From d85ce128ffcefe641eaa3652ec8e81f6e4189590 Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Wed, 22 Jun 2022 16:40:24 +0800 Subject: [PATCH 01/10] =?UTF-8?q?=E6=B7=BB=E5=8A=A0spdx=E6=A0=BC=E5=BC=8F?= =?UTF-8?q?=E7=9A=84sbom=E6=B8=85=E5=8D=95=E5=AF=BC=E5=87=BA=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cli/go.mod | 2 + cli/go.sum | 2 + cli/main.go | 2 + cli/out.spdx | 1148 ++++++++++++++++++++++++++++++++++++++ util/report/spdx.go | 129 +++++ util/report/spdx_type.go | 101 ++++ 6 files changed, 1384 insertions(+) create mode 100644 cli/go.sum create mode 100644 cli/out.spdx create mode 100644 util/report/spdx.go create mode 100644 util/report/spdx_type.go diff --git a/cli/go.mod b/cli/go.mod index 9ad835e..e88a59b 100644 --- a/cli/go.mod +++ b/cli/go.mod @@ -1,3 +1,5 @@ module cli go 1.18 + +require github.com/Masterminds/semver/v3 v3.1.1 diff --git a/cli/go.sum b/cli/go.sum new file mode 100644 index 0000000..471bde9 --- /dev/null +++ b/cli/go.sum @@ -0,0 +1,2 @@ +github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= +github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= diff --git a/cli/main.go b/cli/main.go index 796942c..db0e3f6 100644 --- a/cli/main.go +++ b/cli/main.go @@ -38,6 +38,8 @@ func output(depRoot *model.DepTree, taskInfo report.TaskInfo) { reportFunc = report.Html case ".json": reportFunc = report.Json + case ".spdx": + reportFunc = report.Spdx default: reportFunc = report.Json } diff --git a/cli/out.spdx b/cli/out.spdx new file mode 100644 index 0000000..007a806 --- /dev/null +++ b/cli/out.spdx @@ -0,0 +1,1148 @@ +SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: C:\Users\Xmirror\Desktop\example\test\php-test +DocumentNamespace: +Creator: +Created: 2022-06-22T08:31:34Z + + +##### Package representing the C:\Users\Xmirror\Desktop\example\test\php-test + +PackageName: C:\Users\Xmirror\Desktop\example\test\php-test +SPDXID: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test + +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the guzzlehttp/guzzle + +PackageName: guzzlehttp/guzzle +SPDXID: SPDXRef-Package-guzzlehttp.guzzle +PackageVersion: 7.4.3 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the laravel/framework + +PackageName: laravel/framework +SPDXID: SPDXRef-Package-laravel.framework +PackageVersion: v9.16.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the laravel/sanctum + +PackageName: laravel/sanctum +SPDXID: SPDXRef-Package-laravel.sanctum-v2.15.1 +PackageVersion: v2.15.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the laravel/tinker + +PackageName: laravel/tinker +SPDXID: SPDXRef-Package-laravel.tinker +PackageVersion: v2.7.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the guzzlehttp/promises + +PackageName: guzzlehttp/promises +SPDXID: SPDXRef-Package-guzzlehttp.promises-1.5.1 +PackageVersion: 1.5.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the guzzlehttp/psr7 + +PackageName: guzzlehttp/psr7 +SPDXID: SPDXRef-Package-guzzlehttp.psr7 +PackageVersion: 2.2.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/http-client + +PackageName: psr/http-client +SPDXID: SPDXRef-Package-psr.http-client-1.0.1 +PackageVersion: 1.0.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/deprecation-contracts + +PackageName: symfony/deprecation-contracts +SPDXID: SPDXRef-Package-symfony.deprecation-contracts-v3.1.0 +PackageVersion: v3.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the doctrine/inflector + +PackageName: doctrine/inflector +SPDXID: SPDXRef-Package-doctrine.inflector-2.0.4 +PackageVersion: 2.0.4 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the dragonmantank/cron-expression + +PackageName: dragonmantank/cron-expression +SPDXID: SPDXRef-Package-dragonmantank.cron-expression +PackageVersion: v3.3.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the egulias/email-validator + +PackageName: egulias/email-validator +SPDXID: SPDXRef-Package-egulias.email-validator +PackageVersion: 3.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the fruitcake/php-cors + +PackageName: fruitcake/php-cors +SPDXID: SPDXRef-Package-fruitcake.php-cors-v1.2.0 +PackageVersion: v1.2.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the laravel/serializable-closure + +PackageName: laravel/serializable-closure +SPDXID: SPDXRef-Package-laravel.serializable-closure-v1.2.0 +PackageVersion: v1.2.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the league/commonmark + +PackageName: league/commonmark +SPDXID: SPDXRef-Package-league.commonmark +PackageVersion: 2.3.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the league/flysystem + +PackageName: league/flysystem +SPDXID: SPDXRef-Package-league.flysystem +PackageVersion: 3.0.20 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the monolog/monolog + +PackageName: monolog/monolog +SPDXID: SPDXRef-Package-monolog.monolog-2.6.0 +PackageVersion: 2.6.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the nesbot/carbon + +PackageName: nesbot/carbon +SPDXID: SPDXRef-Package-nesbot.carbon +PackageVersion: 2.58.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/container + +PackageName: psr/container +SPDXID: SPDXRef-Package-psr.container-2.0.2 +PackageVersion: 2.0.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/log + +PackageName: psr/log +SPDXID: SPDXRef-Package-psr.log-3.0.0 +PackageVersion: 3.0.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/simple-cache + +PackageName: psr/simple-cache +SPDXID: SPDXRef-Package-psr.simple-cache-3.0.0 +PackageVersion: 3.0.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the ramsey/uuid + +PackageName: ramsey/uuid +SPDXID: SPDXRef-Package-ramsey.uuid +PackageVersion: 4.3.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/console + +PackageName: symfony/console +SPDXID: SPDXRef-Package-symfony.console +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/error-handler + +PackageName: symfony/error-handler +SPDXID: SPDXRef-Package-symfony.error-handler-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/finder + +PackageName: symfony/finder +SPDXID: SPDXRef-Package-symfony.finder-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/http-foundation + +PackageName: symfony/http-foundation +SPDXID: SPDXRef-Package-symfony.http-foundation-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/http-kernel + +PackageName: symfony/http-kernel +SPDXID: SPDXRef-Package-symfony.http-kernel +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/mailer + +PackageName: symfony/mailer +SPDXID: SPDXRef-Package-symfony.mailer-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/mime + +PackageName: symfony/mime +SPDXID: SPDXRef-Package-symfony.mime-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/process + +PackageName: symfony/process +SPDXID: SPDXRef-Package-symfony.process-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/routing + +PackageName: symfony/routing +SPDXID: SPDXRef-Package-symfony.routing-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/var-dumper + +PackageName: symfony/var-dumper +SPDXID: SPDXRef-Package-symfony.var-dumper-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the tijsverkoyen/css-to-inline-styles + +PackageName: tijsverkoyen/css-to-inline-styles +SPDXID: SPDXRef-Package-tijsverkoyen.css-to-inline-styles +PackageVersion: 2.2.4 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the vlucas/phpdotenv + +PackageName: vlucas/phpdotenv +SPDXID: SPDXRef-Package-vlucas.phpdotenv +PackageVersion: v5.4.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the voku/portable-ascii + +PackageName: voku/portable-ascii +SPDXID: SPDXRef-Package-voku.portable-ascii-2.0.1 +PackageVersion: 2.0.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psy/psysh + +PackageName: psy/psysh +SPDXID: SPDXRef-Package-psy.psysh +PackageVersion: v0.11.5 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/http-factory + +PackageName: psr/http-factory +SPDXID: SPDXRef-Package-psr.http-factory-1.0.1 +PackageVersion: 1.0.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/http-message + +PackageName: psr/http-message +SPDXID: SPDXRef-Package-psr.http-message-1.0.1 +PackageVersion: 1.0.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the ralouphie/getallheaders + +PackageName: ralouphie/getallheaders +SPDXID: SPDXRef-Package-ralouphie.getallheaders-3.0.3 +PackageVersion: 3.0.3 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the webmozart/assert + +PackageName: webmozart/assert +SPDXID: SPDXRef-Package-webmozart.assert-1.11.0 +PackageVersion: 1.11.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the doctrine/lexer + +PackageName: doctrine/lexer +SPDXID: SPDXRef-Package-doctrine.lexer-1.2.3 +PackageVersion: 1.2.3 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-intl-idn + +PackageName: symfony/polyfill-intl-idn +SPDXID: SPDXRef-Package-symfony.polyfill-intl-idn +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the league/config + +PackageName: league/config +SPDXID: SPDXRef-Package-league.config +PackageVersion: v1.1.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the psr/event-dispatcher + +PackageName: psr/event-dispatcher +SPDXID: SPDXRef-Package-psr.event-dispatcher-1.0.0 +PackageVersion: 1.0.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-php80 + +PackageName: symfony/polyfill-php80 +SPDXID: SPDXRef-Package-symfony.polyfill-php80-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the league/mime-type-detection + +PackageName: league/mime-type-detection +SPDXID: SPDXRef-Package-league.mime-type-detection-1.11.0 +PackageVersion: 1.11.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-mbstring + +PackageName: symfony/polyfill-mbstring +SPDXID: SPDXRef-Package-symfony.polyfill-mbstring-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/translation + +PackageName: symfony/translation +SPDXID: SPDXRef-Package-symfony.translation +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the brick/math + +PackageName: brick/math +SPDXID: SPDXRef-Package-brick.math-0.9.3 +PackageVersion: 0.9.3 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the ramsey/collection + +PackageName: ramsey/collection +SPDXID: SPDXRef-Package-ramsey.collection +PackageVersion: 1.2.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/service-contracts + +PackageName: symfony/service-contracts +SPDXID: SPDXRef-Package-symfony.service-contracts-v3.1.0 +PackageVersion: v3.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/string + +PackageName: symfony/string +SPDXID: SPDXRef-Package-symfony.string +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/event-dispatcher + +PackageName: symfony/event-dispatcher +SPDXID: SPDXRef-Package-symfony.event-dispatcher +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-ctype + +PackageName: symfony/polyfill-ctype +SPDXID: SPDXRef-Package-symfony.polyfill-ctype-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/css-selector + +PackageName: symfony/css-selector +SPDXID: SPDXRef-Package-symfony.css-selector-v6.1.0 +PackageVersion: v6.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the graham-campbell/result-type + +PackageName: graham-campbell/result-type +SPDXID: SPDXRef-Package-graham-campbell.result-type-v1.0.4 +PackageVersion: v1.0.4 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the phpoption/phpoption + +PackageName: phpoption/phpoption +SPDXID: SPDXRef-Package-phpoption.phpoption-1.8.1 +PackageVersion: 1.8.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the nikic/php-parser + +PackageName: nikic/php-parser +SPDXID: SPDXRef-Package-nikic.php-parser-v4.14.0 +PackageVersion: v4.14.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-intl-normalizer + +PackageName: symfony/polyfill-intl-normalizer +SPDXID: SPDXRef-Package-symfony.polyfill-intl-normalizer-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-php72 + +PackageName: symfony/polyfill-php72 +SPDXID: SPDXRef-Package-symfony.polyfill-php72-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the dflydev/dot-access-data + +PackageName: dflydev/dot-access-data +SPDXID: SPDXRef-Package-dflydev.dot-access-data-v3.0.1 +PackageVersion: v3.0.1 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the nette/schema + +PackageName: nette/schema +SPDXID: SPDXRef-Package-nette.schema +PackageVersion: v1.2.2 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/translation-contracts + +PackageName: symfony/translation-contracts +SPDXID: SPDXRef-Package-symfony.translation-contracts-v3.1.0 +PackageVersion: v3.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-php81 + +PackageName: symfony/polyfill-php81 +SPDXID: SPDXRef-Package-symfony.polyfill-php81-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/polyfill-intl-grapheme + +PackageName: symfony/polyfill-intl-grapheme +SPDXID: SPDXRef-Package-symfony.polyfill-intl-grapheme-v1.26.0 +PackageVersion: v1.26.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the symfony/event-dispatcher-contracts + +PackageName: symfony/event-dispatcher-contracts +SPDXID: SPDXRef-Package-symfony.event-dispatcher-contracts-v3.1.0 +PackageVersion: v3.1.0 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +##### Package representing the nette/utils + +PackageName: nette/utils +SPDXID: SPDXRef-Package-nette.utils-v3.2.7 +PackageVersion: v3.2.7 +PackageSupplier: +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +PackageChecksum: : +PackageHomePage: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageLicenseComments: NOASSERTION +PackageComment: NOASSERTION + +Relationship: SPDXRef-DOCUMENT DESCRIBES C:\Users\Xmirror\Desktop\example\test\php-test +Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-guzzlehttp.guzzle +Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.framework +Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.sanctum-v2.15.1 +Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.tinker +Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-guzzlehttp.promises-1.5.1 +Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-guzzlehttp.psr7 +Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-psr.http-client-1.0.1 +Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-symfony.deprecation-contracts-v3.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-doctrine.inflector-2.0.4 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-dragonmantank.cron-expression +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-egulias.email-validator +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-fruitcake.php-cors-v1.2.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-laravel.serializable-closure-v1.2.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-league.commonmark +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-league.flysystem +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-monolog.monolog-2.6.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-nesbot.carbon +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.container-2.0.2 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.log-3.0.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.simple-cache-3.0.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-ramsey.uuid +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.console +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.error-handler-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.finder-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.http-foundation-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.http-kernel +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.mailer-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.mime-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.process-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.routing-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.var-dumper-v6.1.0 +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-tijsverkoyen.css-to-inline-styles +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-vlucas.phpdotenv +Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-voku.portable-ascii-2.0.1 +Relationship: SPDXRef-Package-laravel.tinker DEPENDS_ON SPDXRef-Package-psy.psysh +Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-psr.http-factory-1.0.1 +Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-psr.http-message-1.0.1 +Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-ralouphie.getallheaders-3.0.3 +Relationship: SPDXRef-Package-dragonmantank.cron-expression DEPENDS_ON SPDXRef-Package-webmozart.assert-1.11.0 +Relationship: SPDXRef-Package-egulias.email-validator DEPENDS_ON SPDXRef-Package-doctrine.lexer-1.2.3 +Relationship: SPDXRef-Package-egulias.email-validator DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-idn +Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-league.config +Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-psr.event-dispatcher-1.0.0 +Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-symfony.polyfill-php80-v1.26.0 +Relationship: SPDXRef-Package-league.flysystem DEPENDS_ON SPDXRef-Package-league.mime-type-detection-1.11.0 +Relationship: SPDXRef-Package-nesbot.carbon DEPENDS_ON SPDXRef-Package-symfony.polyfill-mbstring-v1.26.0 +Relationship: SPDXRef-Package-nesbot.carbon DEPENDS_ON SPDXRef-Package-symfony.translation +Relationship: SPDXRef-Package-ramsey.uuid DEPENDS_ON SPDXRef-Package-brick.math-0.9.3 +Relationship: SPDXRef-Package-ramsey.uuid DEPENDS_ON SPDXRef-Package-ramsey.collection +Relationship: SPDXRef-Package-symfony.console DEPENDS_ON SPDXRef-Package-symfony.service-contracts-v3.1.0 +Relationship: SPDXRef-Package-symfony.console DEPENDS_ON SPDXRef-Package-symfony.string +Relationship: SPDXRef-Package-symfony.http-kernel DEPENDS_ON SPDXRef-Package-symfony.event-dispatcher +Relationship: SPDXRef-Package-symfony.http-kernel DEPENDS_ON SPDXRef-Package-symfony.polyfill-ctype-v1.26.0 +Relationship: SPDXRef-Package-tijsverkoyen.css-to-inline-styles DEPENDS_ON SPDXRef-Package-symfony.css-selector-v6.1.0 +Relationship: SPDXRef-Package-vlucas.phpdotenv DEPENDS_ON SPDXRef-Package-graham-campbell.result-type-v1.0.4 +Relationship: SPDXRef-Package-vlucas.phpdotenv DEPENDS_ON SPDXRef-Package-phpoption.phpoption-1.8.1 +Relationship: SPDXRef-Package-psy.psysh DEPENDS_ON SPDXRef-Package-nikic.php-parser-v4.14.0 +Relationship: SPDXRef-Package-symfony.polyfill-intl-idn DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-normalizer-v1.26.0 +Relationship: SPDXRef-Package-symfony.polyfill-intl-idn DEPENDS_ON SPDXRef-Package-symfony.polyfill-php72-v1.26.0 +Relationship: SPDXRef-Package-league.config DEPENDS_ON SPDXRef-Package-dflydev.dot-access-data-v3.0.1 +Relationship: SPDXRef-Package-league.config DEPENDS_ON SPDXRef-Package-nette.schema +Relationship: SPDXRef-Package-symfony.translation DEPENDS_ON SPDXRef-Package-symfony.translation-contracts-v3.1.0 +Relationship: SPDXRef-Package-ramsey.collection DEPENDS_ON SPDXRef-Package-symfony.polyfill-php81-v1.26.0 +Relationship: SPDXRef-Package-symfony.string DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-grapheme-v1.26.0 +Relationship: SPDXRef-Package-symfony.event-dispatcher DEPENDS_ON SPDXRef-Package-symfony.event-dispatcher-contracts-v3.1.0 +Relationship: SPDXRef-Package-nette.schema DEPENDS_ON SPDXRef-Package-nette.utils-v3.2.7 \ No newline at end of file diff --git a/util/report/spdx.go b/util/report/spdx.go new file mode 100644 index 0000000..385469e --- /dev/null +++ b/util/report/spdx.go @@ -0,0 +1,129 @@ +package report + +import ( + "bytes" + "fmt" + "path" + "strings" + "text/template" + "time" + "util/logs" + "util/model" +) + +// 记录节点名与pacakge的对应关系 +var nodePkg = make(map[*model.DepTree]Package) + +func init() { + replacers := []string{"/", ".", "_", "-"} + replacer = strings.NewReplacer(replacers...) +} +func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { + format(dep) + doc := buildDocument(dep, taskInfo) + addPkgToDoc(dep, doc) + addRelation(dep, doc) + tmpl := template.New("tagValue") + tmpl, err := tmpl.Parse(T) + + if err != nil { + logs.Warn(err) + } + templateBuffer := new(bytes.Buffer) + err = tmpl.Execute(templateBuffer, doc) + if err != nil { + logs.Warn(err) + } + return templateBuffer.Bytes() +} + +// 为document添加relationship字段 +func addRelation(dep *model.DepTree, doc *Document) { + doc.Relationships = append(doc.Relationships, Relationship{ + SPDXElementID: "SPDXRef-DOCUMENT", + RelatedSPDXElement: doc.DocumentName, + RelationshipType: "DESCRIBES", + }) + q := []*model.DepTree{dep} + for len(q) > 0 { + n := q[0] + if pkg, ok := nodePkg[n]; ok { + if !pkg.RootPackage { + q = append(q[1:], n.Children...) + continue + } + for _, sub := range n.Children { + if subpkg, ok := nodePkg[sub]; ok { + doc.Relationships = append(doc.Relationships, Relationship{ + SPDXElementID: pkg.SPDXID, + RelatedSPDXElement: subpkg.SPDXID, + RelationshipType: "DEPENDS_ON", + }) + } + } + } + q = append(q[1:], n.Children...) + } +} + +// 为document添加packages字段 +func addPkgToDoc(root *model.DepTree, doc *Document) { + if root.Name == "" { + root.Name = doc.DocumentName + } + q := []*model.DepTree{root} + for len(q) > 0 { + n := q[0] + q = append(q[1:], n.Children...) + doc.Packages = append(doc.Packages, buildPkg(n)) + } +} + +// 构建package +func buildPkg(dep *model.DepTree) Package { + pkg := Package{ + PackageName: dep.Name, + SPDXID: "NOASSERTION", + PackageVersion: dep.VersionStr, + PackageSupplier: dep.Vendor, + PackageDownloadLocation: "NOASSERTION", + FilesAnalyzed: false, + PackageChecksums: []PackageChecksum{{}}, + PackageHomePage: "NOASSERTION", + PackageLicenseConcluded: "NOASSERTION", + PackageLicenseDeclared: "NOASSERTION", + PackageCopyrightText: "NOASSERTION", + PackageLicenseComments: "NOASSERTION", + PackageComment: "NOASSERTION", + RootPackage: len(dep.Children) > 0, + } + pkg.SPDXID = setPkgSPDXID(dep.Name, dep.VersionStr, pkg.RootPackage) + nodePkg[dep] = pkg + return pkg +} + +// 初始化Document +func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { + return &Document{ + SPDXVersion: "SPDX-2.2", + DataLicense: "CC0-1.0", + SPDXID: "SPDXRef-DOCUMENT", + DocumentName: path.Base(taskInfo.AppName), + DocumentNamespace: "", + CreationInfo: CreationInfo{ + Creators: []string{}, + Created: time.Now().UTC().Format(time.RFC3339), + }, + Packages: []Package{}, + Relationships: []Relationship{}, + ExtractedLicensingInfos: []ExtractedLicensingInfo{}, + } +} + +// 设置package的SPDXID +func setPkgSPDXID(s, v string, flag bool) string { + if flag { + return fmt.Sprintf("SPDXRef-Package-%s", replacer.Replace(s)) + } + return fmt.Sprintf("SPDXRef-Package-%s-%s", replacer.Replace(s), v) +} diff --git a/util/report/spdx_type.go b/util/report/spdx_type.go new file mode 100644 index 0000000..aa2c97f --- /dev/null +++ b/util/report/spdx_type.go @@ -0,0 +1,101 @@ +package report + +import "strings" + +var replacer *strings.Replacer + +type HashAlgorithm string +type Package struct { + PackageName string `json:"name,omitempty"` + SPDXID string `json:"SPDXID,omitempty"` + PackageVersion string `json:"versionInfo,omitempty"` + PackageSupplier string `json:"supplier,omitempty"` + PackageDownloadLocation string `json:"downloadLocation,omitempty"` + FilesAnalyzed bool `json:"filesAnalyzed"` + PackageChecksums []PackageChecksum `json:"checksums"` + PackageHomePage string `json:"homepage,omitempty"` + PackageLicenseConcluded string `json:"licenseConcluded,omitempty"` + PackageLicenseDeclared string `json:"licenseDeclared,omitempty"` + PackageCopyrightText string `json:"copyrightText,omitempty"` + PackageLicenseComments string `json:"licenseComments,omitempty"` + PackageComment string `json:"comment,omitempty"` + RootPackage bool `json:"-"` +} + +type Document struct { + SPDXVersion string `json:"spdxVersion,omitempty"` + DataLicense string `json:"dataLicense,omitempty"` + SPDXID string `json:"SPDXID,omitempty"` + DocumentName string `json:"name,omitempty"` + DocumentNamespace string `json:"documentNamespace,omitempty"` + CreationInfo CreationInfo `json:"creationInfo,omitempty"` + Packages []Package `json:"packages,omitempty"` + Relationships []Relationship `json:"relationships,omitempty"` + ExtractedLicensingInfos []ExtractedLicensingInfo `json:"hasExtractedLicensingInfos,omitempty"` +} + +type CreationInfo struct { + Comment string `json:"comment,omitempty"` + Created string `json:"created,omitempty"` + Creators []string `json:"creators,omitempty"` + LicenceListVersion string `json:"licenseListVersion,omitempty"` +} + +type Relationship struct { + SPDXElementID string `json:"spdxElementId,omitempty"` + RelatedSPDXElement string `json:"relatedSpdxElement,omitempty"` + RelationshipType string `json:"relationshipType,omitempty"` +} +type ExtractedLicensingInfo struct { + LicenseID string `json:"licenseId,omitempty"` + ExtractedText string `json:"extractedText,omitempty"` + LicenseName string `json:"name,omitempty"` + LicenseComment string `json:"comment,omitempty"` +} +type PackageChecksum struct { + Algorithm HashAlgorithm `json:"algorithm"` + Value string `json:"checksumValue"` +} + +const T = `SPDXVersion: {{ .SPDXVersion }} +DataLicense: {{ .DataLicense }} +SPDXID: {{ .SPDXID }} +DocumentName: {{ .DocumentName }} +DocumentNamespace: {{ .DocumentNamespace }} +Creator: {{ range .CreationInfo.Creators }}{{ . -}} {{ end }} +Created: {{ .CreationInfo.Created }} + +{{ range .Packages }} +##### Package representing the {{.PackageName}} + +PackageName: {{ .PackageName }} +SPDXID: {{ .SPDXID }} +{{ with .PackageVersion -}} +PackageVersion: {{ . }} +{{- end }} +PackageSupplier: {{ .PackageSupplier }} +PackageDownloadLocation: {{ .PackageDownloadLocation }} +FilesAnalyzed: {{ .FilesAnalyzed }} +{{- range .PackageChecksums }} +PackageChecksum: {{ .Algorithm }}: {{ .Value }} +{{- end }} +PackageHomePage: {{ .PackageHomePage }} +PackageLicenseConcluded: {{ .PackageLicenseConcluded }} +PackageLicenseDeclared: {{ .PackageLicenseDeclared }} +PackageCopyrightText: {{ .PackageCopyrightText }} +PackageLicenseComments: {{ .PackageLicenseComments }} +PackageComment: {{ .PackageComment }} +{{ end }} +{{- range .Relationships }} +Relationship: {{ .SPDXElementID }} {{ .RelationshipType }} {{ .RelatedSPDXElement }} +{{- end }} + +{{- with .ExtractedLicensingInfos -}} +##### Non-standard license +{{ range . }} +LicenseID: {{ .LicenseID }} +ExtractedText: {{ .ExtractedText }} +LicenseName: {{ .LicenseName }} +LicenseComment: {{ .LicenseComment }} +{{- end -}} +{{- end -}}` -- Gitee From 922a0cc0e09f7c802e925fb9482dc98f3abee5bf Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 23 Jun 2022 11:44:21 +0800 Subject: [PATCH 02/10] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=B7=AF=E5=BE=84?= =?UTF-8?q?=E5=88=86=E9=9A=94=E7=AC=A6=E6=9B=BF=E6=8D=A2=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cli/out.spdx | 1148 ------------------------------------------- util/report/spdx.go | 2 +- 2 files changed, 1 insertion(+), 1149 deletions(-) delete mode 100644 cli/out.spdx diff --git a/cli/out.spdx b/cli/out.spdx deleted file mode 100644 index 007a806..0000000 --- a/cli/out.spdx +++ /dev/null @@ -1,1148 +0,0 @@ -SPDXVersion: SPDX-2.2 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: C:\Users\Xmirror\Desktop\example\test\php-test -DocumentNamespace: -Creator: -Created: 2022-06-22T08:31:34Z - - -##### Package representing the C:\Users\Xmirror\Desktop\example\test\php-test - -PackageName: C:\Users\Xmirror\Desktop\example\test\php-test -SPDXID: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test - -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the guzzlehttp/guzzle - -PackageName: guzzlehttp/guzzle -SPDXID: SPDXRef-Package-guzzlehttp.guzzle -PackageVersion: 7.4.3 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the laravel/framework - -PackageName: laravel/framework -SPDXID: SPDXRef-Package-laravel.framework -PackageVersion: v9.16.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the laravel/sanctum - -PackageName: laravel/sanctum -SPDXID: SPDXRef-Package-laravel.sanctum-v2.15.1 -PackageVersion: v2.15.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the laravel/tinker - -PackageName: laravel/tinker -SPDXID: SPDXRef-Package-laravel.tinker -PackageVersion: v2.7.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the guzzlehttp/promises - -PackageName: guzzlehttp/promises -SPDXID: SPDXRef-Package-guzzlehttp.promises-1.5.1 -PackageVersion: 1.5.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the guzzlehttp/psr7 - -PackageName: guzzlehttp/psr7 -SPDXID: SPDXRef-Package-guzzlehttp.psr7 -PackageVersion: 2.2.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/http-client - -PackageName: psr/http-client -SPDXID: SPDXRef-Package-psr.http-client-1.0.1 -PackageVersion: 1.0.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/deprecation-contracts - -PackageName: symfony/deprecation-contracts -SPDXID: SPDXRef-Package-symfony.deprecation-contracts-v3.1.0 -PackageVersion: v3.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the doctrine/inflector - -PackageName: doctrine/inflector -SPDXID: SPDXRef-Package-doctrine.inflector-2.0.4 -PackageVersion: 2.0.4 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the dragonmantank/cron-expression - -PackageName: dragonmantank/cron-expression -SPDXID: SPDXRef-Package-dragonmantank.cron-expression -PackageVersion: v3.3.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the egulias/email-validator - -PackageName: egulias/email-validator -SPDXID: SPDXRef-Package-egulias.email-validator -PackageVersion: 3.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the fruitcake/php-cors - -PackageName: fruitcake/php-cors -SPDXID: SPDXRef-Package-fruitcake.php-cors-v1.2.0 -PackageVersion: v1.2.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the laravel/serializable-closure - -PackageName: laravel/serializable-closure -SPDXID: SPDXRef-Package-laravel.serializable-closure-v1.2.0 -PackageVersion: v1.2.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the league/commonmark - -PackageName: league/commonmark -SPDXID: SPDXRef-Package-league.commonmark -PackageVersion: 2.3.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the league/flysystem - -PackageName: league/flysystem -SPDXID: SPDXRef-Package-league.flysystem -PackageVersion: 3.0.20 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the monolog/monolog - -PackageName: monolog/monolog -SPDXID: SPDXRef-Package-monolog.monolog-2.6.0 -PackageVersion: 2.6.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the nesbot/carbon - -PackageName: nesbot/carbon -SPDXID: SPDXRef-Package-nesbot.carbon -PackageVersion: 2.58.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/container - -PackageName: psr/container -SPDXID: SPDXRef-Package-psr.container-2.0.2 -PackageVersion: 2.0.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/log - -PackageName: psr/log -SPDXID: SPDXRef-Package-psr.log-3.0.0 -PackageVersion: 3.0.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/simple-cache - -PackageName: psr/simple-cache -SPDXID: SPDXRef-Package-psr.simple-cache-3.0.0 -PackageVersion: 3.0.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the ramsey/uuid - -PackageName: ramsey/uuid -SPDXID: SPDXRef-Package-ramsey.uuid -PackageVersion: 4.3.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/console - -PackageName: symfony/console -SPDXID: SPDXRef-Package-symfony.console -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/error-handler - -PackageName: symfony/error-handler -SPDXID: SPDXRef-Package-symfony.error-handler-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/finder - -PackageName: symfony/finder -SPDXID: SPDXRef-Package-symfony.finder-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/http-foundation - -PackageName: symfony/http-foundation -SPDXID: SPDXRef-Package-symfony.http-foundation-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/http-kernel - -PackageName: symfony/http-kernel -SPDXID: SPDXRef-Package-symfony.http-kernel -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/mailer - -PackageName: symfony/mailer -SPDXID: SPDXRef-Package-symfony.mailer-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/mime - -PackageName: symfony/mime -SPDXID: SPDXRef-Package-symfony.mime-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/process - -PackageName: symfony/process -SPDXID: SPDXRef-Package-symfony.process-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/routing - -PackageName: symfony/routing -SPDXID: SPDXRef-Package-symfony.routing-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/var-dumper - -PackageName: symfony/var-dumper -SPDXID: SPDXRef-Package-symfony.var-dumper-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the tijsverkoyen/css-to-inline-styles - -PackageName: tijsverkoyen/css-to-inline-styles -SPDXID: SPDXRef-Package-tijsverkoyen.css-to-inline-styles -PackageVersion: 2.2.4 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the vlucas/phpdotenv - -PackageName: vlucas/phpdotenv -SPDXID: SPDXRef-Package-vlucas.phpdotenv -PackageVersion: v5.4.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the voku/portable-ascii - -PackageName: voku/portable-ascii -SPDXID: SPDXRef-Package-voku.portable-ascii-2.0.1 -PackageVersion: 2.0.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psy/psysh - -PackageName: psy/psysh -SPDXID: SPDXRef-Package-psy.psysh -PackageVersion: v0.11.5 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/http-factory - -PackageName: psr/http-factory -SPDXID: SPDXRef-Package-psr.http-factory-1.0.1 -PackageVersion: 1.0.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/http-message - -PackageName: psr/http-message -SPDXID: SPDXRef-Package-psr.http-message-1.0.1 -PackageVersion: 1.0.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the ralouphie/getallheaders - -PackageName: ralouphie/getallheaders -SPDXID: SPDXRef-Package-ralouphie.getallheaders-3.0.3 -PackageVersion: 3.0.3 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the webmozart/assert - -PackageName: webmozart/assert -SPDXID: SPDXRef-Package-webmozart.assert-1.11.0 -PackageVersion: 1.11.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the doctrine/lexer - -PackageName: doctrine/lexer -SPDXID: SPDXRef-Package-doctrine.lexer-1.2.3 -PackageVersion: 1.2.3 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-intl-idn - -PackageName: symfony/polyfill-intl-idn -SPDXID: SPDXRef-Package-symfony.polyfill-intl-idn -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the league/config - -PackageName: league/config -SPDXID: SPDXRef-Package-league.config -PackageVersion: v1.1.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the psr/event-dispatcher - -PackageName: psr/event-dispatcher -SPDXID: SPDXRef-Package-psr.event-dispatcher-1.0.0 -PackageVersion: 1.0.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-php80 - -PackageName: symfony/polyfill-php80 -SPDXID: SPDXRef-Package-symfony.polyfill-php80-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the league/mime-type-detection - -PackageName: league/mime-type-detection -SPDXID: SPDXRef-Package-league.mime-type-detection-1.11.0 -PackageVersion: 1.11.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-mbstring - -PackageName: symfony/polyfill-mbstring -SPDXID: SPDXRef-Package-symfony.polyfill-mbstring-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/translation - -PackageName: symfony/translation -SPDXID: SPDXRef-Package-symfony.translation -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the brick/math - -PackageName: brick/math -SPDXID: SPDXRef-Package-brick.math-0.9.3 -PackageVersion: 0.9.3 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the ramsey/collection - -PackageName: ramsey/collection -SPDXID: SPDXRef-Package-ramsey.collection -PackageVersion: 1.2.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/service-contracts - -PackageName: symfony/service-contracts -SPDXID: SPDXRef-Package-symfony.service-contracts-v3.1.0 -PackageVersion: v3.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/string - -PackageName: symfony/string -SPDXID: SPDXRef-Package-symfony.string -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/event-dispatcher - -PackageName: symfony/event-dispatcher -SPDXID: SPDXRef-Package-symfony.event-dispatcher -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-ctype - -PackageName: symfony/polyfill-ctype -SPDXID: SPDXRef-Package-symfony.polyfill-ctype-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/css-selector - -PackageName: symfony/css-selector -SPDXID: SPDXRef-Package-symfony.css-selector-v6.1.0 -PackageVersion: v6.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the graham-campbell/result-type - -PackageName: graham-campbell/result-type -SPDXID: SPDXRef-Package-graham-campbell.result-type-v1.0.4 -PackageVersion: v1.0.4 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the phpoption/phpoption - -PackageName: phpoption/phpoption -SPDXID: SPDXRef-Package-phpoption.phpoption-1.8.1 -PackageVersion: 1.8.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the nikic/php-parser - -PackageName: nikic/php-parser -SPDXID: SPDXRef-Package-nikic.php-parser-v4.14.0 -PackageVersion: v4.14.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-intl-normalizer - -PackageName: symfony/polyfill-intl-normalizer -SPDXID: SPDXRef-Package-symfony.polyfill-intl-normalizer-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-php72 - -PackageName: symfony/polyfill-php72 -SPDXID: SPDXRef-Package-symfony.polyfill-php72-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the dflydev/dot-access-data - -PackageName: dflydev/dot-access-data -SPDXID: SPDXRef-Package-dflydev.dot-access-data-v3.0.1 -PackageVersion: v3.0.1 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the nette/schema - -PackageName: nette/schema -SPDXID: SPDXRef-Package-nette.schema -PackageVersion: v1.2.2 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/translation-contracts - -PackageName: symfony/translation-contracts -SPDXID: SPDXRef-Package-symfony.translation-contracts-v3.1.0 -PackageVersion: v3.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-php81 - -PackageName: symfony/polyfill-php81 -SPDXID: SPDXRef-Package-symfony.polyfill-php81-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/polyfill-intl-grapheme - -PackageName: symfony/polyfill-intl-grapheme -SPDXID: SPDXRef-Package-symfony.polyfill-intl-grapheme-v1.26.0 -PackageVersion: v1.26.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the symfony/event-dispatcher-contracts - -PackageName: symfony/event-dispatcher-contracts -SPDXID: SPDXRef-Package-symfony.event-dispatcher-contracts-v3.1.0 -PackageVersion: v3.1.0 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -##### Package representing the nette/utils - -PackageName: nette/utils -SPDXID: SPDXRef-Package-nette.utils-v3.2.7 -PackageVersion: v3.2.7 -PackageSupplier: -PackageDownloadLocation: NOASSERTION -FilesAnalyzed: false -PackageChecksum: : -PackageHomePage: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageLicenseComments: NOASSERTION -PackageComment: NOASSERTION - -Relationship: SPDXRef-DOCUMENT DESCRIBES C:\Users\Xmirror\Desktop\example\test\php-test -Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-guzzlehttp.guzzle -Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.framework -Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.sanctum-v2.15.1 -Relationship: SPDXRef-Package-C:\Users\Xmirror\Desktop\example\test\php-test DEPENDS_ON SPDXRef-Package-laravel.tinker -Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-guzzlehttp.promises-1.5.1 -Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-guzzlehttp.psr7 -Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-psr.http-client-1.0.1 -Relationship: SPDXRef-Package-guzzlehttp.guzzle DEPENDS_ON SPDXRef-Package-symfony.deprecation-contracts-v3.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-doctrine.inflector-2.0.4 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-dragonmantank.cron-expression -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-egulias.email-validator -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-fruitcake.php-cors-v1.2.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-laravel.serializable-closure-v1.2.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-league.commonmark -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-league.flysystem -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-monolog.monolog-2.6.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-nesbot.carbon -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.container-2.0.2 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.log-3.0.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-psr.simple-cache-3.0.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-ramsey.uuid -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.console -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.error-handler-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.finder-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.http-foundation-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.http-kernel -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.mailer-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.mime-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.process-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.routing-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-symfony.var-dumper-v6.1.0 -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-tijsverkoyen.css-to-inline-styles -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-vlucas.phpdotenv -Relationship: SPDXRef-Package-laravel.framework DEPENDS_ON SPDXRef-Package-voku.portable-ascii-2.0.1 -Relationship: SPDXRef-Package-laravel.tinker DEPENDS_ON SPDXRef-Package-psy.psysh -Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-psr.http-factory-1.0.1 -Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-psr.http-message-1.0.1 -Relationship: SPDXRef-Package-guzzlehttp.psr7 DEPENDS_ON SPDXRef-Package-ralouphie.getallheaders-3.0.3 -Relationship: SPDXRef-Package-dragonmantank.cron-expression DEPENDS_ON SPDXRef-Package-webmozart.assert-1.11.0 -Relationship: SPDXRef-Package-egulias.email-validator DEPENDS_ON SPDXRef-Package-doctrine.lexer-1.2.3 -Relationship: SPDXRef-Package-egulias.email-validator DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-idn -Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-league.config -Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-psr.event-dispatcher-1.0.0 -Relationship: SPDXRef-Package-league.commonmark DEPENDS_ON SPDXRef-Package-symfony.polyfill-php80-v1.26.0 -Relationship: SPDXRef-Package-league.flysystem DEPENDS_ON SPDXRef-Package-league.mime-type-detection-1.11.0 -Relationship: SPDXRef-Package-nesbot.carbon DEPENDS_ON SPDXRef-Package-symfony.polyfill-mbstring-v1.26.0 -Relationship: SPDXRef-Package-nesbot.carbon DEPENDS_ON SPDXRef-Package-symfony.translation -Relationship: SPDXRef-Package-ramsey.uuid DEPENDS_ON SPDXRef-Package-brick.math-0.9.3 -Relationship: SPDXRef-Package-ramsey.uuid DEPENDS_ON SPDXRef-Package-ramsey.collection -Relationship: SPDXRef-Package-symfony.console DEPENDS_ON SPDXRef-Package-symfony.service-contracts-v3.1.0 -Relationship: SPDXRef-Package-symfony.console DEPENDS_ON SPDXRef-Package-symfony.string -Relationship: SPDXRef-Package-symfony.http-kernel DEPENDS_ON SPDXRef-Package-symfony.event-dispatcher -Relationship: SPDXRef-Package-symfony.http-kernel DEPENDS_ON SPDXRef-Package-symfony.polyfill-ctype-v1.26.0 -Relationship: SPDXRef-Package-tijsverkoyen.css-to-inline-styles DEPENDS_ON SPDXRef-Package-symfony.css-selector-v6.1.0 -Relationship: SPDXRef-Package-vlucas.phpdotenv DEPENDS_ON SPDXRef-Package-graham-campbell.result-type-v1.0.4 -Relationship: SPDXRef-Package-vlucas.phpdotenv DEPENDS_ON SPDXRef-Package-phpoption.phpoption-1.8.1 -Relationship: SPDXRef-Package-psy.psysh DEPENDS_ON SPDXRef-Package-nikic.php-parser-v4.14.0 -Relationship: SPDXRef-Package-symfony.polyfill-intl-idn DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-normalizer-v1.26.0 -Relationship: SPDXRef-Package-symfony.polyfill-intl-idn DEPENDS_ON SPDXRef-Package-symfony.polyfill-php72-v1.26.0 -Relationship: SPDXRef-Package-league.config DEPENDS_ON SPDXRef-Package-dflydev.dot-access-data-v3.0.1 -Relationship: SPDXRef-Package-league.config DEPENDS_ON SPDXRef-Package-nette.schema -Relationship: SPDXRef-Package-symfony.translation DEPENDS_ON SPDXRef-Package-symfony.translation-contracts-v3.1.0 -Relationship: SPDXRef-Package-ramsey.collection DEPENDS_ON SPDXRef-Package-symfony.polyfill-php81-v1.26.0 -Relationship: SPDXRef-Package-symfony.string DEPENDS_ON SPDXRef-Package-symfony.polyfill-intl-grapheme-v1.26.0 -Relationship: SPDXRef-Package-symfony.event-dispatcher DEPENDS_ON SPDXRef-Package-symfony.event-dispatcher-contracts-v3.1.0 -Relationship: SPDXRef-Package-nette.schema DEPENDS_ON SPDXRef-Package-nette.utils-v3.2.7 \ No newline at end of file diff --git a/util/report/spdx.go b/util/report/spdx.go index 385469e..cddb1e4 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -15,7 +15,7 @@ import ( var nodePkg = make(map[*model.DepTree]Package) func init() { - replacers := []string{"/", ".", "_", "-"} + replacers := []string{"/", ".", "_", "-", `\`, "."} replacer = strings.NewReplacer(replacers...) } func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { -- Gitee From 5833ef6080cda3e5808f5454896c4f1e4a446303 Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Sat, 25 Jun 2022 14:40:23 +0800 Subject: [PATCH 03/10] =?UTF-8?q?=E6=B7=BB=E5=8A=A0license=E3=80=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9version=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- util/report/spdx.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/util/report/spdx.go b/util/report/spdx.go index cddb1e4..a3a14e2 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -81,27 +81,42 @@ func addPkgToDoc(root *model.DepTree, doc *Document) { // 构建package func buildPkg(dep *model.DepTree) Package { + lic := "" + for _, v := range dep.Licenses { + if lic == "" { + lic = v + continue + } + lic = lic + " & " + v + } pkg := Package{ PackageName: dep.Name, SPDXID: "NOASSERTION", - PackageVersion: dep.VersionStr, + PackageVersion: setVersion(dep), PackageSupplier: dep.Vendor, PackageDownloadLocation: "NOASSERTION", FilesAnalyzed: false, PackageChecksums: []PackageChecksum{{}}, PackageHomePage: "NOASSERTION", - PackageLicenseConcluded: "NOASSERTION", + PackageLicenseConcluded: lic, PackageLicenseDeclared: "NOASSERTION", PackageCopyrightText: "NOASSERTION", PackageLicenseComments: "NOASSERTION", PackageComment: "NOASSERTION", RootPackage: len(dep.Children) > 0, } - pkg.SPDXID = setPkgSPDXID(dep.Name, dep.VersionStr, pkg.RootPackage) + pkg.SPDXID = setPkgSPDXID(dep.Name, "v"+dep.VersionStr, pkg.RootPackage) nodePkg[dep] = pkg return pkg } +func setVersion(dep *model.DepTree) string { + if dep.VersionStr != "" { + return "v" + dep.VersionStr + } + return "" +} + // 初始化Document func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { return &Document{ -- Gitee From bae521a096f6c958efe6791ee44271729caf488d Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 7 Jul 2022 16:46:27 +0800 Subject: [PATCH 04/10] =?UTF-8?q?=E4=B8=BAspdx=E4=B8=AD=E6=B7=BB=E5=8A=A0h?= =?UTF-8?q?omepage=E7=AD=89=E5=AD=97=E6=AE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- analyzer/golang/gomod.go | 2 + analyzer/javascript/package_json.go | 30 +++++++++--- analyzer/javascript/package_lock.go | 2 +- analyzer/php/composer.go | 4 ++ analyzer/php/composer_lock.go | 13 +++-- util/model/dependency.go | 13 +++++ util/report/spdx.go | 73 +++++++++++++++++++---------- util/report/spdx_type.go | 72 ++++++++++++++-------------- 8 files changed, 137 insertions(+), 72 deletions(-) diff --git a/analyzer/golang/gomod.go b/analyzer/golang/gomod.go index 1191052..334bb6e 100644 --- a/analyzer/golang/gomod.go +++ b/analyzer/golang/gomod.go @@ -20,6 +20,7 @@ func parseGomod(dep *model.DepTree, file *model.FileInfo) { sub := model.NewDepTree(dep) sub.Name = strings.Trim(match[1], `'"`) sub.Version = model.NewVersion(match[2]) + sub.HomePage = "https://" + sub.Name } } @@ -40,6 +41,7 @@ func parseGosum(dep *model.DepTree, file *model.FileInfo) { sub := model.NewDepTree(dep) sub.Name = strings.Trim(match[1], `'"`) sub.Version = model.NewVersion(match[2]) + sub.HomePage = sub.Name exist[sub.Name] = struct{}{} } } diff --git a/analyzer/javascript/package_json.go b/analyzer/javascript/package_json.go index e5d2eed..5a98cf2 100644 --- a/analyzer/javascript/package_json.go +++ b/analyzer/javascript/package_json.go @@ -11,6 +11,7 @@ import ( "io/ioutil" "net/http" "sort" + "strings" "util/bar" "util/cache" "util/enum/language" @@ -22,11 +23,13 @@ import ( // package.json 文件结构 type PkgJson struct { - Name string `json:"name"` - Version string `json:"version"` - License string `json:"license"` - DevDeps map[string]string `json:"devDependencies"` - Deps map[string]string `json:"dependencies"` + Name string `json:"name"` + Version string `json:"version"` + License string `json:"license"` + DevDeps map[string]string `json:"devDependencies"` + Deps map[string]string `json:"dependencies"` + HomePage string `json:"homepage"` + Repository map[string]string `json:"repository,omitempty"` } // npm下载文件结构 @@ -41,13 +44,18 @@ func parsePackage(root *model.DepTree, file *model.FileInfo, simulation bool) (d pkg := PkgJson{} if err := json.Unmarshal(file.Data, &pkg); err != nil { logs.Error(err) - return } if pkg.Name != "" { root.Name = pkg.Name } - root.Version = model.NewVersion(pkg.Version) + if pkg.Version != "" { + root.Version = model.NewVersion(pkg.Version) + } root.AddLicense(pkg.License) + root.HomePage = pkg.HomePage + if l, ok := pkg.Repository["url"]; ok { + root.DownloadLocation = formatLocation(l) + } // 依赖列表map[name]version depMap := map[string]string{} for name, version := range pkg.DevDeps { @@ -91,6 +99,14 @@ func parsePackage(root *model.DepTree, file *model.FileInfo, simulation bool) (d } return } +func formatLocation(l string) string { + l = strings.ReplaceAll(l, ".git", "") + l = strings.ReplaceAll(l, "git+", "") + l = strings.ReplaceAll(l, "git@", "") + l = strings.ReplaceAll(l, "git:", "https:") + l = strings.ReplaceAll(l, "github.com:", "https://github.com/") + return l +} // npmSimulation 模拟npm获取详细依赖信息 func npmSimulation(dep *model.DepTree) (subDeps []*model.DepTree) { diff --git a/analyzer/javascript/package_lock.go b/analyzer/javascript/package_lock.go index 0a94058..564f21b 100644 --- a/analyzer/javascript/package_lock.go +++ b/analyzer/javascript/package_lock.go @@ -45,7 +45,7 @@ func parsePackageLock(root *model.DepTree, file *model.FileInfo, direct []string }{} if err := json.Unmarshal(file.Data, &lock); err != nil { logs.Error(err) - return + //return } if lock.Name != "" { root.Name = lock.Name diff --git a/analyzer/php/composer.go b/analyzer/php/composer.go index b1e55f9..447d709 100644 --- a/analyzer/php/composer.go +++ b/analyzer/php/composer.go @@ -26,6 +26,8 @@ type Composer struct { License string `json:"license"` Require map[string]string `json:"require"` RequireDev map[string]string `json:"require-dev"` + HomePage string `json:"homepage"` + Support map[string]string `json:"support"` } type ComposerRepo struct { @@ -47,6 +49,8 @@ func parseComposer(root *model.DepTree, file *model.FileInfo, simulation bool) ( if composer.Name != "" { root.Name = composer.Name } + root.HomePage = composer.HomePage + root.DownloadLocation = composer.Support["source"] // add license if composer.License != "" { root.AddLicense(composer.License) diff --git a/analyzer/php/composer_lock.go b/analyzer/php/composer_lock.go index e752f0f..e1beec6 100644 --- a/analyzer/php/composer_lock.go +++ b/analyzer/php/composer_lock.go @@ -8,6 +8,7 @@ package php import ( "encoding/json" "sort" + "strings" "util/logs" "util/model" ) @@ -15,9 +16,11 @@ import ( // composer.lock type ComposerLock struct { Pkgs []struct { - Name string `json:"name"` - Version string `json:"version"` - Require map[string]string `json:"require"` + Name string `json:"name"` + Version string `json:"version"` + Require map[string]string `json:"require"` + HomePage string `json:"homepage"` + Source map[string]string `json:"source"` } `json:"packages"` } @@ -26,7 +29,7 @@ func parseComposerLock(root *model.DepTree, file *model.FileInfo, direct []strin lock := ComposerLock{} if err := json.Unmarshal(file.Data, &lock); err != nil { logs.Error(err) - return + //return } // 记录尚无Parent的依赖 depMap := map[string]*model.DepTree{} @@ -37,6 +40,8 @@ func parseComposerLock(root *model.DepTree, file *model.FileInfo, direct []strin dep.Name = cps.Name dep.Version = model.NewVersion(cps.Version) dep.Expand = cps.Require + dep.HomePage = cps.HomePage + dep.DownloadLocation = strings.ReplaceAll(cps.Source["url"], ".git", "") depMap[cps.Name] = dep directMap[cps.Name] = dep } diff --git a/util/model/dependency.go b/util/model/dependency.go index cfcfede..b185997 100644 --- a/util/model/dependency.go +++ b/util/model/dependency.go @@ -86,10 +86,19 @@ type DepTree struct { // 许可证列表 licenseMap map[string]struct{} `json:"-"` Licenses []string `json:"licenses,omitempty"` + // spdx相关字段 + CopyrightText string `json:"copyrightText,omitempty"` + HomePage string `json:"homepage,omitempty"` + DownloadLocation string `json:"downloadlocation,omitempty"` + CheckSum string `json:"checksum,omitempty"` // 子组件 Children []*DepTree `json:"children,omitempty"` Expand interface{} `json:"-"` } +type CheckSum struct { + Algorithm string `json:"algorithm,omitempty"` + Value string `json:"value,omitempty"` +} // NewDepTree 创建DepTree func NewDepTree(parent *DepTree) *DepTree { @@ -103,6 +112,7 @@ func NewDepTree(parent *DepTree) *DepTree { Children: []*DepTree{}, licenseMap: map[string]struct{}{}, Licenses: []string{}, + CopyrightText: "", } if parent != nil { parent.Children = append(parent.Children, dep) @@ -124,6 +134,9 @@ func (dep *DepTree) Move(other *DepTree) { if other == nil { return } + if other.CopyrightText == "" { + other.CopyrightText = dep.CopyrightText + } // 从父节点中删除当前节点 if dep.Parent != nil { for i, child := range dep.Parent.Children { diff --git a/util/report/spdx.go b/util/report/spdx.go index a3a14e2..6ea1621 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -2,6 +2,8 @@ package report import ( "bytes" + "encoding/json" + "encoding/xml" "fmt" "path" "strings" @@ -32,10 +34,40 @@ func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { templateBuffer := new(bytes.Buffer) err = tmpl.Execute(templateBuffer, doc) if err != nil { - logs.Warn(err) + logs.Error(err) } return templateBuffer.Bytes() } +func SpdxJson(dep *model.DepTree, taskInfo TaskInfo) []byte { + format(dep) + doc := buildDocument(dep, taskInfo) + addPkgToDoc(dep, doc) + addRelation(dep, doc) + type D struct { + Document `json:"document"` + } + d := D{*doc} + res, err := json.Marshal(d.Document) + if err != nil { + logs.Error(err) + } + return res +} +func SpdxXml(dep *model.DepTree, taskInfo TaskInfo) []byte { + format(dep) + doc := buildDocument(dep, taskInfo) + addPkgToDoc(dep, doc) + addRelation(dep, doc) + type D struct { + Document `xml:"document"` + } + d := D{*doc} + res, err := xml.Marshal(d.Document) + if err != nil { + logs.Error(err) + } + return res +} // 为document添加relationship字段 func addRelation(dep *model.DepTree, doc *Document) { @@ -87,36 +119,29 @@ func buildPkg(dep *model.DepTree) Package { lic = v continue } - lic = lic + " & " + v + lic = lic + " OR " + v } pkg := Package{ - PackageName: dep.Name, - SPDXID: "NOASSERTION", - PackageVersion: setVersion(dep), - PackageSupplier: dep.Vendor, - PackageDownloadLocation: "NOASSERTION", - FilesAnalyzed: false, - PackageChecksums: []PackageChecksum{{}}, - PackageHomePage: "NOASSERTION", + PackageName: dep.Name, + SPDXID: "", + PackageVersion: dep.VersionStr, + PackageSupplier: dep.Vendor, + //PackageDownloadLocation: dep.DownloadLocation, + FilesAnalyzed: false, + //PackageChecksums: nil, + PackageHomePage: dep.HomePage, PackageLicenseConcluded: lic, - PackageLicenseDeclared: "NOASSERTION", - PackageCopyrightText: "NOASSERTION", - PackageLicenseComments: "NOASSERTION", - PackageComment: "NOASSERTION", - RootPackage: len(dep.Children) > 0, + //PackageLicenseDeclared: "", + PackageCopyrightText: dep.CopyrightText, + PackageLicenseComments: "", + //PackageComment: "", + RootPackage: len(dep.Children) > 0, } - pkg.SPDXID = setPkgSPDXID(dep.Name, "v"+dep.VersionStr, pkg.RootPackage) + pkg.SPDXID = setPkgSPDXID(dep.Name, dep.VersionStr, pkg.RootPackage) nodePkg[dep] = pkg return pkg } -func setVersion(dep *model.DepTree) string { - if dep.VersionStr != "" { - return "v" + dep.VersionStr - } - return "" -} - // 初始化Document func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { return &Document{ @@ -127,7 +152,7 @@ func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { DocumentNamespace: "", CreationInfo: CreationInfo{ Creators: []string{}, - Created: time.Now().UTC().Format(time.RFC3339), + Created: time.Now().Format("2006-01-02 15:04:05"), }, Packages: []Package{}, Relationships: []Relationship{}, diff --git a/util/report/spdx_type.go b/util/report/spdx_type.go index aa2c97f..68b1c75 100644 --- a/util/report/spdx_type.go +++ b/util/report/spdx_type.go @@ -6,55 +6,55 @@ var replacer *strings.Replacer type HashAlgorithm string type Package struct { - PackageName string `json:"name,omitempty"` - SPDXID string `json:"SPDXID,omitempty"` - PackageVersion string `json:"versionInfo,omitempty"` - PackageSupplier string `json:"supplier,omitempty"` - PackageDownloadLocation string `json:"downloadLocation,omitempty"` - FilesAnalyzed bool `json:"filesAnalyzed"` - PackageChecksums []PackageChecksum `json:"checksums"` - PackageHomePage string `json:"homepage,omitempty"` - PackageLicenseConcluded string `json:"licenseConcluded,omitempty"` - PackageLicenseDeclared string `json:"licenseDeclared,omitempty"` - PackageCopyrightText string `json:"copyrightText,omitempty"` - PackageLicenseComments string `json:"licenseComments,omitempty"` - PackageComment string `json:"comment,omitempty"` - RootPackage bool `json:"-"` + PackageName string `json:"name,omitempty" xml:"name,omitempty"` + SPDXID string `json:"SPDXID,omitempty" xml:"SPDXID,omitempty"` + PackageVersion string `json:"versionInfo,omitempty" xml:"versionInfo,omitempty"` + PackageSupplier string `json:"supplier,omitempty" xml:"supplier,omitempty"` + PackageDownloadLocation string `json:"downloadLocation,omitempty" xml:"downloadLocation,omitempty"` + FilesAnalyzed bool `json:"filesAnalyzed" xml:"filesAnalyzed"` + PackageChecksums []PackageChecksum `json:"checksums,omitempty" xml:"checksums>checksum,omitempty"` + PackageHomePage string `json:"homepage,omitempty" xml:"homepage,omitempty"` + PackageLicenseConcluded string `json:"licenseConcluded,omitempty" xml:"licenseConcluded,omitempty"` + PackageLicenseDeclared string `json:"licenseDeclared,omitempty" xml:"licenseDeclared,omitempty"` + PackageCopyrightText string `json:"copyrightText,omitempty" xml:"copyrightText,omitempty"` + PackageLicenseComments string `json:"licenseComments,omitempty" xml:"licenseComments,omitempty"` + PackageComment string `json:"comment,omitempty" xml:"comment,omitempty"` + RootPackage bool `json:"-" xml:"-"` } type Document struct { - SPDXVersion string `json:"spdxVersion,omitempty"` - DataLicense string `json:"dataLicense,omitempty"` - SPDXID string `json:"SPDXID,omitempty"` - DocumentName string `json:"name,omitempty"` - DocumentNamespace string `json:"documentNamespace,omitempty"` - CreationInfo CreationInfo `json:"creationInfo,omitempty"` - Packages []Package `json:"packages,omitempty"` - Relationships []Relationship `json:"relationships,omitempty"` - ExtractedLicensingInfos []ExtractedLicensingInfo `json:"hasExtractedLicensingInfos,omitempty"` + SPDXVersion string `json:"spdxVersion,omitempty" xml:"spdxVersion,omitempty"` + DataLicense string `json:"dataLicense,omitempty" xml:"dataLicense,omitempty"` + SPDXID string `json:"SPDXID,omitempty" xml:"SPDXID,omitempty"` + DocumentName string `json:"name,omitempty" xml:"name,omitempty"` + DocumentNamespace string `json:"documentNamespace,omitempty" xml:"documentNamespace,omitempty"` + CreationInfo CreationInfo `json:"creationInfo,omitempty" xml:"creationInfo,omitempty"` + Packages []Package `json:"packages,omitempty" xml:"packages>package,omitempty"` + Relationships []Relationship `json:"relationships,omitempty" xml:"relationships>relationship,omitempty"` + ExtractedLicensingInfos []ExtractedLicensingInfo `json:"hasExtractedLicensingInfos,omitempty" xml:"hasExtractedLicensingInfos>ExtractedLicensingInfo,omitempty"` } type CreationInfo struct { - Comment string `json:"comment,omitempty"` - Created string `json:"created,omitempty"` - Creators []string `json:"creators,omitempty"` - LicenceListVersion string `json:"licenseListVersion,omitempty"` + Comment string `json:"comment,omitempty" xml:"comment,omitempty"` + Created string `json:"created,omitempty" xml:"created,omitempty"` + Creators []string `json:"creators,omitempty" xml:"creators>creator,omitempty"` + LicenceListVersion string `json:"licenseListVersion,omitempty" xml:"licenseListVersion,omitempty"` } type Relationship struct { - SPDXElementID string `json:"spdxElementId,omitempty"` - RelatedSPDXElement string `json:"relatedSpdxElement,omitempty"` - RelationshipType string `json:"relationshipType,omitempty"` + SPDXElementID string `json:"spdxElementId,omitempty" xml:"spdxElementId,omitempty"` + RelatedSPDXElement string `json:"relatedSpdxElement,omitempty" xml:"relatedSpdxElement,omitempty"` + RelationshipType string `json:"relationshipType,omitempty" xml:"relationshipType,omitempty"` } type ExtractedLicensingInfo struct { - LicenseID string `json:"licenseId,omitempty"` - ExtractedText string `json:"extractedText,omitempty"` - LicenseName string `json:"name,omitempty"` - LicenseComment string `json:"comment,omitempty"` + LicenseID string `json:"licenseId,omitempty" xml:"licenseId,omitempty"` + ExtractedText string `json:"extractedText,omitempty" xml:"extractedText,omitempty"` + LicenseName string `json:"name,omitempty" xml:"name,omitempty"` + LicenseComment string `json:"comment,omitempty" xml:"comment,omitempty"` } type PackageChecksum struct { - Algorithm HashAlgorithm `json:"algorithm"` - Value string `json:"checksumValue"` + Algorithm HashAlgorithm `json:"algorithm,omitempty" xml:"algorithm,omitempty"` + Value string `json:"checksumValue,omitempty" xml:"checksumValue,omitempty"` } const T = `SPDXVersion: {{ .SPDXVersion }} -- Gitee From 9393ca86e644308cd938ea13de7ddbc0965949e3 Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 7 Jul 2022 16:48:02 +0800 Subject: [PATCH 05/10] =?UTF-8?q?=E4=BB=8E=E9=A1=B9=E7=9B=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E4=B8=AD=E8=A7=A3=E6=9E=90copyright=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- analyzer/engine/archive.go | 3 +- analyzer/engine/parse.go | 64 ++++++++++++++++++++++++++++++++++++++ cli/main.go | 13 +++++++- util/filter/file.go | 28 +++++++++++++++++ 4 files changed, 106 insertions(+), 2 deletions(-) diff --git a/analyzer/engine/archive.go b/analyzer/engine/archive.go index 88d97a9..d4882ca 100644 --- a/analyzer/engine/archive.go +++ b/analyzer/engine/archive.go @@ -28,7 +28,8 @@ import ( // checkFile 检测是否为可检测的文件 func (e Engine) checkFile(filename string) bool { for _, analyzer := range e.Analyzers { - if analyzer.CheckFile(filename) { + if analyzer.CheckFile(filename) || + filter.CheckLicense(filename) { return true } } diff --git a/analyzer/engine/parse.go b/analyzer/engine/parse.go index 9049daa..1f6fca1 100644 --- a/analyzer/engine/parse.go +++ b/analyzer/engine/parse.go @@ -7,16 +7,25 @@ package engine import ( "path" + "regexp" "strings" "util/filter" "util/model" ) +// copyright匹配优先级 +const ( + low = iota + mid + high +) + // parseDependency 解析依赖 func (e Engine) parseDependency(dirRoot *model.DirTree, depRoot *model.DepTree) *model.DepTree { if depRoot == nil { depRoot = model.NewDepTree(nil) } + var copyrightMess = make(map[string]string) for _, analyzer := range e.Analyzers { // 遍历目录树获取要检测的文件 files := []*model.FileInfo{} @@ -30,11 +39,22 @@ func (e Engine) parseDependency(dirRoot *model.DirTree, depRoot *model.DepTree) for _, f := range n.Files { if analyzer.CheckFile(f.Name) { files = append(files, f) + } else if filter.CheckLicense(f.Name) { + if _, ok := copyrightMess[path.Dir(f.Name)]; !ok { + // 记录解析到的copyrigh信息 + copyrightMess[path.Dir(f.Name)] = parseCopyright(f) + } } } } // 从文件中解析依赖树 for _, d := range analyzer.ParseFiles(files) { + p := path.Dir(d.Path) + if _, ok := copyrightMess[p]; ok { + // 将copyright信息加入与其同一文件目录的依赖节点中 + d.CopyrightText = copyrightMess[p] + delete(copyrightMess, p) + } depRoot.Children = append(depRoot.Children, d) d.Parent = depRoot if d.Name != "" && !strings.ContainsAny(d.Vendor+d.Name, "${}") && d.Version.Ok() { @@ -99,3 +119,47 @@ func (e Engine) parseDependency(dirRoot *model.DirTree, depRoot *model.DepTree) } return depRoot } + +// 从文件中提取copyright信息 +func parseCopyright(f *model.FileInfo) string { + matchLevel := map[int]string{} + ct := string(f.Data) + if len(ct) == 0 { + return "" + } + pras := strings.Split(ct, "\n\n") + re := regexp.MustCompile(`^\d{4}$|^\d{4}-\d{4}$|^\(c\)$`) + for _, pra := range pras { + if !strings.Contains(strings.ToLower(pra), "copyright") { + continue + } + lines := strings.Split(pra, "\n") + line := strings.TrimSpace(lines[0]) + if len(lines) == 0 { + continue + } + tks := strings.Fields(line) + if len(tks) == 0 { + continue + } + if strings.EqualFold("copyright", tks[0]) { + if re.MatchString(tks[1]) { + matchLevel[high] = line + } + matchLevel[mid] = line + } + for _, l := range lines { + if strings.HasPrefix(strings.TrimSpace(strings.ToLower(l)), "copyright") { + matchLevel[low] = strings.TrimSpace(l) + break + } + } + + } + for i := high; i >= low; i-- { + if matchLevel[i] != "" { + return matchLevel[i] + } + } + return "" +} diff --git a/cli/main.go b/cli/main.go index db0e3f6..ace61e3 100644 --- a/cli/main.go +++ b/cli/main.go @@ -9,6 +9,7 @@ import ( "flag" "fmt" "path" + "strings" "util/args" "util/logs" "util/model" @@ -33,13 +34,23 @@ func output(depRoot *model.DepTree, taskInfo report.TaskInfo) { logs.Debug("\n" + depRoot.String()) // 输出结果 var reportFunc func(*model.DepTree, report.TaskInfo) []byte - switch path.Ext(args.Config.Out) { + out := args.Config.Out + switch path.Ext(out) { case ".html": reportFunc = report.Html case ".json": + if strings.HasSuffix(out, ".spdx.json") { + reportFunc = report.SpdxJson + break + } reportFunc = report.Json case ".spdx": reportFunc = report.Spdx + case ".xml": + if strings.HasSuffix(out, ".spdx.xml") { + reportFunc = report.SpdxXml + break + } default: reportFunc = report.Json } diff --git a/util/filter/file.go b/util/filter/file.go index 81ffe09..5b728dd 100644 --- a/util/filter/file.go +++ b/util/filter/file.go @@ -5,6 +5,9 @@ package filter import ( + "fmt" + "path" + "regexp" "strings" ) @@ -92,3 +95,28 @@ var ( PythonPipfile = filterFunc(strings.HasSuffix, "Pipfile") PythonPipfileLock = filterFunc(strings.HasSuffix, "Pipfile.lock") ) + +// 用于筛选可能有copyright信息的文件 +var ( + LicenseFileNames = []string{ + "li[cs]en[cs]e(s?)", + "legal", + "copy(left|right|ing)", + "unlicense", + "l?gpl([-_ v]?)(\\d\\.?\\d)?", + "bsd", + "mit", + "apache", + } + LicenseFileRe = regexp.MustCompile( + fmt.Sprintf("^(|.*[-_. ])(%s)(|[-_. ].*)$", + strings.Join(LicenseFileNames, "|"))) + + LicenseDirectoryRe = regexp.MustCompile(fmt.Sprintf( + "^(%s)$", strings.Join(LicenseFileNames, "|"))) +) + +func CheckLicense(name string) bool { + return LicenseFileRe.MatchString(strings.ToLower(path.Base(name))) + //LicenseDirectoryRe.MatchString(strings.ToLower(path.Base(path.Dir(name)))) +} -- Gitee From f26b3230ce310e6c654d31cbbf4728ed25be1b51 Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 14 Jul 2022 15:03:56 +0800 Subject: [PATCH 06/10] =?UTF-8?q?=E4=B8=B4=E6=97=B6=E8=A7=A3=E5=86=B3pytho?= =?UTF-8?q?n=E7=9B=B8=E5=85=B3=E6=96=87=E4=BB=B6=E7=89=88=E6=9C=AC?= =?UTF-8?q?=E7=AC=A6=E5=8F=B7=E4=B8=8D=E8=A7=84=E5=88=99=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- analyzer/python/pipfile.go | 16 +++++++++++++--- analyzer/python/setup.go | 4 ++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/analyzer/python/pipfile.go b/analyzer/python/pipfile.go index 4b720c9..7157522 100644 --- a/analyzer/python/pipfile.go +++ b/analyzer/python/pipfile.go @@ -2,6 +2,7 @@ package python import ( "encoding/json" + "strings" "util/logs" "util/model" @@ -20,12 +21,12 @@ func parsePipfile(root *model.DepTree, file *model.FileInfo) { for name, version := range pip.Packages { dep := model.NewDepTree(root) dep.Name = name - dep.Version = model.NewVersion(version) + dep.Version = model.NewVersion(formatVer(version)) } for name, version := range pip.DevPackages { dep := model.NewDepTree(root) dep.Name = name - dep.Version = model.NewVersion(version) + dep.Version = model.NewVersion(formatVer(version)) } } @@ -49,8 +50,17 @@ func parsePipfileLock(root *model.DepTree, file *model.FileInfo) { if v != "" { dep := model.NewDepTree(root) dep.Name = n - dep.Version = model.NewVersion(v) + dep.Version = model.NewVersion(formatVer(v)) } } return } + +// 后续使用其他办法确定版本号 +func formatVer(v string) string { + res := strings.ReplaceAll(v, "==", "") + res = strings.ReplaceAll(res, "~=", "") + res = strings.ReplaceAll(res, ">=", "") + res = strings.ReplaceAll(res, "<=", "") + return res +} diff --git a/analyzer/python/setup.go b/analyzer/python/setup.go index 5ce3950..4f79b56 100644 --- a/analyzer/python/setup.go +++ b/analyzer/python/setup.go @@ -56,7 +56,7 @@ func parseSetup(root *model.DepTree, file *model.FileInfo) { logs.Warn(err) } root.Name = dep.Name - root.Version = model.NewVersion(dep.Version) + root.Version = model.NewVersion(formatVer(dep.Version)) root.Licenses = append(root.Licenses, dep.License) for _, pkg := range [][]string{dep.Packages, dep.InstallRequires, dep.Requires} { for _, p := range pkg { @@ -64,7 +64,7 @@ func parseSetup(root *model.DepTree, file *model.FileInfo) { sub := model.NewDepTree(root) if index > -1 { sub.Name = p[:index] - sub.Version = model.NewVersion(p[index:]) + sub.Version = model.NewVersion(formatVer(p[index:])) } else { sub.Name = p } -- Gitee From ba3a8a6e04d9fb65261df552d9881ff730474241 Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 14 Jul 2022 15:06:01 +0800 Subject: [PATCH 07/10] =?UTF-8?q?=E8=A7=A3=E5=86=B3js=E4=B8=8Ephp=E7=89=88?= =?UTF-8?q?=E6=9C=AC=E5=8F=B7=E6=98=BE=E7=A4=BA=E4=B8=8D=E8=A7=84=E8=8C=83?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- analyzer/javascript/package_json.go | 19 +++++-------------- analyzer/php/composer.go | 7 +++++-- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/analyzer/javascript/package_json.go b/analyzer/javascript/package_json.go index 5a98cf2..2aec0c4 100644 --- a/analyzer/javascript/package_json.go +++ b/analyzer/javascript/package_json.go @@ -11,7 +11,6 @@ import ( "io/ioutil" "net/http" "sort" - "strings" "util/bar" "util/cache" "util/enum/language" @@ -53,9 +52,6 @@ func parsePackage(root *model.DepTree, file *model.FileInfo, simulation bool) (d } root.AddLicense(pkg.License) root.HomePage = pkg.HomePage - if l, ok := pkg.Repository["url"]; ok { - root.DownloadLocation = formatLocation(l) - } // 依赖列表map[name]version depMap := map[string]string{} for name, version := range pkg.DevDeps { @@ -89,7 +85,7 @@ func parsePackage(root *model.DepTree, file *model.FileInfo, simulation bool) (d } for !q.Empty() { node := q.Pop().(*model.DepTree) - for _, sub := range npmSimulation(node) { + for _, sub := range npmSimulation(node, exist) { if _, ok := exist[sub.Name]; !ok { bar.Npm.Add(1) exist[sub.Name] = struct{}{} @@ -99,17 +95,9 @@ func parsePackage(root *model.DepTree, file *model.FileInfo, simulation bool) (d } return } -func formatLocation(l string) string { - l = strings.ReplaceAll(l, ".git", "") - l = strings.ReplaceAll(l, "git+", "") - l = strings.ReplaceAll(l, "git@", "") - l = strings.ReplaceAll(l, "git:", "https:") - l = strings.ReplaceAll(l, "github.com:", "https://github.com/") - return l -} // npmSimulation 模拟npm获取详细依赖信息 -func npmSimulation(dep *model.DepTree) (subDeps []*model.DepTree) { +func npmSimulation(dep *model.DepTree, exist map[string]struct{}) (subDeps []*model.DepTree) { subDeps = []*model.DepTree{} dep.Language = language.JavaScript // 获取依赖数据 @@ -165,6 +153,9 @@ func npmSimulation(dep *model.DepTree) (subDeps []*model.DepTree) { } sort.Strings(names) for _, name := range names { + if _, ok := exist[name]; ok { + continue + } sub := model.NewDepTree(dep) sub.Name = name sub.Version = model.NewVersion(info.Deps[name]) diff --git a/analyzer/php/composer.go b/analyzer/php/composer.go index 447d709..0403888 100644 --- a/analyzer/php/composer.go +++ b/analyzer/php/composer.go @@ -88,7 +88,7 @@ func parseComposer(root *model.DepTree, file *model.FileInfo, simulation bool) ( } for !q.Empty() { node := q.Pop().(*model.DepTree) - for _, sub := range composerSimulation(node) { + for _, sub := range composerSimulation(node, exist) { if _, ok := exist[sub.Name]; !ok { bar.Composer.Add(1) exist[sub.Name] = struct{}{} @@ -100,7 +100,7 @@ func parseComposer(root *model.DepTree, file *model.FileInfo, simulation bool) ( } // composerSimulation composer simulation -func composerSimulation(dep *model.DepTree) (subDeps []*model.DepTree) { +func composerSimulation(dep *model.DepTree, exist map[string]struct{}) (subDeps []*model.DepTree) { subDeps = []*model.DepTree{} dep.Language = language.Php data := cache.LoadCache(dep.Dependency) @@ -152,6 +152,9 @@ func composerSimulation(dep *model.DepTree) (subDeps []*model.DepTree) { if strings.EqualFold(name, "php") { continue } + if _, ok := exist[name]; ok { + continue + } sub := model.NewDepTree(dep) sub.Name = name sub.Version = model.NewVersion(requires[name]) -- Gitee From 24bd425b5f15b0b21e9f406def7b776a601baabc Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 14 Jul 2022 15:07:27 +0800 Subject: [PATCH 08/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9spdx=E9=83=A8=E5=88=86?= =?UTF-8?q?=E5=AD=97=E6=AE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- util/filter/file.go | 4 -- util/model/dependency.go | 6 +-- util/report/format.go | 6 +++ util/report/spdx.go | 107 +++++++++++++++++++++++++++++---------- util/report/spdx_type.go | 38 +++++++------- 5 files changed, 109 insertions(+), 52 deletions(-) diff --git a/util/filter/file.go b/util/filter/file.go index 5b728dd..55f1b70 100644 --- a/util/filter/file.go +++ b/util/filter/file.go @@ -111,12 +111,8 @@ var ( LicenseFileRe = regexp.MustCompile( fmt.Sprintf("^(|.*[-_. ])(%s)(|[-_. ].*)$", strings.Join(LicenseFileNames, "|"))) - - LicenseDirectoryRe = regexp.MustCompile(fmt.Sprintf( - "^(%s)$", strings.Join(LicenseFileNames, "|"))) ) func CheckLicense(name string) bool { return LicenseFileRe.MatchString(strings.ToLower(path.Base(name))) - //LicenseDirectoryRe.MatchString(strings.ToLower(path.Base(path.Dir(name)))) } diff --git a/util/model/dependency.go b/util/model/dependency.go index b185997..e80df43 100644 --- a/util/model/dependency.go +++ b/util/model/dependency.go @@ -88,9 +88,9 @@ type DepTree struct { Licenses []string `json:"licenses,omitempty"` // spdx相关字段 CopyrightText string `json:"copyrightText,omitempty"` - HomePage string `json:"homepage,omitempty"` - DownloadLocation string `json:"downloadlocation,omitempty"` - CheckSum string `json:"checksum,omitempty"` + HomePage string `json:"-"` + DownloadLocation string `json:"-"` + CheckSum string `json:"-"` // 子组件 Children []*DepTree `json:"children,omitempty"` Expand interface{} `json:"-"` diff --git a/util/report/format.go b/util/report/format.go index 4da0940..b23d439 100644 --- a/util/report/format.go +++ b/util/report/format.go @@ -52,6 +52,12 @@ func format(dep *model.DepTree) { if d, ok := dm[k]; !ok { dm[k] = n } else { + // 临时解决部分组件homepage字段不显示问题 + // 因为去重时刚好把解析到homepage字段的组件去掉了 + // 其他字段可能也需要类似操作 + if n.HomePage != "" { + d.HomePage = n.HomePage + } // 已存在相同组件 d.Paths = append(d.Paths, n.Path) // 从父组件中移除当前组件 diff --git a/util/report/spdx.go b/util/report/spdx.go index 6ea1621..7a6025b 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -17,7 +17,7 @@ import ( var nodePkg = make(map[*model.DepTree]Package) func init() { - replacers := []string{"/", ".", "_", "-", `\`, "."} + replacers := []string{"_", "-", "/", "."} replacer = strings.NewReplacer(replacers...) } func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { @@ -113,31 +113,23 @@ func addPkgToDoc(root *model.DepTree, doc *Document) { // 构建package func buildPkg(dep *model.DepTree) Package { - lic := "" - for _, v := range dep.Licenses { - if lic == "" { - lic = v - continue - } - lic = lic + " OR " + v - } pkg := Package{ - PackageName: dep.Name, - SPDXID: "", - PackageVersion: dep.VersionStr, - PackageSupplier: dep.Vendor, - //PackageDownloadLocation: dep.DownloadLocation, - FilesAnalyzed: false, + PackageName: setpkgName(dep), + SPDXID: "", + PackageVersion: setPkgVer(dep), + PackageSupplier: setPkgSup(dep), + PackageDownloadLocation: setPkgDownloadLoc(dep), + // FilesAnalyzed: false, //PackageChecksums: nil, - PackageHomePage: dep.HomePage, - PackageLicenseConcluded: lic, - //PackageLicenseDeclared: "", - PackageCopyrightText: dep.CopyrightText, - PackageLicenseComments: "", - //PackageComment: "", - RootPackage: len(dep.Children) > 0, - } - pkg.SPDXID = setPkgSPDXID(dep.Name, dep.VersionStr, pkg.RootPackage) + PackageHomePage: setHomePage(dep), + PackageLicenseConcluded: setPkgLicenseCon(dep), + PackageLicenseDeclared: setPkgLicenseDec(dep), + PackageCopyrightText: setCopyrightCont(dep), + PackageLicenseComments: setPkgLicenseComments(dep), + PackageComment: setPkgComments(dep), + RootPackage: isParent(dep), + } + pkg.SPDXID = setPkgSPDXID(dep.Name, dep.VersionStr) nodePkg[dep] = pkg return pkg } @@ -160,10 +152,71 @@ func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { } } -// 设置package的SPDXID -func setPkgSPDXID(s, v string, flag bool) string { - if flag { +func setPkgSPDXID(s, v string) string { + if v == "" { return fmt.Sprintf("SPDXRef-Package-%s", replacer.Replace(s)) } return fmt.Sprintf("SPDXRef-Package-%s-%s", replacer.Replace(s), v) } +func setpkgName(dep *model.DepTree) string { + if dep.Name != "" { + return dep.Name + } + return "" +} +func setPkgVer(dep *model.DepTree) string { + if dep.VersionStr != "" { + return dep.VersionStr + } + return "NOASSERTION" +} +func setPkgSup(dep *model.DepTree) string { + if dep.Vendor != "" { + return dep.Vendor + } + return "NOASSERTION" +} +func setPkgDownloadLoc(dep *model.DepTree) string { + if dep.DownloadLocation != "" { + return dep.DownloadLocation + } + return "NOASSERTION" +} +func setHomePage(dep *model.DepTree) string { + if dep.HomePage != "" { + return dep.HomePage + } + return "NOASSERTION" +} +func setPkgLicenseCon(dep *model.DepTree) string { + if len(dep.Licenses) > 0 { + lic := "" + for _, v := range dep.Licenses { + if lic == "" { + lic = v + continue + } + lic = lic + " OR " + v + } + return lic + } + return "NOASSERTION" +} +func setPkgLicenseDec(dep *model.DepTree) string { + return "NOASSERTION" +} +func setCopyrightCont(dep *model.DepTree) string { + if dep.CopyrightText != "" { + return dep.CopyrightText + } + return "NOASSERTION" +} +func setPkgLicenseComments(dep *model.DepTree) string { + return "NOASSERTION" +} +func setPkgComments(dep *model.DepTree) string { + return "NOASSERTION" +} +func isParent(dep *model.DepTree) bool { + return len(dep.Children) > 0 +} diff --git a/util/report/spdx_type.go b/util/report/spdx_type.go index 68b1c75..a57d94a 100644 --- a/util/report/spdx_type.go +++ b/util/report/spdx_type.go @@ -6,20 +6,20 @@ var replacer *strings.Replacer type HashAlgorithm string type Package struct { - PackageName string `json:"name,omitempty" xml:"name,omitempty"` - SPDXID string `json:"SPDXID,omitempty" xml:"SPDXID,omitempty"` - PackageVersion string `json:"versionInfo,omitempty" xml:"versionInfo,omitempty"` - PackageSupplier string `json:"supplier,omitempty" xml:"supplier,omitempty"` - PackageDownloadLocation string `json:"downloadLocation,omitempty" xml:"downloadLocation,omitempty"` - FilesAnalyzed bool `json:"filesAnalyzed" xml:"filesAnalyzed"` - PackageChecksums []PackageChecksum `json:"checksums,omitempty" xml:"checksums>checksum,omitempty"` - PackageHomePage string `json:"homepage,omitempty" xml:"homepage,omitempty"` - PackageLicenseConcluded string `json:"licenseConcluded,omitempty" xml:"licenseConcluded,omitempty"` - PackageLicenseDeclared string `json:"licenseDeclared,omitempty" xml:"licenseDeclared,omitempty"` - PackageCopyrightText string `json:"copyrightText,omitempty" xml:"copyrightText,omitempty"` - PackageLicenseComments string `json:"licenseComments,omitempty" xml:"licenseComments,omitempty"` - PackageComment string `json:"comment,omitempty" xml:"comment,omitempty"` - RootPackage bool `json:"-" xml:"-"` + PackageName string `json:"name,omitempty" xml:"name,omitempty"` + SPDXID string `json:"SPDXID,omitempty" xml:"SPDXID,omitempty"` + PackageVersion string `json:"versionInfo,omitempty" xml:"versionInfo,omitempty"` + PackageSupplier string `json:"supplier,omitempty" xml:"supplier,omitempty"` + PackageDownloadLocation string `json:"downloadLocation,omitempty" xml:"downloadLocation,omitempty"` + // FilesAnalyzed bool `json:"filesAnalyzed" xml:"filesAnalyzed"` + // PackageChecksums []PackageChecksum `json:"checksums,omitempty" xml:"checksums>checksum,omitempty"` + PackageHomePage string `json:"homepage,omitempty" xml:"homepage,omitempty"` + PackageLicenseConcluded string `json:"licenseConcluded,omitempty" xml:"licenseConcluded,omitempty"` + PackageLicenseDeclared string `json:"licenseDeclared,omitempty" xml:"licenseDeclared,omitempty"` + PackageCopyrightText string `json:"copyrightText,omitempty" xml:"copyrightText,omitempty"` + PackageLicenseComments string `json:"licenseComments,omitempty" xml:"licenseComments,omitempty"` + PackageComment string `json:"comment,omitempty" xml:"comment,omitempty"` + RootPackage bool `json:"-" xml:"-"` } type Document struct { @@ -75,10 +75,6 @@ PackageVersion: {{ . }} {{- end }} PackageSupplier: {{ .PackageSupplier }} PackageDownloadLocation: {{ .PackageDownloadLocation }} -FilesAnalyzed: {{ .FilesAnalyzed }} -{{- range .PackageChecksums }} -PackageChecksum: {{ .Algorithm }}: {{ .Value }} -{{- end }} PackageHomePage: {{ .PackageHomePage }} PackageLicenseConcluded: {{ .PackageLicenseConcluded }} PackageLicenseDeclared: {{ .PackageLicenseDeclared }} @@ -99,3 +95,9 @@ LicenseName: {{ .LicenseName }} LicenseComment: {{ .LicenseComment }} {{- end -}} {{- end -}}` + +// {{- range .PackageChecksums }} +// PackageChecksum: {{ .Algorithm }}: {{ .Value }} +// {{- end }} + +// FilesAnalyzed: {{ .FilesAnalyzed }} -- Gitee From af37434782b312c77d7122bc5693e7787a53889d Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Thu, 14 Jul 2022 15:51:28 +0800 Subject: [PATCH 09/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9spdx=E9=83=A8=E5=88=86?= =?UTF-8?q?=E5=AD=97=E6=AE=B5=E5=86=85=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- util/report/spdx.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/report/spdx.go b/util/report/spdx.go index 7a6025b..47270c3 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -138,12 +138,12 @@ func buildPkg(dep *model.DepTree) Package { func buildDocument(root *model.DepTree, taskInfo TaskInfo) *Document { return &Document{ SPDXVersion: "SPDX-2.2", - DataLicense: "CC0-1.0", + DataLicense: "", SPDXID: "SPDXRef-DOCUMENT", DocumentName: path.Base(taskInfo.AppName), DocumentNamespace: "", CreationInfo: CreationInfo{ - Creators: []string{}, + Creators: []string{"OpenSCA-Cli"}, Created: time.Now().Format("2006-01-02 15:04:05"), }, Packages: []Package{}, -- Gitee From a1e9d9eba38455ea1552cd5a21d30eb44931227d Mon Sep 17 00:00:00 2001 From: huyongfeng Date: Fri, 15 Jul 2022 15:26:18 +0800 Subject: [PATCH 10/10] v1.0.8 --- .github/README.md | 2 +- README.md | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/README.md b/.github/README.md index 9548a15..38b52eb 100644 --- a/.github/README.md +++ b/.github/README.md @@ -83,7 +83,7 @@ opensca-cli -db db.json -path ${project_path} | `token` | `string` | Cloud service verification. You have to apply for it on the cloud service platform and use it with the `url` parameter. | `-token xxxxxxx` | | `cache` | `bool` | This option is recommended. It can cache the downloaded files, for example, the `.pom` file, and save your time when detecting the same component next time. The downloaded files are saved in `.cache` under the same directory as opensca-cli. | `-cache` | | `vuln` | `bool` | Show the vulnerabilities info only. Using this parameter, the component hierarchical architecture will **NOT** be included in the result. | `-vuln` | -| `out` | `string` | Set the output file. The result defaults to json format. | `-out output.json` | +| `out` | `string` | Set the output file. The result defaults to json format. Support the output of SBOM list in spdx format. | `-out output.json` | | `db` | `string` | Set the local vulnerability database file. It helps when you prefer to use your own vulnerability database. The format of the vulnerability database is shown below. If the cloud and local vulnerability databases are both set, the result of detection will merge both. | `-db db.json` | | `progress` | `bool` | Show the progress bar. | `-progress` | | `dedup` | `bool` | Same result deduplication | `-dedup` | diff --git a/README.md b/README.md index 24a79fe..cdf70aa 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ logo

OpenSCA-Cli

-

@@ -81,7 +80,7 @@ opensca-cli -db db.json -path ${project_path} | `token` | `string` | 云服务验证 `token`,需要在云服务平台申请,与 `url` 参数一起使用 | `-token xxxxxxx` | | `cache` | `bool` | 建议开启,缓存下载的文件(例如 `.pom` 文件),重复检测相同组件时会节省时间,下载的文件会保存到工具所在目录的.cache 目录下 | `-cache` | | `vuln` | `bool` | 结果仅保留有漏洞信息的组件,使用该参数将不会保留组件层级结构 | `-vuln` | -| `out` | `string` | 将检测结果保存到指定文件,根据后缀生成不同格式的文件,默认为 `json` 格式 | `-out output.json` | +| `out` | `string` | 将检测结果保存到指定文件,根据后缀生成不同格式的文件,默认为 `json` 格式;支持以`spdx`格式展示`sbom`清单只需更换相应输出文件后缀即可 | `-out output.json` | | `db` | `string` | 指定本地漏洞库文件,希望使用自己漏洞库时可用,漏洞库文件为 `json` 格式,具体格式会在之后给出;若同时使用云端漏洞库与本地漏洞库,漏洞查询结果取并集 | `-db db.json` | | `progress` | `bool` | 显示进度条 | `-progress` | | `dedup` | `bool` | 相同组件去重 | `-dedup` | -- Gitee