Documentation ¶
Overview ¶
SPDX-License-Identifier: Apache-2.0
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
Index ¶
- Constants
- Variables
- func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandFlags) (err error)
- func DisplayComponentListCSV(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
- func DisplayComponentListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
- func DisplayComponentListText(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
- func DisplayLicenseListCSV(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
- func DisplayLicenseListJson(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
- func DisplayLicenseListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
- func DisplayLicenseListText(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
- func DisplayLicensePoliciesCSV(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayLicensePoliciesMarkdown(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayLicensePoliciesTabbedText(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, ...) (err error)
- func DisplayResourceListCSV(bom *schema.BOM, writer io.Writer) (err error)
- func DisplayResourceListMarkdown(bom *schema.BOM, writer io.Writer) (err error)
- func DisplayResourceListText(bom *schema.BOM, writer io.Writer) (err error)
- func DisplaySchemaErrorsCsv(writer io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemaErrorsJson(writer io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemaErrorsText(writer io.Writer, errs []gojsonschema.ResultError, ...)
- func DisplaySchemasCSV(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplaySchemasMarkdown(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplaySchemasTabbedText(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
- func DisplayStatsText(bom *schema.BOM, writer io.Writer)
- func DisplayVulnListCSV(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func DisplayVulnListJson(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func DisplayVulnListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func DisplayVulnListText(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
- func ErrorTypesMatch(err error, expected error) bool
- func Execute()
- func FormatSchemaErrors(writer io.Writer, schemaErrors []gojsonschema.ResultError, ...) (formattedSchemaErrors string)
- func IsInvalidBOMError(err error) bool
- func ListComponents(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func ListLicensePolicies(writer io.Writer, policyConfig *schema.LicensePolicyConfig, ...) (err error)
- func ListLicenses(writer io.Writer, policyConfig *schema.LicensePolicyConfig, ...) (err error)
- func ListResources(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func ListSchemas(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func ListStats(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func ListVulnerabilities(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func LoadBOMFile(inputFile string) (document *schema.BOM, err error)
- func LoadInputBOMFileAndDetectSchema() (document *schema.BOM, err error)
- func NewCommandComponent() *cobra.Command
- func NewCommandDiff() *cobra.Command
- func NewCommandLicense() *cobra.Command
- func NewCommandList() *cobra.Command
- func NewCommandPatch() *cobra.Command
- func NewCommandPolicy() *cobra.Command
- func NewCommandQuery() *cobra.Command
- func NewCommandResource() *cobra.Command
- func NewCommandSchema() *cobra.Command
- func NewCommandStats() *cobra.Command
- func NewCommandTrim() *cobra.Command
- func NewCommandValidate() *cobra.Command
- func NewCommandVersion() *cobra.Command
- func NewCommandVulnerability() *cobra.Command
- func Patch(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func Query(writer io.Writer, request *common.QueryRequest, response *common.QueryResponse) (resultJson interface{}, err error)
- func QueryJSONMap(jsonMap map[string]interface{}, request *common.QueryRequest) (resultJson interface{}, err error)
- func RootCmdImpl(cmd *cobra.Command, args []string) error
- func Trim(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (err error)
- func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, ...) (valid bool, bom *schema.BOM, schemaErrors []gojsonschema.ResultError, ...)
- type BaseError
- type ColumnFormatData
- type IETF6902Document
- type IETF6902Record
- type IETFRFC6902TestError
- type InvalidSBOMError
- type SBOMCompositionError
- type SBOMLicenseError
- type SBOMMetadataError
- type SBOMMetadataPropertyError
- type UnsupportedError
- type ValidationErrorResult
- func (validationErrResult *ValidationErrorResult) HashResultError()
- func (result *ValidationErrorResult) MapItemsMustBeUniqueError(flags utils.ValidateCommandFlags)
- func (result *ValidationErrorResult) MapResultError(flags utils.ValidateCommandFlags)
- func (validationErrResult *ValidationErrorResult) MarshalJSON() (marshalled []byte, err error)
Constants ¶
const ( COMPONENT_FILTER_KEY_BOMREF = "bom-ref" COMPONENT_FILTER_KEY_GROUP = "group" COMPONENT_FILTER_KEY_TYPE = "type" COMPONENT_FILTER_KEY_NAME = "name" COMPONENT_FILTER_KEY_DESCRIPTION = "description" COMPONENT_FILTER_KEY_VERSION = "version" COMPONENT_FILTER_KEY_COPYRIGHT = "copyright" COMPONENT_FILTER_KEY_PURL = "purl" COMPONENT_FILTER_KEY_SWID = "swid-tag-id" COMPONENT_FILTER_KEY_CPE = "cpe" COMPONENT_FILTER_KEY_SUPPLIER_NAME = "supplier-name" COMPONENT_FILTER_KEY_SUPPLIER_URL = "supplier-url" COMPONENT_FILTER_KEY_MANUFACTURER_NAME = "manufacturer-name" COMPONENT_FILTER_KEY_MANUFACTURER_URL = "manufacturer-url" COMPONENT_FILTER_KEY_PUBLISHER = "publisher" COMPONENT_FILTER_KEY_NUM_LICENSES = "number-licenses" COMPONENT_FILTER_KEY_NUM_HASHES = "number-hashes" COMPONENT_FILTER_KEY_HAS_PEDIGREE = "has-pedigree" COMPONENT_FILTER_KEY_HAS_EVIDENCE = "has-evidence" COMPONENT_FILTER_KEY_MIME_TYPE = "mime-type" COMPONENT_FILTER_KEY_HAS_SCOPE = "scope" COMPONENT_FILTER_KEY_HAS_COMPONENTS = "has-components" COMPONENT_FILTER_KEY_HAS_RELEASE_NOTES = "has-release-notes" COMPONENT_FILTER_KEY_HAS_MODEL_CARD = "has-model-card" COMPONENT_FILTER_KEY_HAS_DATA = "has-data" COMPONENT_FILTER_KEY_HAS_TAGS = "has-tags" COMPONENT_FILTER_KEY_HAS_SIGNATURE = "has-signature" )
filter keys Note: these string values MUST match annotations for the ComponentInfo struct fields Scope string `json:"scope,omitempty"`
const ( FLAG_COMPONENT_SUMMARY = "summary" FLAG_COMPONENT_TYPE = "type" // FLAG_COMPONENT_TYPE_HELP = "filter output by component type(s)" FLAG_COMPONENT_SUMMARY_HELP = "summarize component information when listing in supported formats" )
Flags. Reuse query flag values where possible
const ( FLAG_DIFF_FILENAME_REVISION = "input-revision" FLAG_DIFF_FILENAME_REVISION_SHORT = "r" MSG_FLAG_INPUT_REVISION = "input filename for the revised file to compare against the base file" MSG_FLAG_DIFF_COLORIZE = "Colorize diff text output (true|false); default false" )
validation flags
const ( ERROR_APPLICATION = 1 ERROR_VALIDATION = 2 )
const ( ERR_TYPE_INVALID_JSON_MAP = "invalid JSON map" ERR_TYPE_INVALID_SBOM = "invalid SBOM" ERR_TYPE_SBOM_COMPONENT = "component error" ERR_TYPE_SBOM_LICENSE = "license error" ERR_TYPE_SBOM_COMPOSITION = "composition error" ERR_TYPE_SBOM_METADATA = "metadata error" ERR_TYPE_SBOM_METADATA_PROPERTY = "metadata property error" ERR_TYPE_UNEXPECTED_ERROR = "unexpected error" ERR_TYPE_UNSUPPORTED_OPERATION = "unsupported operation" ERR_TYPE_IETF_RFC6902_TEST_FAILED = "IETF RFC6902 test operation error" )
General error messages
const ( MSG_PROPERTY_NOT_UNIQUE = "check failed: property not unique" MSG_INVALID_METADATA_PROPERTIES = "field `metadata.properties` is missing or invalid" MSG_INVALID_METADATA_COMPONENT_COMPONENTS = "field `metadata.component.components` array should be empty" MSG_INVALID_METADATA_COMPONENT = "field `metadata.component` is missing or invalid" )
Custom Validation messages TODO: Need to define a profile that supports these validation checks/messages
const ( MSG_FORMAT_TYPE = "format: `%s`" MSG_SCHEMA_ERRORS = "schema errors found" MSG_PROPERTY_NOT_FOUND = "property not found" MSG_PROPERTY_REGEX_FAILED = "check failed: property regex mismatch" MSG_IETF_RFC6902_OPERATION_SUCCESS = "IETF RFC6902 test operation success" )
Validation messages
const ( MSG_LICENSE_INVALID_DATA = "invalid license data" MSG_LICENSE_INVALID_POLICY = "invalid license policy" MSG_LICENSE_NOT_FOUND = "license not found" MSG_LICENSES_NOT_FOUND = "licenses not found" MSG_LICENSE_HASH_ERROR = "hash of license failed" )
License messages
const ( MSG_QUERY_ERROR_FROM_KEY_NOT_FOUND = "key not found in path" MSG_QUERY_ERROR_FROM_KEY_SLICE_DEREFERENCE = "key attempts to dereference into an array" MSG_QUERY_ERROR_SELECT_WILDCARD = "wildcard cannot be used with other values" )
Query error details
const ( SUBCOMMAND_LICENSE_LIST = "list" SUBCOMMAND_LICENSE_POLICY = "policy" )
const ( LICENSE_LIST_NOT_APPLICABLE = "N/A" LICENSE_NO_ASSERTION = "NOASSERTION" )
License list default values
const ( FLAG_LICENSE_LIST_OUTPUT_FORMAT_HELP = "format output using the specified format type" FLAG_LICENSE_LIST_SUMMARY_HELP = "summarize licenses and component references when listing in supported formats" )
License list command flag help messages
const ( MSG_OUTPUT_NO_LICENSES_FOUND = "no licenses found in BOM document" MSG_OUTPUT_NO_LICENSES_ONLY_NOASSERTION = "no valid licenses found in BOM document (only licenses marked NOASSERTION)" )
License list command informational messages
const ( LICENSE_FILTER_KEY_USAGE_POLICY = "usage-policy" LICENSE_FILTER_KEY_LICENSE_TYPE = "license-type" LICENSE_FILTER_KEY_LICENSE = "license" LICENSE_FILTER_KEY_RESOURCE_NAME = "resource-name" LICENSE_FILTER_KEY_BOM_REF = "bom-ref" LICENSE_FILTER_KEY_BOM_LOCATION = "bom-location" )
filter keys
const ( LICENSE_FILTER_KEY_LICENSE_ID = "license-id" LICENSE_FILTER_KEY_LICENSE_NAME = "license-name" LICENSE_FILTER_KEY_LICENSE_EXPRESSION = "license-expression" LICENSE_FILTER_KEY_LICENSE_URL = "license-url" LICENSE_FILTER_KEY_LICENSE_TEXT_ENCODING = "license-text-encoding" LICENSE_FILTER_KEY_LICENSE_TEXT_CONTENT_TYPE = "license-text-content-type" LICENSE_FILTER_KEY_LICENSE_TEXT_CONTENT = "license-text-content" )
var LICENSE_LIST_TITLES_LICENSE_CHOICE = []string{"License.Id", "License.Name", "License.Url", "Expression", "License.Text.ContentType", "License.Text.Encoding", "License.Text.Content"}
const ( POLICY_FILTER_KEY_USAGE_POLICY = "usage-policy" POLICY_FILTER_KEY_FAMILY = "family" POLICY_FILTER_KEY_SPDX_ID = "id" POLICY_FILTER_KEY_NAME = "name" POLICY_FILTER_KEY_OSI_APPROVED = "osi" POLICY_FILTER_KEY_FSF_APPROVED = "fsf" POLICY_FILTER_KEY_DEPRECATED = "deprecated" POLICY_FILTER_KEY_REFERENCE = "reference" POLICY_FILTER_KEY_ALIASES = "aliases" POLICY_FILTER_KEY_ANNOTATIONS = "annotations" POLICY_FILTER_KEY_NOTES = "notes" )
filter keys
const ( FLAG_POLICY_OUTPUT_FORMAT_HELP = "format output using the specified type" FLAG_POLICY_REPORT_LINE_WRAP_HELP = "toggles the wrapping of text within report column output (default: false)" )
Subcommand flags
const ( // Patch operations IETF_RFC6902_OP_ADD = "add" IETF_RFC6902_OP_REMOVE = "remove" IETF_RFC6902_OP_REPLACE = "replace" IETF_RFC6902_OP_MOVE = "move" IETF_RFC6902_OP_COPY = "copy" IETF_RFC6902_OP_TEST = "test" )
const ( FLAG_OUTPUT_FORMAT = "format" FLAG_QUERY_SELECT = "select" FLAG_QUERY_FROM = "from" FLAG_QUERY_WHERE = "where" FLAG_QUERY_ORDER_BY = "orderby" )
Query command flags
const ( FLAG_QUERY_OUTPUT_FORMAT_HELP = "format output using the specified type" FLAG_QUERY_SELECT_HELP = "comma-separated list of JSON key names used to select fields within the object designated by the FROM flag" + "\n- the wildcard character `*` can be used to denote inclusion of all found key-values" FLAG_QUERY_FROM_HELP = "dot-separated list of JSON key names used to dereference into the JSON document" + "\n - if not present, the query assumes document \"root\" as the `--from` object" FLAG_QUERY_WHERE_HELP = "comma-separated list of key=<regex> of clauses used to filter the SELECT result set" FLAG_QUERY_ORDER_BY_HELP = "key name that appears in the SELECT result set used to order the result records" )
Query command flag help messages
const ( FLAG_REPORT_WHERE = "where" FLAG_REPORT_WHERE_HELP = "comma-separated list of `key=<regex>` clauses used to filter the result set" )
Common/reusable Flags used across multiple report commands
const ( REPORT_LIST_TITLE_ROW_SEPARATOR = "-" REPORT_LIST_VALUE_NONE = "none" )
const ( MD_COLUMN_SEPARATOR = "|" MD_ALIGN_LEFT = ":--" MD_ALIGN_CENTER = "-:-" MD_ALIGN_RIGHT = "--:" MD_ALIGN_DEFAULT = MD_ALIGN_LEFT )
Markdown report helpers
const ( RESOURCE_FILTER_KEY_RESOURCE_TYPE = "resource-type" RESOURCE_FILTER_KEY_NAME = "name" RESOURCE_FILTER_KEY_VERSION = "version" RESOURCE_FILTER_KEY_BOMREF = "bom-ref" RESOURCE_FILTER_KEY_GROUP = "group" RESOURCE_FILTER_KEY_DESCRIPTION = "description" )
filter keys Note: these string values MUST match annotations for the ResourceInfo struct fields
const ( FLAG_RESOURCE_TYPE = "type" FLAG_RESOURCE_TYPE_HELP = "filter output by resource type (i.e., component | service)" )
Flags. Reuse query flag values where possible
const ( CMD_COMPONENT = "component" CMD_DIFF = "diff" CMD_LICENSE = "license" CMD_QUERY = "query" CMD_RESOURCE = "resource" CMD_SCHEMA = "schema" CMD_VALIDATE = "validate" CMD_VERSION = "version" CMD_VULNERABILITY = "vulnerability" CMD_STATS = "stats" CMD_TRIM = "trim" CMD_PATCH = "patch" )
top-level commands
const ( CMD_USAGE_COMPONENT_LIST = CMD_COMPONENT + " " + SUBCOMMAND_LICENSE_LIST + " --input-file <input_file> [--type type1[,typeN]>] [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_DIFF = CMD_DIFF + " --input-file <base_file> --input-revision <revised_file> [--format json|txt] [--colorize=true|false]" CMD_USAGE_LICENSE_LIST = SUBCOMMAND_LICENSE_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]" CMD_USAGE_LICENSE_POLICY = SUBCOMMAND_LICENSE_POLICY + " [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_QUERY = CMD_QUERY + " --input-file <input_file> [--select * | field1[,fieldN]] [--from key1[.keyN]] [--where key=regex[,...]]" CMD_USAGE_RESOURCE_LIST = CMD_RESOURCE + " --input-file <input_file> [--type component|service] [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_SCHEMA_LIST = CMD_SCHEMA + " [--where key=regex[,...]] [--format txt|csv|md]" CMD_USAGE_VALIDATE = CMD_VALIDATE + " --input-file <input_file> [--variant <variant_name>] [--format txt|json] [--force schema_file]" CMD_USAGE_VULNERABILITY_LIST = CMD_VULNERABILITY + " " + SUBCOMMAND_VULNERABILITY_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]" CMD_USAGE_STATS_LIST = CMD_STATS + " --input-file <input_file> [--type component|service] [--format txt|csv|md]" CMD_USAGE_TRIM = CMD_TRIM + " --input-file <input_file> --output-file <output_file> [--normalize]" CMD_USAGE_PATCH = CMD_PATCH + " --input-file <input_file> --patch-file <patch_file> --output-file <output_file>" )
WARNING!!! The ".Use" field of a Cobra command MUST have the first word be the actual command otherwise, the command will NOT be found by the Cobra framework. This is poor code assumption is NOT documented.
const ( FLAG_CONFIG_SCHEMA = "config-schema" FLAG_CONFIG_LICENSE_POLICY = "config-license" FLAG_CONFIG_CUSTOM_VALIDATION = "config-validation" FLAG_TRACE = "trace" FLAG_TRACE_SHORT = "t" FLAG_DEBUG = "debug" FLAG_DEBUG_SHORT = "d" FLAG_FILENAME_INPUT = "input-file" FLAG_FILENAME_INPUT_SHORT = "i" FLAG_FILENAME_OUTPUT = "output-file" FLAG_FILENAME_OUTPUT_SHORT = "o" FLAG_QUIET_MODE = "quiet" FLAG_QUIET_MODE_SHORT = "q" FLAG_OUTPUT_INDENT = "indent" FLAG_LOG_OUTPUT_INDENT = "log-indent" FLAG_FILE_OUTPUT_FORMAT = "format" FLAG_COLORIZE_OUTPUT = "colorize" FLAG_OUTPUT_NORMALIZE = "normalize" )
const ( MSG_APP_NAME = "Bill-of-Materials (BOM) utility." MSG_APP_DESCRIPTION = "This utility serves as centralized command-line interface for various Bill-of-Materials (BOM) helper utilities." MSG_FLAG_TRACE = "enable trace logging" MSG_FLAG_DEBUG = "enable debug logging" MSG_FLAG_INPUT = "input filename (e.g., \"path/sbom.json\")" MSG_FLAG_OUTPUT = "output filename" MSG_FLAG_OUTPUT_FORMAT = "format output using the specified type" MSG_FLAG_LOG_QUIET = "enable quiet logging mode (removes all informational messages from console output); overrides other logging commands" MSG_FLAG_LOG_INDENT = "enable log indentation of functional callstack" MSG_FLAG_CONFIG_SCHEMA = "provide custom application schema configuration file (i.e., overrides default `config.json`)" MSG_FLAG_CONFIG_LICENSE = "provide custom application license policy configuration file (i.e., overrides default `license.json`)" MSG_FLAG_OUTPUT_INDENT = "number of space characters used to indent JSON formatted output" MSG_FLAG_OUTPUT_NORMALIZE = "Normalize BOM document" )
const ( MSG_SUPPORTED_OUTPUT_FORMATS_HELP = "\n- Supported formats: " MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP = "\n- Supported formats using the --summary flag: " )
const ( DEFAULT_SCHEMA_CONFIG = "config.json" DEFAULT_CUSTOM_VALIDATION_CONFIG = "custom.json" DEFAULT_LICENSE_POLICY_CONFIG = "license.json" )
const ( FORMAT_DEFAULT = "" FORMAT_TEXT = "txt" FORMAT_JSON = "json" FORMAT_CSV = "csv" FORMAT_MARKDOWN = "md" FORMAT_ANY = "<any>" // Used for test errors )
Supported output formats
const ( SCHEMA_DATA_KEY_KEY_FILE = "file" // summary SCHEMA_DATA_KEY_KEY_FORMAT = "format" // summary SCHEMA_DATA_KEY_KEY_NAME = "name" // summary SCHEMA_DATA_KEY_KEY_SOURCE = "url" // summary SCHEMA_DATA_KEY_KEY_VARIANT = "variant" // summary SCHEMA_DATA_KEY_KEY_VERSION = "version" // summary )
const ( FLAG_TRIM_FROM_PATHS = "from" FLAG_TRIM_MAP_KEYS = "keys" FLAG_TRIM_NORMALIZE = "normalize" )
flags (do not translate)
const ( MSG_FLAG_TRIM_FROM_PATHS = "comma-separated list of dot-separated JSON document paths used to scope where trim is applied" + "\n - if not present, the default `--from` path is the document \"root\"" MSG_FLAG_TRIM_KEYS = "JSON map keys to trim (delete) (e.g., \"key1,key2,...,keyN\")" )
flag help (translate)
const ( TRIM_KEYS_SEP = "," TRIM_PATH_SEP = "." TRIM_PATHS_SEP = "," TRIM_FROM_TOKEN_WILDCARD = "*" )
const ( VALID = true INVALID = false )
const ( FLAG_VALIDATE_SCHEMA_FORCE = "force" FLAG_VALIDATE_SCHEMA_VARIANT = "variant" FLAG_VALIDATE_CUSTOM = "custom" // TODO: document when no longer experimental FLAG_VALIDATE_ERR_LIMIT = "error-limit" FLAG_VALIDATE_ERR_VALUE = "error-value" MSG_VALIDATE_SCHEMA_FORCE = "force specified schema file for validation; overrides inferred schema" MSG_VALIDATE_SCHEMA_VARIANT = "select named schema variant (e.g., \"strict\"); variant must be declared in configuration file (i.e., \"config.json\")" MSG_VALIDATE_FLAG_CUSTOM = "perform custom validation using custom configuration settings (i.e., \"custom.json\")" MSG_VALIDATE_FLAG_ERR_COLORIZE = "Colorize formatted error output (true|false); default true" MSG_VALIDATE_FLAG_ERR_LIMIT = "Limit number of errors output to specified (integer) (default 10)" MSG_VALIDATE_FLAG_ERR_FORMAT = "format error results using the specified format type" MSG_VALIDATE_FLAG_ERR_VALUE = "include details of failing value in error results (bool) (default: true)" )
validation flags TODO: support a `--truncate <int>“ flag (or similar... `err-value-truncate` <int>) used to truncate formatted "value" (details) to <int> bytes. This would replace the hardcoded "DEFAULT_MAX_ERR_DESCRIPTION_LEN" value
const ( DEFAULT_MAX_ERROR_LIMIT = 10 DEFAULT_MAX_ERR_DESCRIPTION_LEN = 128 )
limits
const ( ERROR_DETAIL_KEY_DATA_TYPE = "type" ERROR_DETAIL_KEY_FIELD = "field" ERROR_DETAIL_KEY_CONTEXT = "context" ERROR_DETAIL_KEY_VALUE = "value" ERROR_DETAIL_KEY_VALUE_TYPE_ARRAY = "array" ERROR_DETAIL_KEY_VALUE_INDEX = "index" ERROR_DETAIL_KEY_VALUE_ITEM = "item" ERROR_DETAIL_KEY_VALUE_DESCRIPTION = "description" ERROR_DETAIL_ARRAY_ITEM_INDEX_I = "i" ERROR_DETAIL_ARRAY_ITEM_INDEX_J = "j" ERROR_DETAIL_CONTEXT_EMPTY = "" )
const ( ERROR_DETAIL_JSON_DEFAULT_PREFIX = " " ERROR_DETAIL_JSON_DEFAULT_INDENT = " " ERROR_DETAIL_JSON_CONTEXT_DELIMITER = "." ERROR_DETAIL_JSON_NEWLINE_INDENT = "\n" + ERROR_DETAIL_JSON_DEFAULT_PREFIX )
const ( JSON_ARRAY_START = "[\n" JSON_ARRAY_ITEM_SEP = ",\n" JSON_ARRAY_END = "\n]\n" )
JSON formatting
const ( MSG_INFO_FORMATTING_ERROR_RESULTS = "Formatting error results (`%s` format)..." MSG_INFO_SCHEMA_ERRORS_DETECTED = "(%d) schema errors detected." MSG_INFO_TOO_MANY_ERRORS = "Too many errors. Showing (%v/%v) errors." MSG_ERROR_FORMATTING_ERROR = "formatting error: %s" MSG_WARN_INVALID_FORMAT = "invalid format. error results not supported for `%s` format; defaulting to `%s` format..." )
Recurring / translatable messages
const ( VULN_DATA_KEY_ID = "id" // summary VULN_DATA_KEY_BOM_REF = "bom-ref" // full (optional, internal reference) VULN_DATA_KEY_CWES = "cwe-ids" // full (Common Weakness Enumeration (CWE)) VULN_DATA_KEY_CVSS_SEVERITY = "cvss-severity" // summary (CVSS Severity, V3.1 ot v2.0) VULN_DATA_KEY_SOURCE_NAME = "source-name" // summary VULN_DATA_KEY_SOURCE_URL = "source-url" // full VULN_DATA_KEY_PUBLISHED = "published" // summary VULN_DATA_KEY_UPDATED = "updated" // full VULN_DATA_KEY_CREATED = "created" // full VULN_DATA_KEY_REJECTED = "rejected" // full VULN_DATA_KEY_ANALYSIS_STATE = "analysis-state" // full VULN_DATA_KEY_ANALYSIS_JUSTIFICATION = "analysis-justification" // full VULN_DATA_KEY_DESC = "description" // summary )
data (filter) keys
const ( FLAG_VULNERABILITY_OUTPUT_FORMAT_HELP = "format vulnerability output" FLAG_VULN_SUMMARY_HELP = "summarize vulnerability information when listing in supported formats" )
Command help formatting
const (
DEFAULT_OUTPUT_INDENT_LENGTH = 4
)
TODO: make flag configurable: NOTE: 4-space indent is accepted convention: https://docs.openstack.org/doc-contrib-guide/json-conv.html
const (
ERR_FORMAT_DETAIL_SEP = ": "
)
formatting Error() interface
const (
ERR_PATCH_REPLACE_PATH_EXISTS = "invalid path. Path does not exist to replace value"
)
const (
FLAG_COMPONENT_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Command help formatting
const (
FLAG_DIFF_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Command help formatting
const (
FLAG_LICENSE_POLICY_LIST_SUMMARY_HELP = "summarize licenses and policies when listing in supported formats"
)
const (
FLAG_LICENSE_SUMMARY = "summary"
)
Subcommand flags TODO: Support a new --sort <column> flag
const (
FLAG_PATCH_FILE = "patch-file"
)
flags (do not translate)
const (
FLAG_POLICY_REPORT_LINE_WRAP = "wrap"
)
Subcommand flags TODO: Support a new --sort <column> flag
const (
FLAG_RESOURCE_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Command help formatting
const (
FLAG_SCHEMA_OUTPUT_FORMAT_HELP = "format output using the specified type"
)
Subcommand flags
const (
FLAG_VULN_SUMMARY = "summary"
)
const (
INPUT_TYPE_STDIN = "-"
)
Command reserved values
const (
MSG_OUTPUT_NO_COMPONENTS_FOUND = "[WARN] no matching components found for query"
)
const (
MSG_OUTPUT_NO_POLICIES_FOUND = "no license policies found in BOM document"
)
License list policy command informational messages TODO Use only for Warning messages
const (
MSG_OUTPUT_NO_RESOURCES_FOUND = "[WARN] no matching resources found for query"
)
const (
MSG_OUTPUT_NO_SCHEMAS_FOUND = "[WARN] no schemas found in configuration (i.e., \"config.json\")"
)
const (
MSG_OUTPUT_NO_VULNERABILITIES_FOUND = "[WARN] no matching vulnerabilities found for query"
)
Vuln. command informational messages
const (
MSG_PATCH_FILE = "patch filename"
)
flag help (translate)
const (
PROTOCOL_PREFIX_FILE = "file://"
)
Protocol
const REPORT_DO_NOT_TRUNCATE = -1
const REPORT_REPLACE_LINE_FEEDS_TRUE = true
const REPORT_SUMMARY_DATA = true
Report column data values
const (
RFC6901_END_OF_ARRAY = "-"
)
The "-" character is used to index the end of the array (see [RFC6901])
const (
SUBCOMMAND_COMPONENT_LIST = "list"
)
const (
SUBCOMMAND_POLICY_LIST = "list"
)
const (
SUBCOMMAND_RESOURCE_LIST = "list"
)
const (
SUBCOMMAND_SCHEMA_LIST = "list"
)
const (
SUBCOMMAND_VULNERABILITY_LIST = "list"
)
const VULN_TRUNCATE_DESC_LEN = 32
TODO make configurable via flag
Variables ¶
var COMPONENT_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
var COMPONENT_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(COMPONENT_FILTER_KEY_BOMREF, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_GROUP, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_TYPE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_VERSION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_DESCRIPTION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, REPORT_REPLACE_LINE_FEEDS_TRUE), *NewColumnFormatData(COMPONENT_FILTER_KEY_COPYRIGHT, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_SUPPLIER_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_SUPPLIER_URL, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_MANUFACTURER_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_MANUFACTURER_URL, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_PUBLISHER, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_PURL, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_SWID, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_CPE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_MIME_TYPE, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_SCOPE, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_NUM_HASHES, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_NUM_LICENSES, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_PEDIGREE, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_EVIDENCE, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_COMPONENTS, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_RELEASE_NOTES, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_MODEL_CARD, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_DATA, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_TAGS, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(COMPONENT_FILTER_KEY_HAS_SIGNATURE, REPORT_DO_NOT_TRUNCATE, false, false), }
var DIFF_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_JSON}, ", ")
var LICENSE_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(LICENSE_FILTER_KEY_USAGE_POLICY, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_TYPE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_RESOURCE_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_BOM_REF, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_BOM_LOCATION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_ID, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_NAME, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_EXPRESSION, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_URL, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_TEXT_ENCODING, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_TEXT_CONTENT_TYPE, -1, false, false), *NewColumnFormatData(LICENSE_FILTER_KEY_LICENSE_TEXT_CONTENT, 8, false, false), }
var LICENSE_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") + " (default: json)"
Command help formatting
var LICENSE_POLICY_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(POLICY_FILTER_KEY_USAGE_POLICY, 16, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_FAMILY, 20, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_SPDX_ID, 20, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_NAME, 20, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_OSI_APPROVED, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_FSF_APPROVED, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_DEPRECATED, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_REFERENCE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(POLICY_FILTER_KEY_ALIASES, 24, false, false), *NewColumnFormatData(POLICY_FILTER_KEY_ANNOTATIONS, 24, false, false), *NewColumnFormatData(POLICY_FILTER_KEY_NOTES, 24, false, false), }
Describe the column data and their attributes and constraints used for formatting
var LICENSE_POLICY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
Command help formatting
var LicensePolicyConfig *schema.LicensePolicyConfig
var PATCH_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON}, ", ")
var ProjectLogger *log.MiniLogger
Globals
var QUERY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON}, ", ")
var RESOURCE_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
var RESOURCE_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(RESOURCE_FILTER_KEY_BOMREF, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(RESOURCE_FILTER_KEY_RESOURCE_TYPE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(RESOURCE_FILTER_KEY_GROUP, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(RESOURCE_FILTER_KEY_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(RESOURCE_FILTER_KEY_VERSION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(RESOURCE_FILTER_KEY_DESCRIPTION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, REPORT_REPLACE_LINE_FEEDS_TRUE), }
var SCHEMA_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_VARIANT, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_FORMAT, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_VERSION, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_FILE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(SCHEMA_DATA_KEY_KEY_SOURCE, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), }
NOTE: columns will be output in order they are listed here:
var SCHEMA_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
Command help formatting
var STATS_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
var SupportedFormatConfig schema.BOMFormatAndSchemaConfig
var TRIM_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_JSON}, ", ")
var VALIDATE_SUPPORTED_ERROR_FORMATS = MSG_VALIDATE_FLAG_ERR_FORMAT + strings.Join([]string{FORMAT_TEXT, FORMAT_JSON, FORMAT_CSV}, ", ") + " (default: txt)"
var VALIDATION_ERROR_TITLES = []string{ ERROR_DETAIL_KEY_DATA_TYPE, ERROR_DETAIL_KEY_FIELD, ERROR_DETAIL_KEY_CONTEXT, ERROR_DETAIL_KEY_VALUE_DESCRIPTION, }
var VALID_COMPONENT_FILTER_KEYS = []string{ COMPONENT_FILTER_KEY_BOMREF, COMPONENT_FILTER_KEY_GROUP, COMPONENT_FILTER_KEY_TYPE, COMPONENT_FILTER_KEY_NAME, COMPONENT_FILTER_KEY_DESCRIPTION, COMPONENT_FILTER_KEY_VERSION, COMPONENT_FILTER_KEY_COPYRIGHT, COMPONENT_FILTER_KEY_PURL, COMPONENT_FILTER_KEY_CPE, COMPONENT_FILTER_KEY_SWID, COMPONENT_FILTER_KEY_SUPPLIER_NAME, COMPONENT_FILTER_KEY_SUPPLIER_URL, COMPONENT_FILTER_KEY_MANUFACTURER_NAME, COMPONENT_FILTER_KEY_MANUFACTURER_URL, COMPONENT_FILTER_KEY_PUBLISHER, COMPONENT_FILTER_KEY_NUM_LICENSES, COMPONENT_FILTER_KEY_NUM_HASHES, COMPONENT_FILTER_KEY_HAS_PEDIGREE, COMPONENT_FILTER_KEY_HAS_EVIDENCE, COMPONENT_FILTER_KEY_MIME_TYPE, COMPONENT_FILTER_KEY_HAS_SCOPE, COMPONENT_FILTER_KEY_HAS_COMPONENTS, COMPONENT_FILTER_KEY_HAS_RELEASE_NOTES, COMPONENT_FILTER_KEY_HAS_MODEL_CARD, COMPONENT_FILTER_KEY_HAS_DATA, COMPONENT_FILTER_KEY_HAS_TAGS, COMPONENT_FILTER_KEY_HAS_SIGNATURE, }
var VALID_SUBCOMMANDS_COMPONENT = []string{SUBCOMMAND_COMPONENT_LIST}
var VALID_SUBCOMMANDS_LICENSE = []string{SUBCOMMAND_LICENSE_LIST, SUBCOMMAND_LICENSE_POLICY}
var VALID_SUBCOMMANDS_POLICY = []string{SUBCOMMAND_POLICY_LIST}
var VALID_SUBCOMMANDS_RESOURCE = []string{SUBCOMMAND_RESOURCE_LIST}
var VALID_SUBCOMMANDS_SCHEMA = []string{SUBCOMMAND_SCHEMA_LIST}
var VALID_SUBCOMMANDS_VULNERABILITY = []string{SUBCOMMAND_VULNERABILITY_LIST}
var VULNERABILITY_LIST_ROW_DATA = []ColumnFormatData{ *NewColumnFormatData(VULN_DATA_KEY_ID, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(VULN_DATA_KEY_BOM_REF, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_CWES, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_CVSS_SEVERITY, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(VULN_DATA_KEY_SOURCE_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(VULN_DATA_KEY_SOURCE_URL, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_PUBLISHED, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false), *NewColumnFormatData(VULN_DATA_KEY_UPDATED, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_CREATED, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_REJECTED, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_ANALYSIS_STATE, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_ANALYSIS_JUSTIFICATION, REPORT_DO_NOT_TRUNCATE, false, false), *NewColumnFormatData(VULN_DATA_KEY_DESC, VULN_TRUNCATE_DESC_LEN, REPORT_SUMMARY_DATA, REPORT_REPLACE_LINE_FEEDS_TRUE), }
NOTE: columns will be output in order they are listed here: NOTE: data marked as "summary" data is informed by the output from the NVD database service itself this includes fields that have ISO 8601 date-time fields are truncated to show date only
var VULNERABILITY_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP + strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN, FORMAT_JSON}, ", ")
Functions ¶
func Diff ¶ added in v0.12.0
func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandFlags) (err error)
func DisplayComponentListCSV ¶ added in v0.16.0
func DisplayComponentListCSV(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayComponentListMarkdown ¶ added in v0.16.0
func DisplayComponentListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayComponentListText ¶ added in v0.16.0
func DisplayComponentListText(bom *schema.BOM, writer io.Writer, flags utils.ComponentCommandFlags) (err error)
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func DisplayLicenseListCSV ¶
func DisplayLicenseListCSV(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag
func DisplayLicenseListJson ¶
func DisplayLicenseListJson(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
NOTE: This list is NOT de-duplicated NOTE: if no licenses are found, the "json.Marshal" method(s) will return a value of "null" which is valid JSON (and not an empty array) TODO: Support de-duplication (flag) (which MUST be exact using deep comparison)
func DisplayLicenseListMarkdown ¶
func DisplayLicenseListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
NOTE: This list is NOT de-duplicated
func DisplayLicenseListText ¶ added in v0.16.0
func DisplayLicenseListText(bom *schema.BOM, writer io.Writer, flags utils.LicenseCommandFlags) (err error)
NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag
func DisplayLicensePoliciesCSV ¶
func DisplayLicensePoliciesCSV(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayLicensePoliciesMarkdown ¶
func DisplayLicensePoliciesMarkdown(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayLicensePoliciesTabbedText ¶
func DisplayLicensePoliciesTabbedText(writer io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)
Display all license policies including those with SPDX IDs and those only with "family" names which is reflected in the contents of the hashmap keyed on family names. NOTE: assumes all entries in the policy config file MUST have family names TODO: Allow caller to pass flag to truncate or not (perhaps with value) TODO: Add a --no-title flag to skip title output
func DisplayResourceListCSV ¶
TODO: Add a --no-title flag to skip title output
func DisplayResourceListMarkdown ¶
TODO: Add a --no-title flag to skip title output
func DisplayResourceListText ¶
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func DisplaySchemaErrorsCsv ¶ added in v0.12.0
func DisplaySchemaErrorsCsv(writer io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemaErrorsJson ¶ added in v0.12.0
func DisplaySchemaErrorsJson(writer io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemaErrorsText ¶ added in v0.12.0
func DisplaySchemaErrorsText(writer io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)
func DisplaySchemasCSV ¶
func DisplaySchemasCSV(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplaySchemasMarkdown ¶
func DisplaySchemasMarkdown(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplaySchemasTabbedText ¶
func DisplaySchemasTabbedText(writer io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayStatsText ¶ added in v0.14.0
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func DisplayVulnListCSV ¶ added in v0.10.0
func DisplayVulnListCSV(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayVulnListJson ¶ added in v0.10.0
func DisplayVulnListJson(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
Output filtered list of vulnerabilities as JSON
func DisplayVulnListMarkdown ¶ added in v0.10.0
func DisplayVulnListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
TODO: Add a --no-title flag to skip title output
func DisplayVulnListText ¶ added in v0.10.0
func DisplayVulnListText(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error)
NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output
func ErrorTypesMatch ¶
NOTE: err = nil will also fail if error was expected
func FormatSchemaErrors ¶
func FormatSchemaErrors(writer io.Writer, schemaErrors []gojsonschema.ResultError, flags utils.ValidateCommandFlags, format string) (formattedSchemaErrors string)
func IsInvalidBOMError ¶ added in v0.13.0
func ListComponents ¶ added in v0.16.0
func ListComponents(writer io.Writer, persistentFlags utils.PersistentCommandFlags, flags utils.ComponentCommandFlags, whereFilters []common.WhereFilter) (err error)
NOTE: resourceType has already been validated
func ListLicensePolicies ¶ added in v0.11.0
func ListLicensePolicies(writer io.Writer, policyConfig *schema.LicensePolicyConfig, persistentFlags utils.PersistentCommandFlags, licenseFlags utils.LicenseCommandFlags, whereFilters []common.WhereFilter) (err error)
func ListLicenses ¶
func ListLicenses(writer io.Writer, policyConfig *schema.LicensePolicyConfig, persistentFlags utils.PersistentCommandFlags, licenseFlags utils.LicenseCommandFlags, whereFilters []common.WhereFilter) (err error)
func ListResources ¶
func ListResources(writer io.Writer, persistentFlags utils.PersistentCommandFlags, resourceFlags utils.ResourceCommandFlags, whereFilters []common.WhereFilter) (err error)
NOTE: resourceType has already been validated
func ListSchemas ¶
func ListSchemas(writer io.Writer, persistentFlags utils.PersistentCommandFlags, whereFilters []common.WhereFilter) (err error)
func ListStats ¶ added in v0.14.0
func ListStats(writer io.Writer, persistentFlags utils.PersistentCommandFlags, statsFlags utils.StatsCommandFlags) (err error)
NOTE: resourceType has already been validated
func ListVulnerabilities ¶ added in v0.10.0
func ListVulnerabilities(writer io.Writer, persistentFlags utils.PersistentCommandFlags, flags utils.VulnerabilityCommandFlags, whereFilters []common.WhereFilter) (err error)
NOTE: vulnerability type data has already been validated
func LoadBOMFile ¶ added in v0.16.0
func LoadInputBOMFileAndDetectSchema ¶ added in v0.13.0
func NewCommandComponent ¶ added in v0.16.0
func NewCommandDiff ¶ added in v0.12.0
func NewCommandLicense ¶
func NewCommandList ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandPatch ¶ added in v0.15.0
func NewCommandPolicy ¶
WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command
func NewCommandQuery ¶
func NewCommandResource ¶
func NewCommandSchema ¶
func NewCommandStats ¶ added in v0.14.0
func NewCommandTrim ¶ added in v0.14.0
func NewCommandValidate ¶
func NewCommandVersion ¶
func NewCommandVulnerability ¶ added in v0.10.0
func Patch ¶ added in v0.15.0
func Patch(writer io.Writer, persistentFlags utils.PersistentCommandFlags, patchFlags utils.PatchCommandFlags) (err error)
NOTE: resourceType has already been validated
func Query ¶ added in v0.14.0
func Query(writer io.Writer, request *common.QueryRequest, response *common.QueryResponse) (resultJson interface{}, err error)
Query JSON map and return selected subset i.e., use QueryRequest (syntax) to implement the Query into the JSON document
func QueryJSONMap ¶ added in v0.14.0
func QueryJSONMap(jsonMap map[string]interface{}, request *common.QueryRequest) (resultJson interface{}, err error)
func Trim ¶ added in v0.14.0
func Trim(writer io.Writer, persistentFlags utils.PersistentCommandFlags, trimFlags utils.TrimCommandFlags) (err error)
NOTE: resourceType has already been validated
func Validate ¶
func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, validateFlags utils.ValidateCommandFlags) (valid bool, bom *schema.BOM, schemaErrors []gojsonschema.ResultError, err error)
Types ¶
type BaseError ¶
type BaseError struct { Type string Message string InputFile string InnerError error Command string Flags string Details string }
func (*BaseError) AppendMessage ¶
type ColumnFormatData ¶ added in v0.11.0
type ColumnFormatData struct { DataKey string // Note: data key is the column label (where possible) TruncateLength int // truncate character data to this length (default=-1 means don't truncate) IsSummaryData bool // include in `--summary` reports ReplaceLineFeeds bool // replace line feeds with spaces (e.g., for multi-line descriptions) Alignment string // Align column data where possible (i.e., This is primarily for markdown format) }
TODO: Support additional flags to:
- show number of chars shown vs. available when truncated (e.g., (x/y))
- provide "empty" value to display in column (e.g., "none" or "UNDEFINED")
- inform how to "summarize" (e.g., show-first-only) data if data type is a slice (e.g., []string) NOTE: if only a subset of entries are shown on a summary, an indication of (x) entries could be shown as well
- Support Markdown column alignment (e.g., MD_ALIGN_xxx values)
func NewColumnFormatData ¶ added in v0.16.0
func NewColumnFormatData(key string, truncateLen int, isSummary bool, replaceLineFeeds bool) (foo *ColumnFormatData)
func (*ColumnFormatData) SetAlignment ¶ added in v0.16.0
func (data *ColumnFormatData) SetAlignment(alignment string)
type IETF6902Document ¶ added in v0.15.0
type IETF6902Document struct { Records []IETF6902Record // contains filtered or unexported fields }
func NewIETFRFC6902PatchDocument ¶ added in v0.15.0
func NewIETFRFC6902PatchDocument(patchFilename string) (document *IETF6902Document)
func (*IETF6902Document) ReadRawBytes ¶ added in v0.15.0
func (document *IETF6902Document) ReadRawBytes() (err error)
func (*IETF6902Document) UnmarshalRecords ¶ added in v0.15.0
func (document *IETF6902Document) UnmarshalRecords() (err error)
type IETF6902Record ¶ added in v0.15.0
type IETF6902Record struct { Operation string `json:"op"` Path string `json:"path"` Value interface{} `json:"value,omitempty"` From string `json:"from,omitempty"` }
Example of all opcodes:
{ "op": "test", "path": "/a/b/c", "value": "foo" }, { "op": "remove", "path": "/a/b/c" }, { "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }, { "op": "replace", "path": "/a/b/c", "value": 42 }, { "op": "move", "from": "/a/b/c", "path": "/a/b/d" }, { "op": "copy", "from": "/a/b/d", "path": "/a/b/e" }
func (*IETF6902Record) String ¶ added in v0.15.0
func (record *IETF6902Record) String() string
type IETFRFC6902TestError ¶ added in v0.15.0
IETF RFC6902 "Test" error
func NewIETFRFC6902TestError ¶ added in v0.15.0
func NewIETFRFC6902TestError(record string, value interface{}) *IETFRFC6902TestError
func (IETFRFC6902TestError) Error ¶ added in v0.15.0
func (err IETFRFC6902TestError) Error() string
type InvalidSBOMError ¶
type InvalidSBOMError struct { BaseError SBOM *schema.BOM FieldKeys []string // Keys used to dereference into JSON map where error found SchemaErrors []gojsonschema.ResultError }
Extend the base error type
func NewInvalidSBOMError ¶
func NewInvalidSBOMError(sbom *schema.BOM, m string, errIn error, schemaErrors []gojsonschema.ResultError) *InvalidSBOMError
type SBOMCompositionError ¶
type SBOMCompositionError struct {
InvalidSBOMError
}
Define more specific invalid SBOM errors
func NewSBOMCompositionError ¶
func NewSBOMCompositionError(m string, sbom *schema.BOM, fields []string) *SBOMCompositionError
func (SBOMCompositionError) Error ¶
func (err SBOMCompositionError) Error() string
Support the error interface
type SBOMLicenseError ¶
type SBOMLicenseError struct {
InvalidSBOMError
}
NOTE: Current sub-type is "no license found"; other, more specific subtypes may be created
func IsBOMLicenseError ¶ added in v0.13.0
func IsBOMLicenseError(err error) (*SBOMLicenseError, bool)
func NewSbomLicenseDataError ¶
func NewSbomLicenseDataError() *SBOMLicenseError
func NewSbomLicenseNotFoundError ¶
func NewSbomLicenseNotFoundError(sbom *schema.BOM) *SBOMLicenseError
type SBOMMetadataError ¶
type SBOMMetadataError struct { InvalidSBOMError Metadata schema.CDXMetadata }
Define more specific invalid SBOM errors
func NewSBOMMetadataError ¶
func NewSBOMMetadataError(sbom *schema.BOM, m string, metadata schema.CDXMetadata) *SBOMMetadataError
TODO: create Error() (interface) method that displays CDXMetadata
type SBOMMetadataPropertyError ¶
type SBOMMetadataPropertyError struct { SBOMMetadataError Expected *schema.CustomValidationProperty Actual []schema.CDXProperty }
func NewSbomMetadataPropertyError ¶
func NewSbomMetadataPropertyError(sbom *schema.BOM, m string, expected *schema.CustomValidationProperty, values []schema.CDXProperty) *SBOMMetadataPropertyError
TODO: create Error() (interface) method that displays CDXProperty
type UnsupportedError ¶ added in v0.15.0
NOTE: use for unsupported features/subfunctions etc. Used primarily for "patch" operation implementations currently
func NewUnsupportedError ¶ added in v0.15.0
func NewUnsupportedError(op string, m string) *UnsupportedError
func (UnsupportedError) Error ¶ added in v0.15.0
func (err UnsupportedError) Error() string
type ValidationErrorResult ¶ added in v0.12.0
type ValidationErrorResult struct { ResultError gojsonschema.ResultError // read only Context *gojsonschema.JsonContext `json:"context"` // resultError.Context() // contains filtered or unexported fields }
JsonContext is a linked-list of JSON key strings
func NewValidationErrorResult ¶ added in v0.12.0
func NewValidationErrorResult(resultError gojsonschema.ResultError) (validationErrResult *ValidationErrorResult)
func (*ValidationErrorResult) HashResultError ¶ added in v0.12.0
func (validationErrResult *ValidationErrorResult) HashResultError()
func (*ValidationErrorResult) MapItemsMustBeUniqueError ¶ added in v0.12.0
func (result *ValidationErrorResult) MapItemsMustBeUniqueError(flags utils.ValidateCommandFlags)
func (*ValidationErrorResult) MapResultError ¶ added in v0.12.0
func (result *ValidationErrorResult) MapResultError(flags utils.ValidateCommandFlags)
func (*ValidationErrorResult) MarshalJSON ¶ added in v0.12.0
func (validationErrResult *ValidationErrorResult) MarshalJSON() (marshalled []byte, err error)