResult) MarshalJSON() (marshalled []byte, err error)
- type VulnerabilityInfo
- type WhereFilter
Constants ¶
const ( FLAG_DIFF_FILENAME_REVISION = "input-revision" FLAG_DIFF_FILENAME_REVISION_SHORT = "r" MSG_FLAG_INPUT_REVISION = "input filename for the revised file to compare against the base file" MSG_FLAG_DIFF_COLORIZE = "Colorize diff text output (true|false); default false" )
validation flags
const ( ERROR_APPLICATION = 1 ERROR_VALIDATION = 2 )
const ( ERR_TYPE_INVALID_JSON_MAP = "invalid JSON map" ERR_TYPE_INVALID_SBOM = "invalid SBOM" ERR_TYPE_SBOM_COMPONENT = "component error" ERR_TYPE_SBOM_LICENSE = "license error" ERR_TYPE_SBOM_COMPOSITION = "composition error" ERR_TYPE_SBOM_METADATA = "metadata error" ERR_TYPE_SBOM_METADATA_PROPERTY = "metadata property error" ERR_TYPE_UNEXPECTED_ERROR = "unexpected error" )
General error messages
const ( MSG_FORMAT_TYPE = "format: `%s`" MSG_SCHEMA_ERRORS = "schema errors found" MSG_INVALID_METADATA_PROPERTIES = "field `metadata.properties` is missing or invalid" MSG_INVALID_METADATA_COMPONENT_COMPONENTS = "field `metadata.component.components` array should be empty" MSG_INVALID_METADATA_COMPONENT = "field `metadata.component` is missing or invalid" MSG_PROPERTY_NOT_FOUND = "property not found" MSG_PROPERTY_NOT_UNIQUE = "check failed: property not unique" MSG_PROPERTY_REGEX_FAILED = "check failed: property regex mismatch" )
Validation messages
const ( MSG_LICENSE_INVALID_DATA = "invalid license data" MSG_LICENSE_INVALID_EXPRESSION = "invalid license expression" MSG_LICENSE_INVALID_POLICY = "invalid license policy" MSG_LICENSES_NOT_FOUND = "licenses not found" MSG_LICENSE_EXPRESSION_INVALID_CONJUNCTION = "invalid conjunction" MSG_LICENSE_EXPRESSION_UNDEFINED_POLICY = "contains an undefined policy" MSG_LICENSE_EXPRESSION = "license expression" )
License messages
const ( ERR_TYPE_INVALID_QUERY = "invalid query" MSG_QUERY_CLAUSE_NOT_FOUND = "required clause not found" MSG_QUERY_INVALID_DATATYPE = "invalid data type" MSG_QUERY_INVALID_FROM_CLAUSE = "invalid FROM clause" MSG_QUERY_INVALID_SELECT_CLAUSE = "invalid SELECT clause" MSG_QUERY_INVALID_WHERE_CLAUSE = "invalid WHERE clause" MSG_QUERY_INVALID_ORDER_BY_CLAUSE = "invalid ORDERBY clause" MSG_QUERY_INVALID_REQUEST = "invalid query request" MSG_QUERY_INVALID_RESPONSE = "invalid query response" )
Query error messages
const ( MSG_QUERY_ERROR_FROM_KEY_INVALID_OBJECT = "key does not reference a valid JSON object" MSG_QUERY_ERROR_FROM_KEY_NOT_FOUND = "key not found in path" MSG_QUERY_ERROR_FROM_KEY_SLICE_DEREFERENCE = "key attempts to dereference into an array" MSG_QUERY_ERROR_SELECT_WILDCARD = "wildcard cannot be used with other values" )
Query error details
const ( SUBCOMMAND_LICENSE_LIST = "list" SUBCOMMAND_LICENSE_POLICY = "policy" )
const ( LICENSE_LIST_NOT_APPLICABLE = "N/A" LICENSE_NO_ASSERTION = "NOASSERTION" )
License list default values
const ( LC_TYPE_INVALID = iota LC_TYPE_ID LC_TYPE_NAME LC_TYPE_EXPRESSION )
LicenseChoice - Choice type
const ( LC_VALUE_INVALID = "invalid" LC_VALUE_ID = "id" LC_VALUE_NAME = "name" LC_VALUE_EXPRESSION = "expression" )
LicenseChoice - corresponding (name) values for license choice types
const ( LC_LOC_UNKNOWN = iota LC_LOC_METADATA_COMPONENT LC_LOC_METADATA LC_LOC_COMPONENTS LC_LOC_SERVICES )
const ( AND string = "AND" OR string = "OR" WITH string = "WITH" CONJUNCTION_UNDEFINED string = "" )
Supported conjunctions and prepositions
const ( LEFT_PARENS string = "(" RIGHT_PARENS string = ")" LEFT_PARENS_WITH_SEPARATOR string = "( " RIGHT_PARENS_WITH_SEPARATOR string = " )" PLUS_OPERATOR string = "+" )
Tokens
const ( FLAG_LICENSE_LIST_OUTPUT_FORMAT_HELP = "format output using the specified format type" FLAG_LICENSE_LIST_SUMMARY_HELP = "summarize licenses and component references when listing in supported formats" )
License list command flag help messages
const ( MSG_OUTPUT_NO_LICENSES_FOUND = "no licenses found in BOM document" MSG_OUTPUT_NO_LICENSES_ONLY_NOASSERTION = "no valid licenses found in BOM document (only licenses marked NOASSERTION)" )
License list command informational messages
const ( LICENSE_FILTER_KEY_USAGE_POLICY = "usage-policy" LICENSE_FILTER_KEY_LICENSE_TYPE = "license-type" LICENSE_FILTER_KEY_LICENSE = "license" LICENSE_FILTER_KEY_RESOURCE_NAME = "resource-name" LICENSE_FILTER_KEY_BOM_REF = "bom-ref" LICENSE_FILTER_KEY_BOM_LOCATION = "bom-location" )
"Type", "ID/Name/Expression", "Component(s)", "BOM ref.", "Document location" filter keys
const ( POLICY_FILTER_KEY_USAGE_POLICY = "usage-policy" POLICY_FILTER_KEY_FAMILY = "family" POLICY_FILTER_KEY_SPDX_ID = "id" POLICY_FILTER_KEY_NAME = "name" POLICY_FILTER_KEY_OSI_APPROVED = "osi" POLICY_FILTER_KEY_FSF_APPROVED = "fsf" POLICY_FILTER_KEY_DEPRECATED = "deprecated" POLICY_FILTER_KEY_REFERENCE = "reference" POLICY_FILTER_KEY_ALIASES = "aliases" POLICY_FILTER_KEY_ANNOTATIONS = "annotations" POLICY_FILTER_KEY_NOTES = "notes" )
filter keys
const ( FLAG_POLICY_OUTPUT_FORMAT_HELP = "format output using the specified type" FLAG_POLICY_REPORT_LINE_WRAP_HELP = "toggles the wrapping of text within report column output (default: false)" )
Subcommand flags
const ( POLICY_ALLOW = "allow" POLICY_DENY = "deny" POLICY_NEEDS_REVIEW = "needs-review" POLICY_UNDEFINED = "UNDEFINED" POLICY_CONFLICT = "CONFLICT" )
const ( FLAG_OUTPUT_FORMAT = "format" FLAG_QUERY_SELECT = "select" FLAG_QUERY_FROM = "from" FLAG_QUERY_WHERE = "where" FLAG_QUERY_ORDER_BY = "orderby" )
Query command flags
const ( FLAG_QUERY_OUTPUT_FORMAT_HELP = "format output using the specified type" FLAG_QUERY_SELECT_HELP = "comma-separated list of JSON key names used to select fields within the object designated by the FROM flag" + "\n- the wildcard character `*` can be used to denote inclusion of all found key-values" FLAG_QUERY_FROM_HELP = "dot-separated list of JSON key names used to dereference into the JSON document" + "\n - if not present, the query assumes document \"root\" as the `--from` object" FLAG_QUERY_WHERE_HELP = "comma-separated list of key=<regex> of clauses used to filter the SELECT result set" FLAG_QUERY_ORDER_BY_HELP = "key name that appears in the SELECT result set used to order the result records" )
Query command flag help messages
const ( QUERY_TOKEN_WILDCARD = "*" QUERY_FROM_CLAUSE_SEP = "." QUERY_SELECT_CLAUSE_SEP = "," QUERY_WHERE_EXPRESSION_SEP = "," QUERY_WHERE_OPERAND_EQUALS = "=" )
Named tokens
const ( FLAG_REPORT_WHERE = "where" FLAG_REPORT_WHERE_HELP = "comma-separated list of `key=<regex>` clauses used to filter the result set" )
Common/reusable Flags used across multiple report commands
const ( REPORT_LIST_TITLE_ROW_SEPARATOR = "-" REPORT_LIST_VALUE_NONE = "none" )
const ( MD_COLUMN_SEPARATOR = "|" MD_ALIGN_LEFT = ":--" MD_ALIGN_CENTER = "-:-" MD_ALIGN_RIGHT = "--:" )
Markdown report helpers
const ( RESOURCE_FILTER_KEY_TYPE = "type" RESOURCE_FILTER_KEY_NAME = "name" RESOURCE_FILTER_KEY_VERSION = "version" RESOURCE_FILTER_KEY_BOMREF = "bom-ref" )
filter keys
const ( FLAG_RESOURCE_TYPE = "type" FLAG_RESOURCE_TYPE_HELP = "filter output by resource type (i.e., component | service)" )
Flags. Reuse query flag values where possible
const ( RESOURCE_TYPE_DEFAULT = "" // i.e., all resource types RESOURCE_TYPE_COMPONENT = "component" RESOURCE_TYPE_SERVICE = "service" )
resource types
const ( CMD_DIFF = "diff" CMD_LICENSE = "license" CMD_QUERY = "query" CMD_RESOURCE = "resource" CMD_SCHEMA = "schema" CMD_VALIDATE = "validate" CMD_VERSION = "version" CMD_VULNERABILITY = "vulnerability" )
top-level commands
const ( CMD_USAGE_DIFF = CMD_DIFF + " --input-file <base_file> --input-revision <revised_file> [--format json|txt] [--colorize=true|false]" CMD_USAGE_LICENSE_LIST = SUBCOMMAND_LICENSE_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]" CMD_USAGE_LICENSE_POLICY = SUBCOMMAND_LICENSE_POLICY + " [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_QUERY = CMD_QUERY + " --input-file <input_file> [--select * | field1[,fieldN]] [--from [key1[.keyN]] [--where key=regex[,...]]" CMD_USAGE_RESOURCE_LIST = CMD_RESOURCE + " --input-file <input_file> [--type component|service] [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_SCHEMA_LIST = CMD_SCHEMA + " [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_VALIDATE = CMD_VALIDATE + " --input-file <input_file> [--variant <variant_name>] [--format txt|json] [--force schema_file]" CMD_USAGE_VULNERABILITY_LIST = CMD_VULNERABILITY + " " + SUBCOMMAND_VULNERABILITY_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]" )
WARNING!!! The ".Use" field of a Cobra command MUST have the first word be the actual command otherwise, the command will NOT be found by the Cobra framework. This is poor code assumption is NOT documented.
const ( FLAG_CONFIG_SCHEMA = "config-schema" FLAG_CONFIG_LICENSE_POLICY = "config-license" FLAG_CONFIG_CUSTOM_VALIDATION = "config-validation" FLAG_TRACE = "trace" FLAG_TRACE_SHORT = "t" FLAG_DEBUG = "debug" FLAG_DEBUG_SHORT = "d" FLAG_FILENAME_INPUT = "input-file" FLAG_FILENAME_INPUT_SHORT = "i" FLAG_FILENAME_OUTPUT = "output-file" FLAG_FILENAME_OUTPUT_SHORT = "o" FLAG_QUIET_MODE = "quiet" FLAG_QUIET_MODE_SHORT = "q" FLAG_LOG_OUTPUT_INDENT = "indent" FLAG_FILE_OUTPUT_FORMAT = "format" FLAG_COLORIZE_OUTPUT = "colorize" )
const ( MSG_APP_NAME = "Bill-of-Materials (BOM) utility." MSG_APP_DESCRIPTION = "This utility serves as centralized command line interface into various Software Bill-of-Materials (SBOM) helper utilities." MSG_FLAG_TRACE = "enable trace logging" MSG_FLAG_DEBUG = "enable debug logging" MSG_FLAG_INPUT = "input filename (e.g., \"path/sbom.json\")" MSG_FLAG_OUTPUT = "output filename" MSG_FLAG_LOG_QUIET = "enable quiet logging mode (removes all informational messages from console output); overrides other logging commands" MSG_FLAG_LOG_INDENT = "enable log indentation of functional callstack" MSG_FLAG_CONFIG_SCHEMA = "provide custom application schema configuration file (i.e., overrides default `config.json`)" MSG_FLAG_CONFIG_LICENSE = "provide custom application license policy configuration file (i.e., overrides default `license.json`)" )
const ( MSG_SUPPORTED_OUTPUT_FORMATS_HELP = "\n- Supported formats: " MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP = "\n- Supported formats using the --summary flag: " )
const ( DEFAULT_SCHEMA_CONFIG = "config.json" DEFAULT_CUSTOM_VALIDATION_CONFIG = "custom.json" DEFAULT_LICENSE_POLICIES = "license.json" )
const ( FORMAT_DEFAULT = "" FORMAT_TEXT = "txt" FORMAT_JSON = "json" FORMAT_CSV = "csv" FORMAT_MARKDOWN = "md" FORMAT_ANY = "<any>" // Used for test errors )
Supported output formats
const ( SCHEMA_DATA_KEY_KEY_NAME = "name" // summary SCHEMA_DATA_KEY_KEY_FORMAT = "format" // summary SCHEMA_DATA_KEY_KEY_VERSION = "version" // summary SCHEMA_DATA_KEY_KEY_VARIANT = "variant" // summary SCHEMA_DATA_KEY_KEY_FILE = "file" // summary SCHEMA_DATA_KEY_KEY_SOURCE = "url" // summary )
const ( VALID = true INVALID = false )
const ( FLAG_VALIDATE_SCHEMA_FORCE = "force" FLAG_VALIDATE_SCHEMA_VARIANT = "variant" FLAG_VALIDATE_CUSTOM = "custom" // TODO: document when no longer experimental FLAG_VALIDATE_ERR_LIMIT = "error-limit" FLAG_VALIDATE_ERR_VALUE = "error-value" MSG_VALIDATE_SCHEMA_FORCE = "force specified schema file for validation; overrides inferred schema" MSG_VALIDATE_SCHEMA_VARIANT = "select named schema variant (e.g., \"strict\"); variant must be declared in configuration file (i.e., \"config.json\")" MSG_VALIDATE_FLAG_CUSTOM = "perform custom validation using custom configuration settings (i.e., \"custom.json\")" MSG_VALIDATE_FLAG_ERR_COLORIZE = "Colorize formatted error output (true|false); default true" MSG_VALIDATE_FLAG_ERR_LIMIT = "Limit number of errors output to specified (integer) (default 10)" MSG_VALIDATE_FLAG_ERR_FORMAT = "format error results using the specified format type" MSG_VALIDATE_FLAG_ERR_VALUE = "include details of failing value in error results (bool) (default: true)" )
validation flags TODO: support a `--truncate <int>“ flag (or similar... `err-value-truncate` <int>) used to truncate formatted "value" (details) to <int> bytes. This would replace the hardcoded "DEFAULT_MAX_ERR_DESCRIPTION_LEN" value
const ( DEFAULT_MAX_ERROR_LIMIT = 10 DEFAULT_MAX_ERR_DESCRIPTION_LEN = 128 )
limits
const ( ERROR_DETAIL_KEY_DATA_TYPE = "type" ERROR_DETAIL_KEY_FIELD = "field" ERROR_DETAIL_KEY_CONTEXT = "context" ERROR_DETAIL_KEY_VALUE = "value" ERROR_DETAIL_KEY_VALUE_TYPE_ARRAY = "array" ERROR_DETAIL_KEY_VALUE_INDEX = "index" ERROR_DETAIL_KEY_VALUE_ITEM = "item" ERROR_DETAIL_KEY_VALUE_DESCRIPTION = "description" ERROR_DETAIL_ARRAY_ITEM_INDEX_I = "i" ERROR_DETAIL_ARRAY_ITEM_INDEX_J = "j" ERROR_DETAIL_CONTEXT_EMPTY = "" )
const ( ERROR_DETAIL_JSON_DEFAULT_PREFIX = " " ERROR_DETAIL_JSON_DEFAULT_INDENT = " " ERROR_DETAIL_JSON_CONTEXT_DELIMITER = "." ERROR_DETAIL_JSON_NEWLINE_INDENT = "\n" + ERROR_DETAIL_JSON_DEFAULT_PREFIX )
const ( JSON_ARRAY_START = "[\n" JSON_ARRAY_ITEM_SEP = ",\n" JSON_ARRAY_END = "\n]\n" )
JSON formatting
const ( MSG_INFO_FORMATTING_ERROR_RESULTS = "Formatting error results (`%s` format)..." MSG_INFO_SCHEMA_ERRORS_DETECTED = "(%d) schema errors detected." MSG_INFO_TOO_MANY_ERRORS = "Too many errors. Showing (%v/%v) errors." MSG_ERROR_FORMATTING_ERROR = "formatting error: %s" MSG_WARN_INVALID_FORMAT = "invalid format. error results not supported for `%s` format; defaulting to `%s` format..." )
Recurring / translatable messages
const ( VULN_DATA_KEY_ID = "id" // summary VULN_DATA_KEY_BOM_REF = "bom-ref" // full (optional, internal reference) VULN_DATA_KEY_CWES = "cwe-ids" // full (Common Weakness Enumeration (CWE)) VULN_DATA_KEY_CVSS_SEVERITY = "cvss-severity" // summary (CVSS Severity, V3.1 ot v2.0) VULN_DATA_KEY_SOURCE_NAME = "source-name" // summary VULN_DATA_KEY_SOURCE_URL = "source-url" // full VULN_DATA_KEY_PUBLISHED = "published" // summary VULN_DATA_KEY_UPDATED = "updated" // full VULN_DATA_KEY_CREATED = "created" // full VULN_DATA_KEY_REJECTED = "rejected" // full VULN_DATA_KEY_ANALYSIS_STATE = "analysis-state" // full VULN_DATA_KEY_ANALYSIS_JUSTIFICATION = "analysis-justification" // full VULN_DATA_KEY_DESC = "description" // summary )
data (filter) keys
const ( FLAG_VULNERABILITY_OUTPUT_FORMAT_HELP = "format vulnerability output" FLAG_VULN_SUMMARY_HELP = "summarize vulnerability information when listing in supported formats" )
Command help formatting
const ( VULN_DATE_EMPTY = "none" VULN_ANALYSIS_STATE_EMPTY = "UNDEFINED" VULN_RATING_EMPTY = "none" )
Report "empty" values
const DEFAULT_COLUMN_TRUNCATE_LENGTH = -1
const (
ERR_FORMAT_DETAIL_SEP = ": "
)
formatting Error() interface
const (
FLAG_DIFF_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Command help formatting
const (
FLAG_LICENSE_POLICY_LIST_SUMMARY_HELP = "summarize licenses and policies when listing in supported formats"
)
const (
FLAG_LICENSE_SUMMARY = "summary"
)
Subcommand flags TODO: Support a new --sort <column> flag
const (
FLAG_POLICY_REPORT_LINE_WRAP = "wrap"
)
Subcommand flags TODO: Support a new --sort <column> flag
const (
FLAG_RESOURCE_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Command help formatting
const (
FLAG_SCHEMA_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Subcommand flags
const (
FLAG_VULN_SUMMARY = "summary"
)
const ISO8601_TIME_SEPARATOR = 'T'
const (
MSG_OUTPUT_NO_POLICIES_FOUND = "no license policies found in BOM document"
)
License list policy command informational messages TODO Use only for Warning messages
const (
MSG_OUTPUT_NO_RESOURCES_FOUND = "[WARN] no matching resources found for query"
)
const (
MSG_OUTPUT_NO_SCHEMAS_FOUND = "[WARN] no schemas found in configuration (i.e., \"config.json\")"
)
const (
MSG_OUTPUT_NO_VULNERABILITIES_FOUND = "[WARN] no matching vulnerabilities found for query"
)
Vuln. command informational messages
const (
PROTOCOL_PREFIX_FILE = "file://"
)
Protocol
const REGEX_ISO_8601_DATE = "[0-9]{4}-[0-9]{2}-[0-9]{2}"
const REGEX_ISO_8601_DATE_TIME = "[0-9]{4}-[0-9]{2}-[0-9]{2}T([0-9]{2}:){2}[0-9]{2}[+|-][0-9]{2}:[0-9]{2}"
Currently, truncate
const (
REGEX_VALID_SPDX_ID = "^[a-zA-Z0-9.-]+$"
)
Note: the SPDX spec. does not provide regex for an SPDX ID, but provides the following in ABNF:
string = 1*(ALPHA / DIGIT / "-" / "." )
Currently, the regex below tests composition of of only alphanum, "-", and "." characters and disallows empty strings TODO:
- First and last chars are not "-" or "."
- Enforce reasonable min/max lengths In theory, we can check overall length with positive lookahead (e.g., min 3 max 128): (?=.{3,128}$) However, this does not appear to be supported in `regexp` package or perhaps it must be a compiled expression TBD
const REPORT_REPLACE_LINE_FEEDS_TRUE = true
const REPORT_SUMMARY_DATA_TRUE = true
Report column data values
const (
SUBCOMMAND_POLICY_LIST = "list"
)
const (
SUBCOMMAND_RESOURCE_LIST = "list"
)
const (
SUBCOMMAND_SCHEMA_LIST = "list"
)
const (
SUBCOMMAND_VULNERABILITY_LIST = "list"
)
const VULN_TRUNCATE_DESC_LEN = 32
TODO make configurable via flag
Variables ¶
var ALL_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW, POLICY_UNDEFINED, POLICY_CONFLICT}
var CDX_LICENSE_LOCATION_NAMES = map[int]string{ LC_LOC_UNKNOWN: "unknown", LC_LOC_METADATA_COMPONENT: "metadata.component", LC_LOC_METADATA: "metadata.licenses", LC_LOC_COMPONENTS: "components", LC_LOC_SERVICES: "services", }
var DIFF_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_JSON}, ", ")
var LC_TYPE_NAMES = [...]string{LC_VALUE_INVALID, LC_VALUE_ID, LC_VALUE_NAME, LC_VALUE_EXPRESSION}
Declare a fixed-sized array for LC type name indexed lookup
var LICENSE_LIST_ROW_DATA = []ColumnFormatData{ {LICENSE_FILTER_KEY_USAGE_POLICY, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {LICENSE_FILTER_KEY_LICENSE_TYPE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {LICENSE_FILTER_KEY_LICENSE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {LICENSE_FILTER_KEY_RESOURCE_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {LICENSE_FILTER_KEY_BOM_REF, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {LICENSE_FILTER_KEY_BOM_LOCATION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, }
var LICENSE_LIST_SUMMARY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") + " (default: txt)"
var LICENSE_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") + " (default: json)"
Command help formatting
var LICENSE_LIST_TITLES_LICENSE_CHOICE = []string{"License.Id", "License.Name", "License.Url", "Expression", "License.Text.ContentType", "License.Text.Encoding", "License.Text.Content"}
Title row names for formatted lists (reports)
var LICENSE_POLICY_LIST_ROW_DATA = []ColumnFormatData{ {POLICY_FILTER_KEY_USAGE_POLICY, 16, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_FAMILY, 20, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_SPDX_ID, 20, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_NAME, 20, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_OSI_APPROVED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_FSF_APPROVED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_DEPRECATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_REFERENCE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {POLICY_FILTER_KEY_ALIASES, 24, false, false}, {POLICY_FILTER_KEY_ANNOTATIONS, 24, false, false}, {POLICY_FILTER_KEY_NOTES, 24, false, false}, }
Describe the column data and their attributes and constraints used for formatting
var LICENSE_POLICY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
Command help formatting
var LICENSE_SUMMARY_TITLES = []string{ LICENSE_FILTER_KEY_USAGE_POLICY, LICENSE_FILTER_KEY_LICENSE_TYPE, LICENSE_FILTER_KEY_LICENSE, LICENSE_FILTER_KEY_RESOURCE_NAME, LICENSE_FILTER_KEY_BOM_REF, LICENSE_FILTER_KEY_BOM_LOCATION, }
var ProjectLogger *log.MiniLogger
var QUERY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON}, ", ")
var RESOURCE_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
var RESOURCE_LIST_TITLES = []string{ RESOURCE_FILTER_KEY_TYPE, RESOURCE_FILTER_KEY_NAME, RESOURCE_FILTER_KEY_VERSION, RESOURCE_FILTER_KEY_BOMREF, }
var SCHEMA_LIST_ROW_DATA = []ColumnFormatData{ {SCHEMA_DATA_KEY_KEY_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {SCHEMA_DATA_KEY_KEY_FORMAT, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {SCHEMA_DATA_KEY_KEY_VERSION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {SCHEMA_DATA_KEY_KEY_VARIANT, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {SCHEMA_DATA_KEY_KEY_FILE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {SCHEMA_DATA_KEY_KEY_SOURCE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, }
NOTE: columns will be output in order they are listed here:
var SCHEMA_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
Command help formatting
var SchemaFiles embed.FS
Globals
var VALIDATE_SUPPORTED_ERROR_FORMATS = MSG_VALIDATE_FLAG_ERR_FORMAT + strings.Join([]string{FORMAT_TEXT, FORMAT_JSON, FORMAT_CSV}, ", ") + " (default: txt)"
var VALIDATION_ERROR_TITLES = []string{ ERROR_DETAIL_KEY_DATA_TYPE, ERROR_DETAIL_KEY_FIELD, ERROR_DETAIL_KEY_CONTEXT, ERROR_DETAIL_KEY_VALUE_DESCRIPTION, }
var VALID_LICENSE_FILTER_KEYS = []string{ LICENSE_FILTER_KEY_USAGE_POLICY, LICENSE_FILTER_KEY_LICENSE_TYPE, LICENSE_FILTER_KEY_LICENSE, LICENSE_FILTER_KEY_RESOURCE_NAME, LICENSE_FILTER_KEY_BOM_REF, LICENSE_FILTER_KEY_BOM_LOCATION, }
var VALID_RESOURCE_FILTER_KEYS = []string{ RESOURCE_FILTER_KEY_TYPE, RESOURCE_FILTER_KEY_NAME, RESOURCE_FILTER_KEY_VERSION, RESOURCE_FILTER_KEY_BOMREF, }
var VALID_RESOURCE_TYPES = []string{RESOURCE_TYPE_DEFAULT, RESOURCE_TYPE_COMPONENT, RESOURCE_TYPE_SERVICE}
var VALID_SUBCOMMANDS_LICENSE = []string{SUBCOMMAND_LICENSE_LIST, SUBCOMMAND_LICENSE_POLICY}
var VALID_SUBCOMMANDS_POLICY = []string{SUBCOMMAND_POLICY_LIST}
var VALID_SUBCOMMANDS_RESOURCE = []string{SUBCOMMAND_RESOURCE_LIST}
var VALID_SUBCOMMANDS_SCHEMA = []string{SUBCOMMAND_SCHEMA_LIST}
var VALID_SUBCOMMANDS_VULNERABILITY = []string{SUBCOMMAND_VULNERABILITY_LIST}
var VALID_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW}
var VULNERABILITY_LIST_ROW_DATA = []ColumnFormatData{ {VULN_DATA_KEY_ID, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {VULN_DATA_KEY_BOM_REF, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_CWES, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_CVSS_SEVERITY, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {VULN_DATA_KEY_SOURCE_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {VULN_DATA_KEY_SOURCE_URL, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_PUBLISHED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false}, {VULN_DATA_KEY_UPDATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_CREATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_REJECTED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_ANALYSIS_STATE, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_ANALYSIS_JUSTIFICATION, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false}, {VULN_DATA_KEY_DESC, VULN_TRUNCATE_DESC_LEN, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE}, }
NOTE: columns will be output in order they are listed here: NOTE: data marked as "summary" data is informed by the output from the NVD database service itself this includes fields that have ISO 8601 date-time fields are truncated to show date only
var VULNERABILITY_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN, FORMAT_JSON}, ", ")
Functions ¶
func ClearGlobalLicenseData ¶
func ClearGlobalLicenseData()
func ClearGlobalResourceData ¶
func ClearGlobalResourceData()
func ClearGlobalVulnerabilityData ¶ added in v0.10.0
func ClearGlobalVulnerabilityData()
func Diff ¶ added in v0.12.0
func Diff(flags utils.CommandFlags) (err error)
func DisplayLicenseListCSV ¶
NOTE: This list is NOT de-duplicated
func DisplayLicenseListJson ¶
NOTE: This list is NOT de-duplicated NOTE: if no license are found, the "json.Marshal" method(s) will return a value of "null" which is valid JSON (and not an empty array) TODO: Support de-duplication (flag) (which MUST be exact using deep comparison)
func DisplayLicenseListMarkdown ¶
NOTE: This list is NOT de-duplicated
func DisplayLicenseListSummaryCSV ¶
NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag
func DisplayLicenseListSummaryMarkdown ¶
NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag
func DisplayLicenseListSummaryText ¶
NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag
func DisplayLicensePoliciesCSV ¶
func DisplayLicensePoliciesCSV(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayLicensePoliciesMarkdown ¶
func DisplayLicensePoliciesMarkdown(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayLicensePoliciesTabbedText ¶
func DisplayLicensePoliciesTabbedText(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
Display all license policies including those with SPDX IDs and those only with "family" names which is reflected in the contents of the hashmap keyed on family names. NOTE: assumes all entries in the policy config file MUST have family names TODO: Allow caller to pass flag to truncate or not (perhaps with value) TODO: Add a --no-title flag to skip title output
func DisplayResourceListCSV ¶
TODO: Add a --no-title flag to skip title output
func DisplayResourceListMarkdown ¶
TODO: Add a --no-title flag to skip title output
func DisplayResourceListText ¶
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func DisplaySchemaErrorsCsv ¶ added in v0.12.0
func DisplaySchemaErrorsCsv(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemaErrorsJson ¶ added in v0.12.0
func DisplaySchemaErrorsJson(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemaErrorsText ¶ added in v0.12.0
func DisplaySchemaErrorsText(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemasCSV ¶
func DisplaySchemasCSV(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplaySchemasMarkdown ¶
func DisplaySchemasMarkdown(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplaySchemasTabbedText ¶
func DisplaySchemasTabbedText(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayVulnListCSV ¶ added in v0.10.0
func DisplayVulnListCSV(output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayVulnListJson ¶ added in v0.10.0
func DisplayVulnListJson(output io.Writer, flags utils.VulnerabilityCommandFlags)
Output filtered list of vulnerabilities as JSON
func DisplayVulnListMarkdown ¶ added in v0.10.0
func DisplayVulnListMarkdown(output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayVulnListText ¶ added in v0.10.0
func DisplayVulnListText(output io.Writer, flags utils.VulnerabilityCommandFlags)
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func ErrorTypesMatch ¶
NOTE: err = nil will also fail if error was expected
func FinalizeCompoundPolicy ¶
func FinalizeCompoundPolicy(expression *CompoundExpression) (err error)
func FormatSchemaErrors ¶
func FormatSchemaErrors(output io.Writer, schemaErrors []gojsonschema.ResultError, flags utils.ValidateCommandFlags, format string) (formattedSchemaErrors string)
func HashLicenseInfo ¶ added in v0.10.0
func HashLicenseInfo(key string, licenseInfo LicenseInfo, whereFilters []WhereFilter)
func IsInvalidSBOMError ¶
func IsValidFamilyKey ¶
func IsValidPolicyEntry ¶
func IsValidPolicyEntry(policy LicensePolicy) bool
NOTE: policy.Id == "" we allow as "valid" as this indicates a potential "family" entry (i.e., group of SPDX IDs)
func IsValidSpdxId ¶
func IsValidUsagePolicy ¶
func ListLicensePolicies ¶ added in v0.11.0
func ListLicensePolicies(writer io.Writer, whereFilters []WhereFilter, flags utils.LicenseCommandFlags) (err error)
func ListLicenses ¶
func ListResources ¶
func ListResources(output io.Writer, format string, resourceType string, whereFilters []WhereFilter) (err error)
NOTE: resourceType has already been validated
func ListSchemas ¶
func ListSchemas(writer io.Writer, whereFilters []WhereFilter) (err error)
func ListVulnerabilities ¶ added in v0.10.0
func ListVulnerabilities(output io.Writer, format string, whereFilters []WhereFilter, flags utils.VulnerabilityCommandFlags) (err error)
NOTE: vulnerability type data has already been validated
func NewCommandDiff ¶ added in v0.12.0
func NewCommandLicense ¶
func NewCommandList ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandPolicy ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandQuery ¶
func NewCommandResource ¶
func NewCommandSchema ¶
func NewCommandValidate ¶
func NewCommandVersion ¶
func NewCommandVulnerability ¶ added in v0.10.0
func Validate ¶
func Validate(output io.Writer, persistentFlags utils.PersistentCommandFlags, validateFlags utils.ValidateCommandFlags) (valid bool, document *schema.Sbom, schemaErrors []gojsonschema.ResultError, err error)
func VerifyPoliciesMatch ¶
func VerifyPoliciesMatch(testPolicy LicensePolicy, policies []interface{}) bool
given an array of policies verify their "usage" policy does not represent a conflict
Types ¶
type BaseError ¶
type BaseError struct { Type string Message string InputFile string InnerError error Command string Flags string Details string }
func (*BaseError) AppendMessage ¶
type ColumnFormatData ¶ added in v0.11.0
type ColumnFormatData struct { DataKey string // Note: data key is the column label (where possible) DefaultTruncateLength int // truncate data when `--format txt` IsSummaryData bool // include in `--summary` reports ReplaceLineFeeds bool // replace line feeds with spaces (e.g., for multi-line descriptions) }
TODO: Support additional flags to:
- show number of chars shown vs. available when truncated (e.g., (x/y))
- provide "empty" value to display in column (e.g., "none" or "UNDEFINED")
- inform how to "summarize" (e.g., show-first-only) data if data type is a slice (e.g., []string) NOTE: if only a subset of entries are shown on a summary, an indication of (x) entries could be shown as well
type CompoundExpression ¶
type CompoundExpression struct { SimpleLeft string SimpleLeftHasPlus bool LeftPolicy LicensePolicy LeftUsagePolicy string SimpleRight string SimpleRightHasPlus bool RightPolicy LicensePolicy RightUsagePolicy string Conjunction string PrepRight string PrepLeft string CompoundLeft *CompoundExpression CompoundRight *CompoundExpression CompoundUsagePolicy string }
func NewCompoundExpression ¶
func NewCompoundExpression() *CompoundExpression
type InvalidSBOMError ¶
type InvalidSBOMError struct { BaseError SBOM *schema.Sbom FieldKeys []string // Keys used to dereference into JSON map where error found SchemaErrors []gojsonschema.ResultError }
Extend the base error type
func NewInvalidSBOMError ¶
func NewInvalidSBOMError(sbom *schema.Sbom, m string, errIn error, schemaErrors []gojsonschema.ResultError) *InvalidSBOMError
type LicenseComplianceConfig ¶
type LicenseComplianceConfig struct { PolicyList []LicensePolicy `json:"policies"` Annotations map[string]string `json:"annotations"` // contains filtered or unexported fields }
func (*LicenseComplianceConfig) GetFamilyNameMap ¶
func (config *LicenseComplianceConfig) GetFamilyNameMap() (hashmap *slicemultimap.MultiMap, err error)
func (*LicenseComplianceConfig) GetFilteredFamilyNameMap ¶ added in v0.11.0
func (config *LicenseComplianceConfig) GetFilteredFamilyNameMap(whereFilters []WhereFilter) (hashmap *slicemultimap.MultiMap, err error)
func (*LicenseComplianceConfig) GetLicenseIdMap ¶
func (config *LicenseComplianceConfig) GetLicenseIdMap() (hashmap *slicemultimap.MultiMap, err error)
func (*LicenseComplianceConfig) HashLicensePolicies ¶
func (config *LicenseComplianceConfig) HashLicensePolicies() (hashError error)
func (*LicenseComplianceConfig) LoadLicensePolicies ¶
func (config *LicenseComplianceConfig) LoadLicensePolicies(filename string) (err error)
func (*LicenseComplianceConfig) Reset ¶ added in v0.11.0
func (config *LicenseComplianceConfig) Reset()
type LicenseInfo ¶
type LicenseInfo struct { UsagePolicy string `json:"usage-policy"` LicenseChoiceTypeValue int `json:"license-type-value"` LicenseChoiceType string `json:"license-type"` License string `json:"license"` ResourceName string `json:"resource-name"` BomRef string `json:"bom-ref"` BomLocationValue int `json:"bom-location-value"` BomLocation string `json:"bom-location"` LicenseChoice schema.CDXLicenseChoice // Do not marshal Policy LicensePolicy // Do not marshal Component schema.CDXComponent // Do not marshal Service schema.CDXService // Do not marshal }
Note: the "License" property is used as hashmap key
type LicensePolicy ¶
type LicensePolicy struct { Id string `json:"id"` Reference string `json:"reference"` IsOsiApproved bool `json:"osi"` IsFsfLibre bool `json:"fsf"` IsDeprecated bool `json:"deprecated"` Family string `json:"family"` Name string `json:"name"` UsagePolicy string `json:"usagePolicy"` Aliases []string `json:"aliases"` Children []string `json:"children"` Notes []string `json:"notes"` Urls []string `json:"urls"` AnnotationRefs []string `json:"annotationRefs"` // Alternative field names for --where searches AltUsagePolicy string `json:"usage-policy"` AltAnnotationRefs string `json:"annotations"` AltSPDXId string `json:"spdx-id"` }
func FindPolicy ¶
func FindPolicy(licenseInfo LicenseInfo) (matchedPolicy LicensePolicy, err error)
func FindPolicyByFamilyName ¶
func FindPolicyByFamilyName(name string) (policyValue string, matchedPolicy LicensePolicy)
NOTE: for now, we will look for the "family" name encoded in the License.Name field (until) we can get additional fields/properties added to the CDX LicenseChoice schema
func FindPolicyBySpdxId ¶
func FindPolicyBySpdxId(id string) (policyValue string, matchedPolicy LicensePolicy)
type QueryError ¶
type QueryError struct { BaseError // contains filtered or unexported fields }
func NewQueryError ¶
func NewQueryError(qr *QueryRequest, m string, d string) *QueryError
func NewQueryFromClauseError ¶
func NewQueryFromClauseError(qr *QueryRequest, detail string) *QueryError
func NewQuerySelectClauseError ¶
func NewQuerySelectClauseError(qr *QueryRequest, detail string) *QueryError
func NewQueryWhereClauseError ¶
func NewQueryWhereClauseError(qr *QueryRequest, detail string) *QueryError
type QueryRequest ¶
type QueryRequest struct {
// contains filtered or unexported fields
}
query JSON map and return selected subset SELECT
<key.1>, <key.2>, ... // "firstname, lastname, email" || * (default)
FROM
<key path> // "product.customers"
WHERE
<key.X> == <value> // "country='Germany'"
ORDER BY
<key.N> // "lastname"
e.g.,SELECT * FROM product.customers WHERE country="Germany";
func (*QueryRequest) String ¶
func (qr *QueryRequest) String() string
Implement the Stringer interface for QueryRequest
type QueryResponse ¶
type QueryResponse struct {
// contains filtered or unexported fields
}
func NewQueryResponse ¶
func NewQueryResponse() *QueryResponse
type ResourceInfo ¶
type ResourceInfo struct { Type string `json:"type"` BomRef string `json:"bom-ref"` Name string `json:"name"` Version string `json:"version"` SupplierProvider schema.CDXOrganizationalEntity Properties []schema.CDXProperty Component schema.CDXComponent Service schema.CDXService // contains filtered or unexported fields }
TODO: need to strip `-` from `bom-ref` for where filter
type SBOMCompositionError ¶
type SBOMCompositionError struct {
InvalidSBOMError
}
Define more specific invalid SBOM errors
func NewSBOMCompositionError ¶
func NewSBOMCompositionError(m string, sbom *schema.Sbom, fields []string) *SBOMCompositionError
func (SBOMCompositionError) Error ¶
func (err SBOMCompositionError) Error() string
Support the error interface
type SBOMLicenseError ¶
type SBOMLicenseError struct {
SBOMCompositionError
}
NOTE: Current sub-type is "no license found"; other, more specific subtypes may be created
func IsSBOMLicenseError ¶
func IsSBOMLicenseError(err error) (*SBOMLicenseError, bool)
func NewSbomLicenseDataError ¶
func NewSbomLicenseDataError() *SBOMLicenseError
func NewSbomLicenseNotFoundError ¶
func NewSbomLicenseNotFoundError(sbom *schema.Sbom) *SBOMLicenseError
type SBOMMetadataError ¶
type SBOMMetadataError struct { InvalidSBOMError Metadata schema.CDXMetadata }
Define more specific invalid SBOM errors
func NewSBOMMetadataError ¶
func NewSBOMMetadataError(sbom *schema.Sbom, m string, metadata schema.CDXMetadata) *SBOMMetadataError
TODO: create Error() (interface) method that displays CDXMetadata
type SBOMMetadataPropertyError ¶
type SBOMMetadataPropertyError struct { SBOMMetadataError Expected *schema.CustomValidationProperty Actual []schema.CDXProperty }
func NewSbomMetadataPropertyError ¶
func NewSbomMetadataPropertyError(sbom *schema.Sbom, m string, expected *schema.CustomValidationProperty, values []schema.CDXProperty) *SBOMMetadataPropertyError
TODO: create Error() (interface) method that displays CDXProperty
type UtilityError ¶
type UtilityError struct {
BaseError
}
func NewUtilityError ¶
func NewUtilityError(t string, m string, f string, errIn error) *UtilityError
type ValidationErrorResult ¶ added in v0.12.0
type ValidationErrorResult struct { ResultError gojsonschema.ResultError // read only Context *gojsonschema.JsonContext `json:"context"` // resultError.Context() // contains filtered or unexported fields }
JsonContext is a linked-list of JSON key strings
func NewValidationErrorResult ¶ added in v0.12.0
func NewValidationErrorResult(resultError gojsonschema.ResultError) (validationErrResult *ValidationErrorResult)
func (*ValidationErrorResult) HashResultError ¶ added in v0.12.0
func (validationErrResult *ValidationErrorResult) HashResultError()
func (*ValidationErrorResult) MapItemsMustBeUniqueError ¶ added in v0.12.0
func (result *ValidationErrorResult) MapItemsMustBeUniqueError(flags utils.ValidateCommandFlags)
func (*ValidationErrorResult) MapResultError ¶ added in v0.12.0
func (result *ValidationErrorResult) MapResultError(flags utils.ValidateCommandFlags)
func (*ValidationErrorResult) MarshalJSON ¶ added in v0.12.0
func (validationErrResult *ValidationErrorResult) MarshalJSON() (marshalled []byte, err error)
type VulnerabilityInfo ¶ added in v0.10.0
type VulnerabilityInfo struct { Id string `json:"id"` BomRef string `json:"bom-ref"` CvssSeverity []string `json:"cvss-severity"` Created string `json:"created"` Published string `json:"published"` Updated string `json:"updated"` Rejected string `json:"rejected"` Description string `json:"description"` SourceUrl string `json:"source-url"` SourceName string `json:"source-name"` AnalysisState string `json:"analysis-state"` AnalysisJustification string `json:"analysis-justification"` AnalysisResponse []string `json:"analysis-response"` CweIds []string `json:"cwe-ids"` Source schema.CDXVulnerabilitySource `json:"source"` Vulnerability schema.CDXVulnerability }
This data consolidates nested information into a flattened version more suitable for report listings
type WhereFilter ¶
type WhereFilter struct { Operand string Value string ValueRegEx *regexp.Regexp // contains filtered or unexported fields }
func (*WhereFilter) GetNormalizeKey ¶
func (filter *WhereFilter) GetNormalizeKey() (normalizedKey string)