cmd

package
v0.10.0-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ERROR_APPLICATION = 1
	ERROR_VALIDATION  = 2
)
View Source 
const (
	ERR_TYPE_INVALID_JSON_MAP       = "invalid JSON map"
	ERR_TYPE_INVALID_SBOM           = "invalid SBOM"
	ERR_TYPE_SBOM_COMPONENT         = "component error"
	ERR_TYPE_SBOM_LICENSE           = "license error"
	ERR_TYPE_SBOM_COMPOSITION       = "composition error"
	ERR_TYPE_SBOM_METADATA          = "metadata error"
	ERR_TYPE_SBOM_METADATA_PROPERTY = "metadata property error"
	ERR_TYPE_UNEXPECTED_ERROR       = "unexpected error"
)

General error messages

View Source 
const (
	MSG_FORMAT_TYPE                           = "format: `%s`"
	MSG_SCHEMA_ERRORS                         = "schema errors found"
	MSG_INVALID_METADATA_PROPERTIES           = "field `metadata.properties` is missing or invalid"
	MSG_INVALID_METADATA_COMPONENT_COMPONENTS = "field `metadata.component.components` array should be empty"
	MSG_INVALID_METADATA_COMPONENT            = "field `metadata.component` is missing or invalid"
	MSG_PROPERTY_NOT_FOUND                    = "property not found"
	MSG_PROPERTY_NOT_UNIQUE                   = "check failed: property not unique"
	MSG_PROPERTY_REGEX_FAILED                 = "check failed: property regex mismatch"
)

Validation messages

View Source 
const (
	MSG_LICENSE_INVALID_DATA                   = "invalid license data"
	MSG_LICENSE_INVALID_EXPRESSION             = "invalid license expression"
	MSG_LICENSE_INVALID_POLICY                 = "invalid license policy"
	MSG_LICENSES_NOT_FOUND                     = "licenses not found"
	MSG_LICENSE_EXPRESSION_INVALID_CONJUNCTION = "invalid conjunction"
	MSG_LICENSE_EXPRESSION_UNDEFINED_POLICY    = "contains an undefined policy"
	MSG_LICENSE_EXPRESSION                     = "license expression"
)

License messages

View Source 
const (
	ERR_TYPE_INVALID_QUERY            = "invalid query"
	MSG_QUERY_CLAUSE_NOT_FOUND        = "required clause not found"
	MSG_QUERY_INVALID_DATATYPE        = "invalid data type"
	MSG_QUERY_INVALID_FROM_CLAUSE     = "invalid FROM clause"
	MSG_QUERY_INVALID_SELECT_CLAUSE   = "invalid SELECT clause"
	MSG_QUERY_INVALID_WHERE_CLAUSE    = "invalid WHERE clause"
	MSG_QUERY_INVALID_ORDER_BY_CLAUSE = "invalid ORDERBY clause"
	MSG_QUERY_INVALID_REQUEST         = "invalid query request"
	MSG_QUERY_INVALID_RESPONSE        = "invalid query response"
)

Query error messages

View Source 
const (
	MSG_QUERY_ERROR_FROM_KEY_INVALID_OBJECT    = "key does not reference a valid JSON object"
	MSG_QUERY_ERROR_FROM_KEY_NOT_FOUND         = "key not found in path"
	MSG_QUERY_ERROR_FROM_KEY_SLICE_DEREFERENCE = "key attempts to dereference into an array"
	MSG_QUERY_ERROR_SELECT_WILDCARD            = "wildcard cannot be used with other values"
)

Query error details

View Source 
const (
	SUBCOMMAND_LICENSE_LIST   = "list"
	SUBCOMMAND_LICENSE_POLICY = "policy"
)
View Source 
const (
	LICENSE_LIST_NOT_APPLICABLE = "N/A"
	LICENSE_NONE                = "NOASSERTION"
)

License list default values

View Source 
const (
	LC_TYPE_INVALID = iota
	LC_TYPE_ID
	LC_TYPE_NAME
	LC_TYPE_EXPRESSION
)

LicenseChoice - Choice type

View Source 
const (
	LC_LOC_UNKNOWN = iota
	LC_LOC_METADATA_COMPONENT
	LC_LOC_METADATA
	LC_LOC_COMPONENTS
	LC_LOC_SERVICES
)
View Source 
const (
	AND                   string = "AND"
	OR                    string = "OR"
	WITH                  string = "WITH"
	CONJUNCTION_UNDEFINED string = ""
)

Supported conjunctions and prepositions

View Source 
const (
	LEFT_PARENS                 string = "("
	RIGHT_PARENS                string = ")"
	LEFT_PARENS_WITH_SEPARATOR  string = "( "
	RIGHT_PARENS_WITH_SEPARATOR string = " )"
	PLUS_OPERATOR               string = "+"
)

Tokens

View Source 
const (
	FLAG_LICENSE_SUMMARY = "summary"
	FLAG_LICENSE_EXCLUDE = "exclude"
	FLAG_LICENSE_POLICY  = "policy" // policy-match, policy-filter, etc.
)

Subcommand flags TODO: Support a new --sort <column> flag

View Source 
const (
	FLAG_LICENSE_LIST_OUTPUT_FORMAT_HELP = "format output using the specified format type"
	FLAG_LICENSE_LIST_SUMMARY_HELP       = "summarize licenses and component references in table format (see --format flag help for supported types)"
	FLAG_LICENSE_LIST_EXCLUDE_HELP       = "exclude policy column from summary listing"
	FLAG_LICENSE_LIST_POLICY_HELP        = "filter license summary by usage policy (i.e., allow|deny|needs-review|UNDEFINED)"
)

License list command flag help messages

View Source 
const (
	MSG_OUTPUT_NO_LICENSES_FOUND            = "No licenses found in BOM document"
	MSG_OUTPUT_NO_LICENSES_ONLY_NOASSERTION = "No valid licenses found in BOM document (only licenses marked NOASSERTION)"
	MSG_OUTPUT_NO_SCHEMAS_FOUND             = "[WARN] no schemas found in configuration (i.e., \"config.json\")"
	MSG_OUTPUT_NO_RESOURCES_FOUND           = "[WARN] no matching resources found for query"
)

License list command informational messages

View Source 
const (
	LICENSE_FILTER_KEY_USAGE_POLICY  = "usage-policy"
	LICENSE_FILTER_KEY_LICENSE_TYPE  = "license-type"
	LICENSE_FILTER_KEY_LICENSE       = "license"
	LICENSE_FILTER_KEY_RESOURCE_NAME = "resource-name"
	LICENSE_FILTER_KEY_BOM_REF       = "bom-ref"
	LICENSE_FILTER_KEY_BOM_LOCATION  = "bom-location"
)

"Type", "ID/Name/Expression", "Component(s)", "BOM ref.", "Document location" filter keys

View Source 
const (
	POLICY_ALLOW        = "allow"
	POLICY_DENY         = "deny"
	POLICY_NEEDS_REVIEW = "needs-review"
	POLICY_UNDEFINED    = "UNDEFINED"
	POLICY_CONFLICT     = "CONFLICT"
)
View Source 
const (
	FLAG_OUTPUT_FORMAT  = "format"
	FLAG_QUERY_SELECT   = "select"
	FLAG_QUERY_FROM     = "from"
	FLAG_QUERY_WHERE    = "where"
	FLAG_QUERY_ORDER_BY = "orderby"
)

Query command flags

View Source 
const (
	FLAG_QUERY_OUTPUT_FORMAT_HELP = "format output using the specified type"
	FLAG_QUERY_SELECT_HELP        = "comma-separated list of JSON key names used to select fields within the object designated by the FROM flag" +
		"\n- the wildcard character `*` can be used to denote inclusion of all found key-values"
	FLAG_QUERY_FROM_HELP = "dot-separated list of JSON key names used to dereference into the JSON document" +
		"\n - if not present, the query assumes document \"root\" as the `--from` object"
	FLAG_QUERY_WHERE_HELP    = "comma-separated list of key=<regex> of clauses used to filter the SELECT result set"
	FLAG_QUERY_ORDER_BY_HELP = "key name that appears in the SELECT result set used to order the result records"
)

Query command flag help messages

View Source 
const (
	QUERY_TOKEN_WILDCARD       = "*"
	QUERY_FROM_CLAUSE_SEP      = "."
	QUERY_SELECT_CLAUSE_SEP    = ","
	QUERY_WHERE_EXPRESSION_SEP = ","
	QUERY_WHERE_OPERAND_EQUALS = "="
)

Named tokens

View Source 
const (
	FLAG_REPORT_WHERE      = "where"
	FLAG_REPORT_WHERE_HELP = "comma-separated list of `key=<regex>` clauses used to filter the result set"
)

Common/reusable Flags used across multiple report commands

View Source 
const (
	MD_COLUMN_SEPARATOR = "|"
	MD_ALIGN_LEFT       = ":--"
	MD_ALIGN_CENTER     = "-:-"
	MD_ALIGN_RIGHT      = "--:"
)

Markdown report helpers

View Source 
const (
	FLAG_RESOURCE_TYPE      = "type"
	FLAG_RESOURCE_TYPE_HELP = "filter output by resource type (i.e., component | service"
)

Flags. Reuse query flag values where possible

View Source 
const (
	RESOURCE_TYPE_DEFAULT   = "" // i.e., all resource types
	RESOURCE_TYPE_COMPONENT = "component"
	RESOURCE_TYPE_SERVICE   = "service"
)

resource types

View Source 
const (
	RESOURCE_FILTER_KEY_TYPE    = "type"
	RESOURCE_FILTER_KEY_NAME    = "name"
	RESOURCE_FILTER_KEY_VERSION = "version"
	RESOURCE_FILTER_KEY_BOMREF  = "bom-ref"
)

filter keys

View Source 
const (
	CMD_VERSION       = "version"
	CMD_VALIDATE      = "validate"
	CMD_LICENSE       = "license"
	CMD_QUERY         = "query"
	CMD_RESOURCE      = "resource"
	CMD_SCHEMA        = "schema"
	CMD_VULNERABILITY = "vulnerability"
)

top-level commands

View Source 
const (
	CMD_USAGE_VALIDATE           = CMD_VALIDATE + " -i input_file" + " [--variant variant_name]" + " [ --force schema_file]"
	CMD_USAGE_QUERY              = CMD_QUERY + " -i input_filename [--select * | field1[,fieldN]] [--from [key1[.keyN]] [--where key=regex[,...]]"
	CMD_USAGE_LICENSE_LIST       = SUBCOMMAND_LICENSE_LIST + " -i input_file [[--summary] [--format json|txt|csv|md]"
	CMD_USAGE_LICENSE_POLICY     = SUBCOMMAND_LICENSE_POLICY + " -i input_file [--format json|txt|csv|md]"
	CMD_USAGE_RESOURCE_LIST      = CMD_RESOURCE + " -i input_file [--type component|service] [--where key=regex[,...]] [--format json|txt|csv|md] [-o output_filename]"
	CMD_USAGE_SCHEMA_LIST        = CMD_SCHEMA + " [--format txt|csv|md]"
	CMD_USAGE_VULNERABILITY_LIST = CMD_VULNERABILITY + " " + SUBCOMMAND_VULNERABILITY_LIST + " -i input_file [--format json|txt|csv|md]"
)

WARNING!!! The ".Use" field of a Cobra command MUST have the first word be the actual command otherwise, the command will NOT be found by the Cobra framework. This is poor code assumption is NOT documented.

View Source 
const (
	FLAG_CONFIG_SCHEMA            = "config-schema"
	FLAG_CONFIG_LICENSE_POLICY    = "config-license"
	FLAG_CONFIG_CUSTOM_VALIDATION = "config-validation"
	FLAG_TRACE                    = "trace"
	FLAG_TRACE_SHORT              = "t"
	FLAG_DEBUG                    = "debug"
	FLAG_DEBUG_SHORT              = "d"
	FLAG_FILENAME_INPUT           = "input-file"
	FLAG_FILENAME_INPUT_SHORT     = "i"
	FLAG_FILENAME_OUTPUT          = "output-file"
	FLAG_FILENAME_OUTPUT_SHORT    = "o"
	FLAG_QUIET_MODE               = "quiet"
	FLAG_QUIET_MODE_SHORT         = "q"
	FLAG_LOG_OUTPUT_INDENT        = "indent"
	FLAG_FILE_OUTPUT_FORMAT       = "format"
)
View Source 
const (
	MSG_APP_NAME            = "Software Bill-of-Materials (SBOM) utility."
	MSG_APP_DESCRIPTION     = "This utility serves as centralized command line interface into various Software Bill-of-Materials (SBOM) helper utilities."
	MSG_FLAG_TRACE          = "enable trace logging"
	MSG_FLAG_DEBUG          = "enable debug logging"
	MSG_FLAG_INPUT          = "input filename (e.g., \"path/sbom.json\")"
	MSG_FLAG_OUTPUT         = "output filename"
	MSG_FLAG_LOG_QUIET      = "enable quiet logging mode (removes all information messages from console output); overrides other logging commands"
	MSG_FLAG_LOG_INDENT     = "enable log indentation of functional callstack"
	MSG_FLAG_CONFIG_SCHEMA  = "provide custom location and/or filename for application schema configuration (i.e., replaces default `config.json`)"
	MSG_FLAG_CONFIG_LICENSE = "provide custom location and/or filename for application license policy configuration (i.e., replaces default `license.json`)"
)
View Source 
const (
	MSG_SUPPORTED_OUTPUT_FORMATS_HELP         = "\n- Supported formats: "
	MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP = "\n- Supported formats using the --summary flag: "
)
View Source 
const (
	DEFAULT_SCHEMA_CONFIG            = "config.json"
	DEFAULT_CUSTOM_VALIDATION_CONFIG = "custom.json"
	DEFAULT_LICENSE_POLICIES         = "license.json"
)
View Source 
const (
	FORMAT_DEFAULT  = ""
	FORMAT_TEXT     = "txt"
	FORMAT_JSON     = "json"
	FORMAT_CSV      = "csv"
	FORMAT_MARKDOWN = "md"
	FORMAT_ANY      = "<any>" // Used for test errors
)

Supported output formats

View Source 
const (
	SCHEMA_FILTER_KEY_NAME        = "Name"
	SCHEMA_FILTER_KEY_FORMAT      = "Format"
	SCHEMA_FILTER_KEY_VERSION     = "Version"
	SCHEMA_FILTER_KEY_VARIANT     = "Variant"
	SCHEMA_FILTER_KEY_FILE        = "File (local)"
	SCHEMA_FILTER_KEY_SOURCE      = "URL (remote)"
	SCHEMA_FILTER_KEY_DEVELOPMENT = "Development" // Unused (for now)
)
View Source 
const (
	VALID   = true
	INVALID = false
)
View Source 
const (
	FLAG_SCHEMA_FORCE          = "force"
	FLAG_SCHEMA_VARIANT        = "variant"
	FLAG_CUSTOM_VALIDATION     = "custom" // TODO
	MSG_SCHEMA_FORCE           = "force specified schema file for validation; overrides inferred schema"
	MSG_SCHEMA_VARIANT         = "select named schema variant (e.g., \"strict\"); variant must be declared in configuration file (i.e., \"config.json\")"
	MSG_FLAG_CUSTOM_VALIDATION = "perform custom validation using custom configuration settings (i.e., \"custom.json\")"
)

validation flags

View Source 
const (
	VULN_FILTER_KEY_ID          = "id"
	VULN_FILTER_KEY_BOM_REF     = "bom-ref"
	VULN_FILTER_KEY_SOURCE_URL  = "source-url"
	VULN_FILTER_KEY_SOURCE_NAME = "source-name"
	VULN_FILTER_KEY_CREATED     = "created"
	VULN_FILTER_KEY_PUBLISHED   = "published"
	VULN_FILTER_KEY_UPDATED     = "updated"
	VULN_FILTER_KEY_REJECTED    = "rejected"
	VULN_FILTER_KEY_DESC        = "description"
)

filter keys

View Source 
const (
	DEFAULT_TRUNCATE_LENGTH = 128
)

limits

View Source 
const (
	ERR_FORMAT_DETAIL_SEP = ": "
)

formatting Error() interface

View Source 
const (
	FLAG_POLICY_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Subcommand flags

View Source 
const (
	FLAG_RESOURCE_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Command help formatting

View Source 
const (
	FLAG_SCHEMA_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Subcommand flags

View Source 
const (
	FLAG_VULNERABILITY_OUTPUT_FORMAT_HELP = "format vulnerability output"
)

Command help formatting

View Source 
const (
	MSG_OUTPUT_NO_VULNERABILITIES_FOUND = "[WARN] no matching vulnerabilities found for query"
)

Vuln. command informational messages

View Source 
const (
	PROTOCOL_PREFIX_FILE = "file://"
)

Protocol

View Source 
const (
	REGEX_VALID_SPDX_ID = "^[a-zA-Z0-9.-]+$"
)

Note: the SPDX spec. does not provide regex for an SPDX ID, but provides the following in ABNF: 

string = 1*(ALPHA / DIGIT / "-" / "." )

Currently, the regex below tests composition of of only alphanum, "-", and "." characters and disallows empty strings TODO:

  • First and last chars are not "-" or "."
  • Enforce reasonable min/.max length. In theory, we can check overall length with positive lookahead (e.g., min 3 max 128): (?=.{3,128}$) However, this does not appear to be supported in `regexp` package or perhaps it must be a compiled expression TBD
View Source 
const (
	REPORT_LIST_TITLE_ROW_SEPARATOR = "-"
)
View Source 
const (
	SUBCOMMAND_RESOURCE_LIST = "list"
)
View Source 
const (
	SUBCOMMAND_SCHEMA_LIST = "list"
)
View Source 
const (
	SUBCOMMAND_VULNERABILITY_LIST = "list"
)
View Source 
const VULNERABILITY_TRUNCATE_TEXT_LENGTH = 512

TODO make configurable via flag

Variables

View Source 
var ALL_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW, POLICY_UNDEFINED, POLICY_CONFLICT}
View Source 
var CDX_LICENSE_LOCATION_NAMES = map[int]string{
	LC_LOC_UNKNOWN:            "unknown",
	LC_LOC_METADATA_COMPONENT: "metadata.component",
	LC_LOC_METADATA:           "metadata.licenses",
	LC_LOC_COMPONENTS:         "components",
	LC_LOC_SERVICES:           "services",
}
View Source 
var LC_TYPE_NAMES = [...]string{"invalid", "id", "name", "expression"}

Declare a fixed-sized array for LC type names

View Source 
var LICENSE_LIST_SUMMARY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") +
	" (default: txt)"
View Source 
var LICENSE_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_JSON, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") +
	" (default: json)"

Command help formatting

View Source 
var LICENSE_LIST_TITLES_LICENSE_CHOICE = []string{"License.Id", "License.Name", "License.Url", "Expression", "License.Text.ContentType", "License.Text.Encoding", "License.Text.Content"}

Title row names for formatted lists (reports)

View Source 
var LICENSE_POLICY_SUMMARY_TITLES = []string{"Policy", "Family", "SPDX ID", "Name", "Annotations", "Notes"}

Titles for lists

View Source 
var LICENSE_POLICY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")

Command help formatting

View Source 
var LICENSE_SUMMARY_TITLES = []string{
	LICENSE_FILTER_KEY_USAGE_POLICY,
	LICENSE_FILTER_KEY_LICENSE_TYPE,
	LICENSE_FILTER_KEY_LICENSE,
	LICENSE_FILTER_KEY_RESOURCE_NAME,
	LICENSE_FILTER_KEY_BOM_REF,
	LICENSE_FILTER_KEY_BOM_LOCATION,
}
View Source 
var ProjectLogger *log.MiniLogger
View Source 
var QUERY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_JSON}, ", ")
View Source 
var RESOURCE_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
View Source 
var RESOURCE_LIST_TITLES = []string{
	RESOURCE_FILTER_KEY_TYPE,
	RESOURCE_FILTER_KEY_NAME,
	RESOURCE_FILTER_KEY_VERSION,
	RESOURCE_FILTER_KEY_BOMREF,
}
View Source 
var SCHEMA_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")

Command help formatting

View Source 
var SCHEMA_LIST_TITLES = []string{
	SCHEMA_FILTER_KEY_NAME,
	SCHEMA_FILTER_KEY_FORMAT,
	SCHEMA_FILTER_KEY_VERSION,
	SCHEMA_FILTER_KEY_VARIANT,
	SCHEMA_FILTER_KEY_FILE,
	SCHEMA_FILTER_KEY_SOURCE,
}
View Source 
var SchemaFiles embed.FS

Globals

View Source 
var VALID_LICENSE_FILTER_KEYS = []string{
	LICENSE_FILTER_KEY_USAGE_POLICY,
	LICENSE_FILTER_KEY_LICENSE_TYPE,
	LICENSE_FILTER_KEY_LICENSE,
	LICENSE_FILTER_KEY_RESOURCE_NAME,
	LICENSE_FILTER_KEY_BOM_REF,
	LICENSE_FILTER_KEY_BOM_LOCATION,
}
View Source 
var VALID_RESOURCE_FILTER_KEYS = []string{
	RESOURCE_FILTER_KEY_TYPE,
	RESOURCE_FILTER_KEY_NAME,
	RESOURCE_FILTER_KEY_VERSION,
	RESOURCE_FILTER_KEY_BOMREF,
}
View Source 
var VALID_RESOURCE_TYPES = []string{RESOURCE_TYPE_DEFAULT, RESOURCE_TYPE_COMPONENT, RESOURCE_TYPE_SERVICE}
View Source 
var VALID_RESOURCE_WHERE_FILTER_KEYS = []string{
	RESOURCE_FILTER_KEY_TYPE,
	RESOURCE_FILTER_KEY_NAME,
	RESOURCE_FILTER_KEY_VERSION,
	RESOURCE_FILTER_KEY_BOMREF,
}
View Source 
var VALID_SUBCOMMANDS_LICENSE = []string{SUBCOMMAND_LICENSE_LIST, SUBCOMMAND_LICENSE_POLICY}
View Source 
var VALID_SUBCOMMANDS_RESOURCE = []string{SUBCOMMAND_RESOURCE_LIST}
View Source 
var VALID_SUBCOMMANDS_SCHEMA = []string{SUBCOMMAND_SCHEMA_LIST}
View Source 
var VALID_SUBCOMMANDS_VULNERABILITY = []string{SUBCOMMAND_VULNERABILITY_LIST}
View Source 
var VALID_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW}
View Source 
var VALID_VULNERABILITY_WHERE_FILTER_KEYS = []string{}
View Source 
var VULNERABILITY_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN, FORMAT_JSON}, ", ")
View Source 
var VULNERABILITY_LIST_TITLES = []string{
	VULN_FILTER_KEY_ID,
	VULN_FILTER_KEY_BOM_REF,
	VULN_FILTER_KEY_SOURCE_URL,
	VULN_FILTER_KEY_SOURCE_NAME,
	VULN_FILTER_KEY_CREATED,
	VULN_FILTER_KEY_PUBLISHED,
	VULN_FILTER_KEY_UPDATED,
	VULN_FILTER_KEY_REJECTED,
	VULN_FILTER_KEY_DESC,
}

report titles

Functions

func ClearGlobalLicenseData 

func ClearGlobalLicenseData()

func ClearGlobalResourceData 

func ClearGlobalResourceData()

func ClearGlobalVulnerabilityData added in v0.10.0 

func ClearGlobalVulnerabilityData()

func DisplayLicenseListCSV 

func DisplayLicenseListCSV(output io.Writer) (err error)

NOTE: This list is NOT de-duplicated

func DisplayLicenseListJson 

func DisplayLicenseListJson(output io.Writer)

NOTE: This list is NOT de-duplicated NOTE: if no license are found, the "json.Marshal" method(s) will return a value of "null" which is valid JSON (and not an empty array) TODO: Support de-duplication (flag) (which MUST be exact using deep comparison)

func DisplayLicenseListMarkdown 

func DisplayLicenseListMarkdown(output io.Writer)

NOTE: This list is NOT de-duplicated

func DisplayLicenseListSummaryCSV 

func DisplayLicenseListSummaryCSV(output io.Writer) (err error)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicenseListSummaryMarkdown 

func DisplayLicenseListSummaryMarkdown(output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicenseListSummaryText 

func DisplayLicenseListSummaryText(output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicensePoliciesCSV 

func DisplayLicensePoliciesCSV(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayLicensePoliciesMarkdown 

func DisplayLicensePoliciesMarkdown(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayLicensePoliciesTabbedText 

func DisplayLicensePoliciesTabbedText(output io.Writer) (err error)

Display all license policies including those with SPDX IDs and those only with "family" names which is reflected in the contents of the hashmap keyed on family names. NOTE: assumes all entries in the policy config file MUST have family names TODO: Allow caller to pass flag to truncate or not (perhaps with value) TODO: Add a --no-title flag to skip title output

func DisplayResourceListCSV 

func DisplayResourceListCSV(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayResourceListMarkdown 

func DisplayResourceListMarkdown(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayResourceListText 

func DisplayResourceListText(output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output

func DisplaySchemasCSV 

func DisplaySchemasCSV(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplaySchemasMarkdown 

func DisplaySchemasMarkdown(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplaySchemasTabbedText 

func DisplaySchemasTabbedText(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayVulnListCSV added in v0.10.0 

func DisplayVulnListCSV(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayVulnListJson added in v0.10.0 

func DisplayVulnListJson(output io.Writer)

Output filtered list of Vulns. as JSON

func DisplayVulnListMarkdown added in v0.10.0 

func DisplayVulnListMarkdown(output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayVulnListText added in v0.10.0 

func DisplayVulnListText(output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output

func ErrorTypesMatch 

func ErrorTypesMatch(err error, expected error) bool

NOTE: err = nil will also fail if error was expected

func Execute 

func Execute()

func FinalizeCompoundPolicy 

func FinalizeCompoundPolicy(expression *CompoundExpression) (err error)

func FormatSchemaErrors 

func FormatSchemaErrors(errs []gojsonschema.ResultError) string

func HasLogicalConjunctionOrPreposition 

func HasLogicalConjunctionOrPreposition(value string) bool

func HashLicenseInfo added in v0.10.0 

func HashLicenseInfo(key string, licenseInfo LicenseInfo, whereFilters []WhereFilter)

func IsInvalidSBOMError 

func IsInvalidSBOMError(err error) bool

func IsValidFamilyKey 

func IsValidFamilyKey(key string) bool

func IsValidPolicyEntry 

func IsValidPolicyEntry(policy LicensePolicy) bool

NOTE: policy.Id == "" we allow as "valid" as this indicates a potential "family" entry (i.e., group of SPDX IDs)

func IsValidSpdxId 

func IsValidSpdxId(id string) bool

func IsValidUsagePolicy 

func IsValidUsagePolicy(usagePolicy string) bool

func ListLicenses 

func ListLicenses(output io.Writer, format string, summary bool, whereFilters []WhereFilter) (err error)

func ListPolicies 

func ListPolicies(writer io.Writer) (err error)

func ListResources 

func ListResources(output io.Writer, format string, resourceType string, whereFilters []WhereFilter) (err error)

NOTE: resourceType has already been validated

func ListSchemas 

func ListSchemas(writer io.Writer) (err error)

func ListVulnerabilities added in v0.10.0 

func ListVulnerabilities(output io.Writer, format string, whereFilters []WhereFilter) (err error)

NOTE: vulnerability type data has already been validated

func LoadInputSbomFileAndDetectSchema 

func LoadInputSbomFileAndDetectSchema() (document *schema.Sbom, err error)

func NewCommandLicense 

func NewCommandLicense() *cobra.Command

func NewCommandList 

func NewCommandList() *cobra.Command

WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command

func NewCommandPolicy 

func NewCommandPolicy() *cobra.Command

WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command

func NewCommandQuery 

func NewCommandQuery() *cobra.Command

func NewCommandResource 

func NewCommandResource() *cobra.Command

func NewCommandSchema 

func NewCommandSchema() *cobra.Command

func NewCommandValidate 

func NewCommandValidate() *cobra.Command

func NewCommandVersion 

func NewCommandVersion() *cobra.Command

func NewCommandVulnerability added in v0.10.0 

func NewCommandVulnerability() *cobra.Command

func RootCmdImpl 

func RootCmdImpl(cmd *cobra.Command, args []string) error

func Validate 

func Validate() (valid bool, document *schema.Sbom, schemaErrors []gojsonschema.ResultError, err error)

func VerifyPoliciesMatch 

func VerifyPoliciesMatch(testPolicy LicensePolicy, policies []interface{}) bool

given an array of policies verify their "usage" policy does not represent a conflict

Types

type BaseError 

type BaseError struct {
	Type       string
	Message    string
	InputFile  string
	InnerError error
	Command    string
	Flags      string
	Details    string
}

func (BaseError) AppendMessage 

func (base BaseError) AppendMessage(addendum string)

func (BaseError) Error 

func (err BaseError) Error() string

Support the error interface

type CompoundExpression 

type CompoundExpression struct {
	SimpleLeft          string
	SimpleLeftHasPlus   bool
	LeftPolicy          LicensePolicy
	LeftUsagePolicy     string
	SimpleRight         string
	SimpleRightHasPlus  bool
	RightPolicy         LicensePolicy
	RightUsagePolicy    string
	Conjunction         string
	PrepRight           string
	PrepLeft            string
	CompoundLeft        *CompoundExpression
	CompoundRight       *CompoundExpression
	CompoundUsagePolicy string
}

func NewCompoundExpression 

func NewCompoundExpression() *CompoundExpression

type InvalidSBOMError 

type InvalidSBOMError struct {
	BaseError
	SBOM         *schema.Sbom
	FieldKeys    []string // Keys used to dereference into JSON map where error found
	SchemaErrors []gojsonschema.ResultError
}

Extend the base error type

func NewInvalidSBOMError 

func NewInvalidSBOMError(sbom *schema.Sbom, m string, errIn error, schemaErrors []gojsonschema.ResultError) *InvalidSBOMError

type LicenseComplianceConfig 

type LicenseComplianceConfig struct {
	PolicyList  []LicensePolicy   `json:"policies"`
	Annotations map[string]string `json:"annotations"`
	// contains filtered or unexported fields
}

func (*LicenseComplianceConfig) Debug added in v0.10.0 

func (config *LicenseComplianceConfig) Debug()

func (*LicenseComplianceConfig) GetFamilyNameMap 

func (config *LicenseComplianceConfig) GetFamilyNameMap() (hashmap *slicemultimap.MultiMap, err error)

func (*LicenseComplianceConfig) GetLicenseIdMap 

func (config *LicenseComplianceConfig) GetLicenseIdMap() (hashmap *slicemultimap.MultiMap, err error)

func (*LicenseComplianceConfig) HashLicensePolicies 

func (config *LicenseComplianceConfig) HashLicensePolicies() (hashError error)

func (*LicenseComplianceConfig) LoadLicensePolicies 

func (config *LicenseComplianceConfig) LoadLicensePolicies(filename string) (err error)

type LicenseInfo 

type LicenseInfo struct {
	UsagePolicy            string `json:"usage-policy"`
	LicenseChoiceTypeValue int    `json:"license-type-value"`
	LicenseChoiceType      string `json:"license-type"`
	License                string `json:"license"`
	ResourceName           string `json:"resource-name"`
	BomRef                 string `json:"bom-ref"`
	BomLocationValue       int    `json:"bom-location-value"`
	BomLocation            string `json:"bom-location"`
	LicenseChoice          schema.CDXLicenseChoice
	Policy                 LicensePolicy
	Component              schema.CDXComponent
	Service                schema.CDXService
}

Note: the "License" property is used as hashmap key

type LicensePolicy 

type LicensePolicy struct {
	Id             string   `json:"id"`
	Family         string   `json:"family"`
	Name           string   `json:"name"`
	UsagePolicy    string   `json:"usagePolicy"`
	Aliases        []string `json:"aliases"`
	Children       []string `json:"children"`
	Notes          []string `json:"notes"`
	Urls           []string `json:"urls"`
	AnnotationRefs []string `json:"annotationRefs"`
}

func FindPolicy 

func FindPolicy(licenseInfo LicenseInfo) (matchedPolicy LicensePolicy, err error)

func FindPolicyByFamilyName 

func FindPolicyByFamilyName(name string) (policyValue string, matchedPolicy LicensePolicy)

NOTE: for now, we will look for the "family" name encoded in the License.Name field (until) we can get additional fields/properties added to the CDX LicenseChoice schema

func FindPolicyBySpdxId 

func FindPolicyBySpdxId(id string) (policyValue string, matchedPolicy LicensePolicy)

type QueryError 

type QueryError struct {
	BaseError
	// contains filtered or unexported fields
}

func NewQueryError 

func NewQueryError(qr *QueryRequest, m string, d string) *QueryError

func NewQueryFromClauseError 

func NewQueryFromClauseError(qr *QueryRequest, detail string) *QueryError

func NewQuerySelectClauseError 

func NewQuerySelectClauseError(qr *QueryRequest, detail string) *QueryError

func NewQueryWhereClauseError 

func NewQueryWhereClauseError(qr *QueryRequest, detail string) *QueryError

func (QueryError) Error 

func (err QueryError) Error() string

QueryError error interface

type QueryRequest 

type QueryRequest struct {
	// contains filtered or unexported fields
}

query JSON map and return selected subset SELECT 

<key.1>, <key.2>, ... // "firstname, lastname, email" || * (default)

FROM 

<key path>            // "product.customers"

WHERE 

<key.X> == <value>    // "country='Germany'"

ORDER BY 

<key.N>               // "lastname"

e.g.,SELECT * FROM product.customers WHERE country="Germany";

func (*QueryRequest) String 

func (qr *QueryRequest) String() string

Implement the Stringer interface for QueryRequest

type QueryResponse 

type QueryResponse struct {
	// contains filtered or unexported fields
}

func NewQueryResponse 

func NewQueryResponse() *QueryResponse

type ResourceInfo 

type ResourceInfo struct {
	Type             string `json:"type"`
	BomRef           string `json:"bom-ref"`
	Name             string `json:"name"`
	Version          string `json:"version"`
	SupplierProvider schema.CDXOrganizationalEntity
	Properties       []schema.CDXProperty
	Component        schema.CDXComponent
	Service          schema.CDXService
	// contains filtered or unexported fields
}

TODO: need to strip `-` from `bom-ref` for where filter

type SBOMCompositionError 

type SBOMCompositionError struct {
	InvalidSBOMError
}

Define more specific invalid SBOM errors

func NewSBOMCompositionError 

func NewSBOMCompositionError(m string, sbom *schema.Sbom, fields []string) *SBOMCompositionError

func (SBOMCompositionError) Error 

func (err SBOMCompositionError) Error() string

Support the error interface

type SBOMLicenseError 

type SBOMLicenseError struct {
	SBOMCompositionError
}

NOTE: Current sub-type is "no license found"; other, more specific subtypes may be created

func IsSBOMLicenseError 

func IsSBOMLicenseError(err error) (*SBOMLicenseError, bool)

func NewSbomLicenseDataError 

func NewSbomLicenseDataError() *SBOMLicenseError

func NewSbomLicenseNotFoundError 

func NewSbomLicenseNotFoundError(sbom *schema.Sbom) *SBOMLicenseError

type SBOMMetadataError 

type SBOMMetadataError struct {
	InvalidSBOMError
	Metadata schema.CDXMetadata
}

Define more specific invalid SBOM errors

func NewSBOMMetadataError 

func NewSBOMMetadataError(sbom *schema.Sbom, m string, metadata schema.CDXMetadata) *SBOMMetadataError

TODO: create Error() (interface) method that displays CDXMetadata

type SBOMMetadataPropertyError 

type SBOMMetadataPropertyError struct {
	SBOMMetadataError
	Expected *schema.CustomValidationProperty
	Actual   []schema.CDXProperty
}

func NewSbomMetadataPropertyError 

func NewSbomMetadataPropertyError(sbom *schema.Sbom, m string,
	expected *schema.CustomValidationProperty,
	values []schema.CDXProperty) *SBOMMetadataPropertyError

TODO: create Error() (interface) method that displays CDXProperty

type UtilityError 

type UtilityError struct {
	BaseError
}

func NewUtilityError 

func NewUtilityError(t string, m string, f string, errIn error) *UtilityError

type VulnerabilityInfo added in v0.10.0 

type VulnerabilityInfo struct {
	Id            string                        `json:"id"`
	BomRef        string                        `json:"bom-ref"`
	Created       string                        `json:"created"`
	Published     string                        `json:"published"`
	Updated       string                        `json:"updated"`
	Rejected      string                        `json:"rejected"`
	Description   string                        `json:"description"`
	SourceUrl     string                        `json:"source-url"`
	SourceName    string                        `json:"source-name"`
	Source        schema.CDXVulnerabilitySource `json:"source"`
	Vulnerability schema.CDXVulnerability
}

TODO: do we need to strip `-` from `bom-ref` for where filter?

type WhereFilter 

type WhereFilter struct {
	Operand    string
	Value      string
	ValueRegEx *regexp.Regexp
	// contains filtered or unexported fields
}

func (*WhereFilter) GetNormalizeKey 

func (filter *WhereFilter) GetNormalizeKey() (normalizedKey string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.