cmd

package
v0.14.0-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FLAG_DIFF_FILENAME_REVISION       = "input-revision"
	FLAG_DIFF_FILENAME_REVISION_SHORT = "r"
	MSG_FLAG_INPUT_REVISION           = "input filename for the revised file to compare against the base file"
	MSG_FLAG_DIFF_COLORIZE            = "Colorize diff text output (true|false); default false"
)

validation flags

View Source 
const (
	ERROR_APPLICATION = 1
	ERROR_VALIDATION  = 2
)
View Source 
const (
	ERR_TYPE_INVALID_JSON_MAP       = "invalid JSON map"
	ERR_TYPE_INVALID_SBOM           = "invalid SBOM"
	ERR_TYPE_SBOM_COMPONENT         = "component error"
	ERR_TYPE_SBOM_LICENSE           = "license error"
	ERR_TYPE_SBOM_COMPOSITION       = "composition error"
	ERR_TYPE_SBOM_METADATA          = "metadata error"
	ERR_TYPE_SBOM_METADATA_PROPERTY = "metadata property error"
	ERR_TYPE_UNEXPECTED_ERROR       = "unexpected error"
)

General error messages

View Source 
const (
	MSG_FORMAT_TYPE                           = "format: `%s`"
	MSG_SCHEMA_ERRORS                         = "schema errors found"
	MSG_INVALID_METADATA_PROPERTIES           = "field `metadata.properties` is missing or invalid"
	MSG_INVALID_METADATA_COMPONENT_COMPONENTS = "field `metadata.component.components` array should be empty"
	MSG_INVALID_METADATA_COMPONENT            = "field `metadata.component` is missing or invalid"
	MSG_PROPERTY_NOT_FOUND                    = "property not found"
	MSG_PROPERTY_NOT_UNIQUE                   = "check failed: property not unique"
	MSG_PROPERTY_REGEX_FAILED                 = "check failed: property regex mismatch"
)

Validation messages

View Source 
const (
	MSG_LICENSE_INVALID_DATA   = "invalid license data"
	MSG_LICENSE_INVALID_POLICY = "invalid license policy"
	MSG_LICENSES_NOT_FOUND     = "licenses not found"
)

License messages

View Source 
const (
	MSG_QUERY_CLAUSE_NOT_FOUND = "required clause not found"
	MSG_QUERY_INVALID_REQUEST  = "invalid query request"
	MSG_QUERY_INVALID_RESPONSE = "invalid query response"
	MSG_QUERY_INVALID_DATATYPE = "invalid data type"
)

Query error messages

View Source 
const (
	MSG_QUERY_ERROR_FROM_KEY_NOT_FOUND         = "key not found in path"
	MSG_QUERY_ERROR_FROM_KEY_SLICE_DEREFERENCE = "key attempts to dereference into an array"
	MSG_QUERY_ERROR_SELECT_WILDCARD            = "wildcard cannot be used with other values"
)

Query error details

View Source 
const (
	SUBCOMMAND_LICENSE_LIST   = "list"
	SUBCOMMAND_LICENSE_POLICY = "policy"
)
View Source 
const (
	LICENSE_LIST_NOT_APPLICABLE = "N/A"
	LICENSE_NO_ASSERTION        = "NOASSERTION"
)

License list default values

View Source 
const (
	FLAG_LICENSE_LIST_OUTPUT_FORMAT_HELP = "format output using the specified format type"
	FLAG_LICENSE_LIST_SUMMARY_HELP       = "summarize licenses and component references when listing in supported formats"
)

License list command flag help messages

View Source 
const (
	MSG_OUTPUT_NO_LICENSES_FOUND            = "no licenses found in BOM document"
	MSG_OUTPUT_NO_LICENSES_ONLY_NOASSERTION = "no valid licenses found in BOM document (only licenses marked NOASSERTION)"
)

License list command informational messages

View Source 
const (
	LICENSE_FILTER_KEY_USAGE_POLICY  = "usage-policy"
	LICENSE_FILTER_KEY_LICENSE_TYPE  = "license-type"
	LICENSE_FILTER_KEY_LICENSE       = "license"
	LICENSE_FILTER_KEY_RESOURCE_NAME = "resource-name"
	LICENSE_FILTER_KEY_BOM_REF       = "bom-ref"
	LICENSE_FILTER_KEY_BOM_LOCATION  = "bom-location"
)

"Type", "ID/Name/Expression", "Component(s)", "BOM ref.", "Document location" filter keys

View Source 
const (
	POLICY_FILTER_KEY_USAGE_POLICY = "usage-policy"
	POLICY_FILTER_KEY_FAMILY       = "family"
	POLICY_FILTER_KEY_SPDX_ID      = "id"
	POLICY_FILTER_KEY_NAME         = "name"
	POLICY_FILTER_KEY_OSI_APPROVED = "osi"
	POLICY_FILTER_KEY_FSF_APPROVED = "fsf"
	POLICY_FILTER_KEY_DEPRECATED   = "deprecated"
	POLICY_FILTER_KEY_REFERENCE    = "reference"
	POLICY_FILTER_KEY_ALIASES      = "aliases"
	POLICY_FILTER_KEY_ANNOTATIONS  = "annotations"
	POLICY_FILTER_KEY_NOTES        = "notes"
)

filter keys

View Source 
const (
	FLAG_POLICY_OUTPUT_FORMAT_HELP    = "format output using the specified type"
	FLAG_POLICY_REPORT_LINE_WRAP_HELP = "toggles the wrapping of text within report column output (default: false)"
)

Subcommand flags

View Source 
const (
	FLAG_OUTPUT_FORMAT  = "format"
	FLAG_QUERY_SELECT   = "select"
	FLAG_QUERY_FROM     = "from"
	FLAG_QUERY_WHERE    = "where"
	FLAG_QUERY_ORDER_BY = "orderby"
)

Query command flags

View Source 
const (
	FLAG_QUERY_OUTPUT_FORMAT_HELP = "format output using the specified type"
	FLAG_QUERY_SELECT_HELP        = "comma-separated list of JSON key names used to select fields within the object designated by the FROM flag" +
		"\n- the wildcard character `*` can be used to denote inclusion of all found key-values"
	FLAG_QUERY_FROM_HELP = "dot-separated list of JSON key names used to dereference into the JSON document" +
		"\n - if not present, the query assumes document \"root\" as the `--from` object"
	FLAG_QUERY_WHERE_HELP    = "comma-separated list of key=<regex> of clauses used to filter the SELECT result set"
	FLAG_QUERY_ORDER_BY_HELP = "key name that appears in the SELECT result set used to order the result records"
)

Query command flag help messages

View Source 
const (
	FLAG_REPORT_WHERE      = "where"
	FLAG_REPORT_WHERE_HELP = "comma-separated list of `key=<regex>` clauses used to filter the result set"
)

Common/reusable Flags used across multiple report commands

View Source 
const (
	REPORT_LIST_TITLE_ROW_SEPARATOR = "-"
	REPORT_LIST_VALUE_NONE          = "none"
)
View Source 
const (
	MD_COLUMN_SEPARATOR = "|"
	MD_ALIGN_LEFT       = ":--"
	MD_ALIGN_CENTER     = "-:-"
	MD_ALIGN_RIGHT      = "--:"
)

Markdown report helpers

View Source 
const (
	RESOURCE_FILTER_KEY_TYPE    = "type"
	RESOURCE_FILTER_KEY_NAME    = "name"
	RESOURCE_FILTER_KEY_VERSION = "version"
	RESOURCE_FILTER_KEY_BOMREF  = "bom-ref"
)

filter keys Note: these string values MUST match annotations for the ResourceInfo struct fields

View Source 
const (
	FLAG_RESOURCE_TYPE      = "type"
	FLAG_RESOURCE_TYPE_HELP = "filter output by resource type (i.e., component | service)"
)

Flags. Reuse query flag values where possible

View Source 
const (
	CMD_DIFF          = "diff"
	CMD_LICENSE       = "license"
	CMD_QUERY         = "query"
	CMD_RESOURCE      = "resource"
	CMD_SCHEMA        = "schema"
	CMD_VALIDATE      = "validate"
	CMD_VERSION       = "version"
	CMD_VULNERABILITY = "vulnerability"
	CMD_STATS         = "stats"
	CMD_TRIM          = "trim"
)

top-level commands

View Source 
const (
	CMD_USAGE_DIFF               = CMD_DIFF + " --input-file <base_file> --input-revision <revised_file> [--format json|txt] [--colorize=true|false]"
	CMD_USAGE_LICENSE_LIST       = SUBCOMMAND_LICENSE_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]"
	CMD_USAGE_LICENSE_POLICY     = SUBCOMMAND_LICENSE_POLICY + " [--where key=regex[,...]] [--format txt|csv|md]"
	CMD_USAGE_QUERY              = CMD_QUERY + " --input-file <input_file> [--select * | field1[,fieldN]] [--from [key1[.keyN]] [--where key=regex[,...]]"
	CMD_USAGE_RESOURCE_LIST      = CMD_RESOURCE + " --input-file <input_file> [--type component|service] [--where key=regex[,...]] [--format txt|csv|md]"
	CMD_USAGE_SCHEMA_LIST        = CMD_SCHEMA + " [--where key=regex[,...]] [--format txt|csv|md]"
	CMD_USAGE_VALIDATE           = CMD_VALIDATE + " --input-file <input_file> [--variant <variant_name>] [--format txt|json] [--force schema_file]"
	CMD_USAGE_VULNERABILITY_LIST = CMD_VULNERABILITY + " " + SUBCOMMAND_VULNERABILITY_LIST + " --input-file <input_file> [--summary] [--where key=regex[,...]] [--format json|txt|csv|md]"
	CMD_USAGE_STATS_LIST         = CMD_STATS + " --input-file <input_file> [--type component|service] [--format txt|csv|md]"
	CMD_USAGE_TRIM               = CMD_TRIM + " --input-file <input_file>  --input-file <output_file>"
)

WARNING!!! The ".Use" field of a Cobra command MUST have the first word be the actual command otherwise, the command will NOT be found by the Cobra framework. This is poor code assumption is NOT documented.

View Source 
const (
	FLAG_CONFIG_SCHEMA            = "config-schema"
	FLAG_CONFIG_LICENSE_POLICY    = "config-license"
	FLAG_CONFIG_CUSTOM_VALIDATION = "config-validation"
	FLAG_TRACE                    = "trace"
	FLAG_TRACE_SHORT              = "t"
	FLAG_DEBUG                    = "debug"
	FLAG_DEBUG_SHORT              = "d"
	FLAG_FILENAME_INPUT           = "input-file"
	FLAG_FILENAME_INPUT_SHORT     = "i"
	FLAG_FILENAME_OUTPUT          = "output-file"
	FLAG_FILENAME_OUTPUT_SHORT    = "o"
	FLAG_QUIET_MODE               = "quiet"
	FLAG_QUIET_MODE_SHORT         = "q"
	FLAG_LOG_OUTPUT_INDENT        = "indent"
	FLAG_FILE_OUTPUT_FORMAT       = "format"
	FLAG_COLORIZE_OUTPUT          = "colorize"
)
View Source 
const (
	MSG_APP_NAME            = "Bill-of-Materials (BOM) utility."
	MSG_APP_DESCRIPTION     = "This utility serves as centralized command line interface into various Software Bill-of-Materials (SBOM) helper utilities."
	MSG_FLAG_TRACE          = "enable trace logging"
	MSG_FLAG_DEBUG          = "enable debug logging"
	MSG_FLAG_INPUT          = "input filename (e.g., \"path/sbom.json\")"
	MSG_FLAG_OUTPUT         = "output filename"
	MSG_FLAG_LOG_QUIET      = "enable quiet logging mode (removes all informational messages from console output); overrides other logging commands"
	MSG_FLAG_LOG_INDENT     = "enable log indentation of functional callstack"
	MSG_FLAG_CONFIG_SCHEMA  = "provide custom application schema configuration file (i.e., overrides default `config.json`)"
	MSG_FLAG_CONFIG_LICENSE = "provide custom application license policy configuration file (i.e., overrides default `license.json`)"
)
View Source 
const (
	MSG_SUPPORTED_OUTPUT_FORMATS_HELP         = "\n- Supported formats: "
	MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP = "\n- Supported formats using the --summary flag: "
)
View Source 
const (
	DEFAULT_SCHEMA_CONFIG            = "config.json"
	DEFAULT_CUSTOM_VALIDATION_CONFIG = "custom.json"
	DEFAULT_LICENSE_POLICY_CONFIG    = "license.json"
)
View Source 
const (
	FORMAT_DEFAULT  = ""
	FORMAT_TEXT     = "txt"
	FORMAT_JSON     = "json"
	FORMAT_CSV      = "csv"
	FORMAT_MARKDOWN = "md"
	FORMAT_ANY      = "<any>" // Used for test errors
)

Supported output formats

View Source 
const (
	SCHEMA_DATA_KEY_KEY_NAME    = "name"    // summary
	SCHEMA_DATA_KEY_KEY_FORMAT  = "format"  // summary
	SCHEMA_DATA_KEY_KEY_VERSION = "version" // summary
	SCHEMA_DATA_KEY_KEY_VARIANT = "variant" // summary
	SCHEMA_DATA_KEY_KEY_FILE    = "file"    // summary
	SCHEMA_DATA_KEY_KEY_SOURCE  = "url"     // summary
)
View Source 
const (
	FLAG_TRIM_FROM_PATHS = "from"
	FLAG_TRIM_MAP_KEYS   = "keys"
)

flags (do not translate)

View Source 
const (
	TRIM_OUTPUT_PREFIX = ""
	TRIM_OUTPUT_INDENT = "    "
)

TODO: make flag configurable: NOTE: 4-space indent is accepted convention: https://docs.openstack.org/doc-contrib-guide/json-conv.html

View Source 
const (
	FLAG_TRIM_OUTPUT_FORMAT_HELP = "format output using the specified type"
	FLAG_TRIM_FROM_PATHS_HELP    = "comma-separated list of dot-separated JSON document paths used to scope where trim is applied" +
		"\n - if not present, the default `--from` path is the document \"root\""
	FLAG_TRIM_KEYS_HELP = "comma-separated list of `keys=<key1,key2,...,keyN>` that will be trimmed from the JSON document"
	MSG_TRIM_FLAG_KEYS  = "JSON map keys to trim (delete) (e.g., \"key1,key2,...,keyN\")"
)

flag help (translate)

View Source 
const (
	TRIM_KEYS_SEP            = ","
	TRIM_PATH_SEP            = "."
	TRIM_PATHS_SEP           = ","
	TRIM_FROM_TOKEN_WILDCARD = "*"
)
View Source 
const (
	VALID   = true
	INVALID = false
)
View Source 
const (
	FLAG_VALIDATE_SCHEMA_FORCE     = "force"
	FLAG_VALIDATE_SCHEMA_VARIANT   = "variant"
	FLAG_VALIDATE_CUSTOM           = "custom" // TODO: document when no longer experimental
	FLAG_VALIDATE_ERR_LIMIT        = "error-limit"
	FLAG_VALIDATE_ERR_VALUE        = "error-value"
	MSG_VALIDATE_SCHEMA_FORCE      = "force specified schema file for validation; overrides inferred schema"
	MSG_VALIDATE_SCHEMA_VARIANT    = "select named schema variant (e.g., \"strict\"); variant must be declared in configuration file (i.e., \"config.json\")"
	MSG_VALIDATE_FLAG_CUSTOM       = "perform custom validation using custom configuration settings (i.e., \"custom.json\")"
	MSG_VALIDATE_FLAG_ERR_COLORIZE = "Colorize formatted error output (true|false); default true"
	MSG_VALIDATE_FLAG_ERR_LIMIT    = "Limit number of errors output to specified (integer) (default 10)"
	MSG_VALIDATE_FLAG_ERR_FORMAT   = "format error results using the specified format type"
	MSG_VALIDATE_FLAG_ERR_VALUE    = "include details of failing value in error results (bool) (default: true)"
)

validation flags TODO: support a `--truncate <int>“ flag (or similar... `err-value-truncate` <int>) used to truncate formatted "value" (details) to <int> bytes. This would replace the hardcoded "DEFAULT_MAX_ERR_DESCRIPTION_LEN" value

View Source 
const (
	DEFAULT_MAX_ERROR_LIMIT         = 10
	DEFAULT_MAX_ERR_DESCRIPTION_LEN = 128
)

limits

View Source 
const (
	ERROR_DETAIL_KEY_DATA_TYPE         = "type"
	ERROR_DETAIL_KEY_FIELD             = "field"
	ERROR_DETAIL_KEY_CONTEXT           = "context"
	ERROR_DETAIL_KEY_VALUE             = "value"
	ERROR_DETAIL_KEY_VALUE_TYPE_ARRAY  = "array"
	ERROR_DETAIL_KEY_VALUE_INDEX       = "index"
	ERROR_DETAIL_KEY_VALUE_ITEM        = "item"
	ERROR_DETAIL_KEY_VALUE_DESCRIPTION = "description"
	ERROR_DETAIL_ARRAY_ITEM_INDEX_I    = "i"
	ERROR_DETAIL_ARRAY_ITEM_INDEX_J    = "j"
	ERROR_DETAIL_CONTEXT_EMPTY         = ""
)
View Source 
const (
	ERROR_DETAIL_JSON_DEFAULT_PREFIX    = "    "
	ERROR_DETAIL_JSON_DEFAULT_INDENT    = "    "
	ERROR_DETAIL_JSON_CONTEXT_DELIMITER = "."
	ERROR_DETAIL_JSON_NEWLINE_INDENT    = "\n" + ERROR_DETAIL_JSON_DEFAULT_PREFIX
)
View Source 
const (
	JSON_ARRAY_START    = "[\n"
	JSON_ARRAY_ITEM_SEP = ",\n"
	JSON_ARRAY_END      = "\n]\n"
)

JSON formatting

View Source 
const (
	MSG_INFO_FORMATTING_ERROR_RESULTS = "Formatting error results (`%s` format)..."
	MSG_INFO_SCHEMA_ERRORS_DETECTED   = "(%d) schema errors detected."
	MSG_INFO_TOO_MANY_ERRORS          = "Too many errors. Showing (%v/%v) errors."
	MSG_ERROR_FORMATTING_ERROR        = "formatting error: %s"
	MSG_WARN_INVALID_FORMAT           = "invalid format. error results not supported for `%s` format; defaulting to `%s` format..."
)

Recurring / translatable messages

View Source 
const (
	VULN_DATA_KEY_ID                     = "id"                     // summary
	VULN_DATA_KEY_BOM_REF                = "bom-ref"                // full (optional, internal reference)
	VULN_DATA_KEY_CWES                   = "cwe-ids"                // full (Common Weakness Enumeration (CWE))
	VULN_DATA_KEY_CVSS_SEVERITY          = "cvss-severity"          // summary (CVSS Severity, V3.1 ot v2.0)
	VULN_DATA_KEY_SOURCE_NAME            = "source-name"            // summary
	VULN_DATA_KEY_SOURCE_URL             = "source-url"             // full
	VULN_DATA_KEY_PUBLISHED              = "published"              // summary
	VULN_DATA_KEY_UPDATED                = "updated"                // full
	VULN_DATA_KEY_CREATED                = "created"                // full
	VULN_DATA_KEY_REJECTED               = "rejected"               // full
	VULN_DATA_KEY_ANALYSIS_STATE         = "analysis-state"         // full
	VULN_DATA_KEY_ANALYSIS_JUSTIFICATION = "analysis-justification" // full
	VULN_DATA_KEY_DESC                   = "description"            // summary
)

data (filter) keys

View Source 
const (
	FLAG_VULNERABILITY_OUTPUT_FORMAT_HELP = "format vulnerability output"
	FLAG_VULN_SUMMARY_HELP                = "summarize vulnerability information when listing in supported formats"
)

Command help formatting

View Source 
const DEFAULT_COLUMN_TRUNCATE_LENGTH = -1
View Source 
const (
	ERR_FORMAT_DETAIL_SEP = ": "
)

formatting Error() interface

View Source 
const (
	FLAG_DIFF_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Command help formatting

View Source 
const (
	FLAG_LICENSE_POLICY_LIST_SUMMARY_HELP = "summarize licenses and policies when listing in supported formats"
)
View Source 
const (
	FLAG_LICENSE_SUMMARY = "summary"
)

Subcommand flags TODO: Support a new --sort <column> flag

View Source 
const (
	FLAG_POLICY_REPORT_LINE_WRAP = "wrap"
)

Subcommand flags TODO: Support a new --sort <column> flag

View Source 
const (
	FLAG_RESOURCE_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Command help formatting

View Source 
const (
	FLAG_SCHEMA_OUTPUT_FORMAT_HELP = "format output using the specified type"
)

Subcommand flags

View Source 
const (
	FLAG_VULN_SUMMARY = "summary"
)
View Source 
const (
	INPUT_TYPE_STDIN = "-"
)

Command reserved values

View Source 
const (
	MSG_OUTPUT_NO_POLICIES_FOUND = "no license policies found in BOM document"
)

License list policy command informational messages TODO Use only for Warning messages

View Source 
const (
	MSG_OUTPUT_NO_RESOURCES_FOUND = "[WARN] no matching resources found for query"
)
View Source 
const (
	MSG_OUTPUT_NO_SCHEMAS_FOUND = "[WARN] no schemas found in configuration (i.e., \"config.json\")"
)
View Source 
const (
	MSG_OUTPUT_NO_VULNERABILITIES_FOUND = "[WARN] no matching vulnerabilities found for query"
)

Vuln. command informational messages

View Source 
const (
	PROTOCOL_PREFIX_FILE = "file://"
)

Protocol

View Source 
const REPORT_REPLACE_LINE_FEEDS_TRUE = true
View Source 
const REPORT_SUMMARY_DATA_TRUE = true

Report column data values

View Source 
const (
	SUBCOMMAND_POLICY_LIST = "list"
)
View Source 
const (
	SUBCOMMAND_RESOURCE_LIST = "list"
)
View Source 
const (
	SUBCOMMAND_SCHEMA_LIST = "list"
)
View Source 
const (
	SUBCOMMAND_VULNERABILITY_LIST = "list"
)
View Source 
const VULN_TRUNCATE_DESC_LEN = 32

TODO make configurable via flag

Variables

View Source 
var DIFF_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_JSON}, ", ")
View Source 
var LICENSE_LIST_ROW_DATA = []ColumnFormatData{
	{LICENSE_FILTER_KEY_USAGE_POLICY, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{LICENSE_FILTER_KEY_LICENSE_TYPE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{LICENSE_FILTER_KEY_LICENSE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{LICENSE_FILTER_KEY_RESOURCE_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{LICENSE_FILTER_KEY_BOM_REF, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{LICENSE_FILTER_KEY_BOM_LOCATION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
}
View Source 
var LICENSE_LIST_SUMMARY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_SUMMARY_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") +
	" (default: txt)"
View Source 
var LICENSE_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_JSON, FORMAT_CSV, FORMAT_MARKDOWN}, ", ") +
	" (default: json)"

Command help formatting

View Source 
var LICENSE_LIST_TITLES_LICENSE_CHOICE = []string{"License.Id", "License.Name", "License.Url", "Expression", "License.Text.ContentType", "License.Text.Encoding", "License.Text.Content"}

Title row names for formatted lists (reports)

View Source 
var LICENSE_POLICY_LIST_ROW_DATA = []ColumnFormatData{
	{POLICY_FILTER_KEY_USAGE_POLICY, 16, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_FAMILY, 20, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_SPDX_ID, 20, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_NAME, 20, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_OSI_APPROVED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_FSF_APPROVED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_DEPRECATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_REFERENCE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{POLICY_FILTER_KEY_ALIASES, 24, false, false},
	{POLICY_FILTER_KEY_ANNOTATIONS, 24, false, false},
	{POLICY_FILTER_KEY_NOTES, 24, false, false},
}

Describe the column data and their attributes and constraints used for formatting

View Source 
var LICENSE_POLICY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")

Command help formatting

View Source 
var LICENSE_SUMMARY_TITLES = []string{
	LICENSE_FILTER_KEY_USAGE_POLICY,
	LICENSE_FILTER_KEY_LICENSE_TYPE,
	LICENSE_FILTER_KEY_LICENSE,
	LICENSE_FILTER_KEY_RESOURCE_NAME,
	LICENSE_FILTER_KEY_BOM_REF,
	LICENSE_FILTER_KEY_BOM_LOCATION,
}
View Source 
var LicensePolicyConfig *schema.LicensePolicyConfig
View Source 
var ProjectLogger *log.MiniLogger

Globals

View Source 
var QUERY_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_JSON}, ", ")
View Source 
var RESOURCE_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
View Source 
var RESOURCE_LIST_TITLES = []string{
	RESOURCE_FILTER_KEY_TYPE,
	RESOURCE_FILTER_KEY_NAME,
	RESOURCE_FILTER_KEY_VERSION,
	RESOURCE_FILTER_KEY_BOMREF,
}
View Source 
var SCHEMA_LIST_ROW_DATA = []ColumnFormatData{
	{SCHEMA_DATA_KEY_KEY_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{SCHEMA_DATA_KEY_KEY_FORMAT, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{SCHEMA_DATA_KEY_KEY_VERSION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{SCHEMA_DATA_KEY_KEY_VARIANT, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{SCHEMA_DATA_KEY_KEY_FILE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{SCHEMA_DATA_KEY_KEY_SOURCE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
}

NOTE: columns will be output in order they are listed here:

View Source 
var SCHEMA_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")

Command help formatting

View Source 
var STATS_LIST_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN}, ", ")
View Source 
var SupportedFormatConfig schema.BOMFormatAndSchemaConfig
View Source 
var TRIM_OUTPUT_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_JSON}, ", ")
View Source 
var VALIDATE_SUPPORTED_ERROR_FORMATS = MSG_VALIDATE_FLAG_ERR_FORMAT +
	strings.Join([]string{FORMAT_TEXT, FORMAT_JSON, FORMAT_CSV}, ", ") + " (default: txt)"
View Source 
var VALIDATION_ERROR_TITLES = []string{
	ERROR_DETAIL_KEY_DATA_TYPE,
	ERROR_DETAIL_KEY_FIELD,
	ERROR_DETAIL_KEY_CONTEXT,
	ERROR_DETAIL_KEY_VALUE_DESCRIPTION,
}
View Source 
var VALID_LICENSE_FILTER_KEYS = []string{
	LICENSE_FILTER_KEY_USAGE_POLICY,
	LICENSE_FILTER_KEY_LICENSE_TYPE,
	LICENSE_FILTER_KEY_LICENSE,
	LICENSE_FILTER_KEY_RESOURCE_NAME,
	LICENSE_FILTER_KEY_BOM_REF,
	LICENSE_FILTER_KEY_BOM_LOCATION,
}
View Source 
var VALID_RESOURCE_FILTER_KEYS = []string{
	RESOURCE_FILTER_KEY_TYPE,
	RESOURCE_FILTER_KEY_NAME,
	RESOURCE_FILTER_KEY_VERSION,
	RESOURCE_FILTER_KEY_BOMREF,
}
View Source 
var VALID_SUBCOMMANDS_LICENSE = []string{SUBCOMMAND_LICENSE_LIST, SUBCOMMAND_LICENSE_POLICY}
View Source 
var VALID_SUBCOMMANDS_POLICY = []string{SUBCOMMAND_POLICY_LIST}
View Source 
var VALID_SUBCOMMANDS_RESOURCE = []string{SUBCOMMAND_RESOURCE_LIST}
View Source 
var VALID_SUBCOMMANDS_SCHEMA = []string{SUBCOMMAND_SCHEMA_LIST}
View Source 
var VALID_SUBCOMMANDS_VULNERABILITY = []string{SUBCOMMAND_VULNERABILITY_LIST}
View Source 
var VULNERABILITY_LIST_ROW_DATA = []ColumnFormatData{
	{VULN_DATA_KEY_ID, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{VULN_DATA_KEY_BOM_REF, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_CWES, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_CVSS_SEVERITY, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{VULN_DATA_KEY_SOURCE_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{VULN_DATA_KEY_SOURCE_URL, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_PUBLISHED, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
	{VULN_DATA_KEY_UPDATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_CREATED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_REJECTED, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_ANALYSIS_STATE, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_ANALYSIS_JUSTIFICATION, DEFAULT_COLUMN_TRUNCATE_LENGTH, false, false},
	{VULN_DATA_KEY_DESC, VULN_TRUNCATE_DESC_LEN, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE},
}

NOTE: columns will be output in order they are listed here: NOTE: data marked as "summary" data is informed by the output from the NVD database service itself this includes fields that have ISO 8601 date-time fields are truncated to show date only

View Source 
var VULNERABILITY_LIST_SUPPORTED_FORMATS = MSG_SUPPORTED_OUTPUT_FORMATS_HELP +
	strings.Join([]string{FORMAT_TEXT, FORMAT_CSV, FORMAT_MARKDOWN, FORMAT_JSON}, ", ")

Functions

func Diff added in v0.12.0 

func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandFlags) (err error)

func DisplayLicenseListCSV 

func DisplayLicenseListCSV(bom *schema.BOM, output io.Writer) (err error)

NOTE: This list is NOT de-duplicated

func DisplayLicenseListJson 

func DisplayLicenseListJson(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated NOTE: if no license are found, the "json.Marshal" method(s) will return a value of "null" which is valid JSON (and not an empty array) TODO: Support de-duplication (flag) (which MUST be exact using deep comparison)

func DisplayLicenseListMarkdown 

func DisplayLicenseListMarkdown(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated

func DisplayLicenseListSummaryCSV 

func DisplayLicenseListSummaryCSV(bom *schema.BOM, output io.Writer) (err error)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicenseListSummaryMarkdown 

func DisplayLicenseListSummaryMarkdown(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicenseListSummaryText 

func DisplayLicenseListSummaryText(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Make policy column optional TODO: Add a --no-title flag to skip title output TODO: Support a new --sort <column> flag

func DisplayLicensePoliciesCSV 

func DisplayLicensePoliciesCSV(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayLicensePoliciesMarkdown 

func DisplayLicensePoliciesMarkdown(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayLicensePoliciesTabbedText 

func DisplayLicensePoliciesTabbedText(output io.Writer, filteredPolicyMap *slicemultimap.MultiMap, flags utils.LicenseCommandFlags) (err error)

Display all license policies including those with SPDX IDs and those only with "family" names which is reflected in the contents of the hashmap keyed on family names. NOTE: assumes all entries in the policy config file MUST have family names TODO: Allow caller to pass flag to truncate or not (perhaps with value) TODO: Add a --no-title flag to skip title output

func DisplayResourceListCSV 

func DisplayResourceListCSV(bom *schema.BOM, output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayResourceListMarkdown 

func DisplayResourceListMarkdown(bom *schema.BOM, output io.Writer) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayResourceListText 

func DisplayResourceListText(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output

func DisplaySchemaErrorsCsv added in v0.12.0 

func DisplaySchemaErrorsCsv(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)

func DisplaySchemaErrorsJson added in v0.12.0 

func DisplaySchemaErrorsJson(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)

func DisplaySchemaErrorsText added in v0.12.0 

func DisplaySchemaErrorsText(output io.Writer, errs []gojsonschema.ResultError, flags utils.ValidateCommandFlags)

func DisplaySchemasCSV 

func DisplaySchemasCSV(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)

TODO: Add a --no-title flag to skip title output

func DisplaySchemasMarkdown 

func DisplaySchemasMarkdown(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)

TODO: Add a --no-title flag to skip title output

func DisplaySchemasTabbedText 

func DisplaySchemasTabbedText(output io.Writer, filteredSchemas []schema.FormatSchemaInstance) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayStatsText added in v0.14.0 

func DisplayStatsText(bom *schema.BOM, output io.Writer)

NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output

func DisplayVulnListCSV added in v0.10.0 

func DisplayVulnListCSV(bom *schema.BOM, output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayVulnListJson added in v0.10.0 

func DisplayVulnListJson(bom *schema.BOM, output io.Writer, flags utils.VulnerabilityCommandFlags)

Output filtered list of vulnerabilities as JSON

func DisplayVulnListMarkdown added in v0.10.0 

func DisplayVulnListMarkdown(bom *schema.BOM, output io.Writer, flags utils.VulnerabilityCommandFlags) (err error)

TODO: Add a --no-title flag to skip title output

func DisplayVulnListText added in v0.10.0 

func DisplayVulnListText(bom *schema.BOM, output io.Writer, flags utils.VulnerabilityCommandFlags)

NOTE: This list is NOT de-duplicated TODO: Add a --no-title flag to skip title output

func ErrorTypesMatch 

func ErrorTypesMatch(err error, expected error) bool

NOTE: err = nil will also fail if error was expected

func Execute 

func Execute()

func FormatSchemaErrors 

func FormatSchemaErrors(output io.Writer, schemaErrors []gojsonschema.ResultError, flags utils.ValidateCommandFlags, format string) (formattedSchemaErrors string)

func IsInvalidBOMError added in v0.13.0 

func IsInvalidBOMError(err error) bool

func ListLicensePolicies added in v0.11.0 

func ListLicensePolicies(writer io.Writer, policyConfig *schema.LicensePolicyConfig,
	persistentFlags utils.PersistentCommandFlags, licenseFlags utils.LicenseCommandFlags,
	whereFilters []common.WhereFilter) (err error)

func ListLicenses 

func ListLicenses(writer io.Writer, policyConfig *schema.LicensePolicyConfig,
	persistentFlags utils.PersistentCommandFlags, LicenseFlags utils.LicenseCommandFlags,
	whereFilters []common.WhereFilter) (err error)

func ListResources 

func ListResources(writer io.Writer, persistentFlags utils.PersistentCommandFlags, resourceFlags utils.ResourceCommandFlags, whereFilters []common.WhereFilter) (err error)

NOTE: resourceType has already been validated

func ListSchemas 

func ListSchemas(writer io.Writer, persistentFlags utils.PersistentCommandFlags, whereFilters []common.WhereFilter) (err error)

func ListStats added in v0.14.0 

func ListStats(writer io.Writer, persistentFlags utils.PersistentCommandFlags, statsFlags utils.StatsCommandFlags) (err error)

NOTE: resourceType has already been validated

func ListVulnerabilities added in v0.10.0 

func ListVulnerabilities(writer io.Writer, persistentFlags utils.PersistentCommandFlags, flags utils.VulnerabilityCommandFlags, whereFilters []common.WhereFilter) (err error)

NOTE: vulnerability type data has already been validated

func LoadInputBOMFileAndDetectSchema added in v0.13.0 

func LoadInputBOMFileAndDetectSchema() (document *schema.BOM, err error)

func NewCommandDiff added in v0.12.0 

func NewCommandDiff() *cobra.Command

func NewCommandLicense 

func NewCommandLicense() *cobra.Command

func NewCommandList 

func NewCommandList() *cobra.Command

WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command

func NewCommandPolicy 

func NewCommandPolicy() *cobra.Command

WARNING: Cobra will not recognize a subcommand if its `command.Use` is not a single word string that matches one of the `command.ValidArgs` set on the parent command

func NewCommandQuery 

func NewCommandQuery() *cobra.Command

func NewCommandResource 

func NewCommandResource() *cobra.Command

func NewCommandSchema 

func NewCommandSchema() *cobra.Command

func NewCommandStats added in v0.14.0 

func NewCommandStats() *cobra.Command

func NewCommandTrim added in v0.14.0 

func NewCommandTrim() *cobra.Command

func NewCommandValidate 

func NewCommandValidate() *cobra.Command

func NewCommandVersion 

func NewCommandVersion() *cobra.Command

func NewCommandVulnerability added in v0.10.0 

func NewCommandVulnerability() *cobra.Command

func Query added in v0.14.0 

func Query(writer io.Writer, request *common.QueryRequest, response *common.QueryResponse) (resultJson interface{}, err error)

Query JSON map and return selected subset i.e., use QueryRequest (syntax) to implement the Query into the JSON document

func QueryJSONMap added in v0.14.0 

func QueryJSONMap(jsonMap map[string]interface{}, request *common.QueryRequest) (resultJson interface{}, err error)

func RootCmdImpl 

func RootCmdImpl(cmd *cobra.Command, args []string) error

func Trim added in v0.14.0 

func Trim(writer io.Writer, persistentFlags utils.PersistentCommandFlags, trimFlags utils.TrimCommandFlags) (err error)

NOTE: resourceType has already been validated

func Validate 

func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, validateFlags utils.ValidateCommandFlags) (valid bool, document *schema.BOM, schemaErrors []gojsonschema.ResultError, err error)

Types

type BaseError 

type BaseError struct {
	Type       string
	Message    string
	InputFile  string
	InnerError error
	Command    string
	Flags      string
	Details    string
}

func (*BaseError) AppendMessage 

func (err *BaseError) AppendMessage(addendum string)

func (BaseError) Error 

func (err BaseError) Error() string

Support the error interface

type ColumnFormatData added in v0.11.0 

type ColumnFormatData struct {
	DataKey               string // Note: data key is the column label (where possible)
	DefaultTruncateLength int    // truncate data when `--format txt`
	IsSummaryData         bool   // include in `--summary` reports
	ReplaceLineFeeds      bool   // replace line feeds with spaces (e.g., for multi-line descriptions)
}

TODO: Support additional flags to:

  • show number of chars shown vs. available when truncated (e.g., (x/y))
  • provide "empty" value to display in column (e.g., "none" or "UNDEFINED")
  • inform how to "summarize" (e.g., show-first-only) data if data type is a slice (e.g., []string) NOTE: if only a subset of entries are shown on a summary, an indication of (x) entries could be shown as well

type InvalidSBOMError 

type InvalidSBOMError struct {
	BaseError
	SBOM         *schema.BOM
	FieldKeys    []string // Keys used to dereference into JSON map where error found
	SchemaErrors []gojsonschema.ResultError
}

Extend the base error type

func NewInvalidSBOMError 

func NewInvalidSBOMError(sbom *schema.BOM, m string, errIn error, schemaErrors []gojsonschema.ResultError) *InvalidSBOMError

type SBOMCompositionError 

type SBOMCompositionError struct {
	InvalidSBOMError
}

Define more specific invalid SBOM errors

func NewSBOMCompositionError 

func NewSBOMCompositionError(m string, sbom *schema.BOM, fields []string) *SBOMCompositionError

func (SBOMCompositionError) Error 

func (err SBOMCompositionError) Error() string

Support the error interface

type SBOMLicenseError 

type SBOMLicenseError struct {
	InvalidSBOMError
}

NOTE: Current sub-type is "no license found"; other, more specific subtypes may be created

func IsBOMLicenseError added in v0.13.0 

func IsBOMLicenseError(err error) (*SBOMLicenseError, bool)

func NewSbomLicenseDataError 

func NewSbomLicenseDataError() *SBOMLicenseError

func NewSbomLicenseNotFoundError 

func NewSbomLicenseNotFoundError(sbom *schema.BOM) *SBOMLicenseError

type SBOMMetadataError 

type SBOMMetadataError struct {
	InvalidSBOMError
	Metadata schema.CDXMetadata
}

Define more specific invalid SBOM errors

func NewSBOMMetadataError 

func NewSBOMMetadataError(sbom *schema.BOM, m string, metadata schema.CDXMetadata) *SBOMMetadataError

TODO: create Error() (interface) method that displays CDXMetadata

type SBOMMetadataPropertyError 

type SBOMMetadataPropertyError struct {
	SBOMMetadataError
	Expected *schema.CustomValidationProperty
	Actual   []schema.CDXProperty
}

func NewSbomMetadataPropertyError 

func NewSbomMetadataPropertyError(sbom *schema.BOM, m string,
	expected *schema.CustomValidationProperty,
	values []schema.CDXProperty) *SBOMMetadataPropertyError

TODO: create Error() (interface) method that displays CDXProperty

type UtilityError 

type UtilityError struct {
	BaseError
}

func NewUtilityError 

func NewUtilityError(t string, m string, f string, errIn error) *UtilityError

type ValidationErrorResult added in v0.12.0 

type ValidationErrorResult struct {
	ResultError gojsonschema.ResultError // read only

	Context *gojsonschema.JsonContext `json:"context"` // resultError.Context()
	// contains filtered or unexported fields
}

JsonContext is a linked-list of JSON key strings

func NewValidationErrorResult added in v0.12.0 

func NewValidationErrorResult(resultError gojsonschema.ResultError) (validationErrResult *ValidationErrorResult)

func (*ValidationErrorResult) HashResultError added in v0.12.0 

func (validationErrResult *ValidationErrorResult) HashResultError()

func (*ValidationErrorResult) MapItemsMustBeUniqueError added in v0.12.0 

func (result *ValidationErrorResult) MapItemsMustBeUniqueError(flags utils.ValidateCommandFlags)

func (*ValidationErrorResult) MapResultError added in v0.12.0 

func (result *ValidationErrorResult) MapResultError(flags utils.ValidateCommandFlags)

func (*ValidationErrorResult) MarshalJSON added in v0.12.0 

func (validationErrResult *ValidationErrorResult) MarshalJSON() (marshalled []byte, err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.