Skip to content

Commit

Permalink
fix: add support for license detection
Browse files Browse the repository at this point in the history
Currently, we are not adding license information into files under a
package.

Also add detection for debian packages.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
  • Loading branch information
rchincha committed Jan 29, 2024
1 parent 363073d commit f637c0e
Show file tree
Hide file tree
Showing 4 changed files with 467 additions and 4 deletions.
2 changes: 1 addition & 1 deletion pkg/distro/apk/apk.go
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ func InstalledPackage(doc *spdx.Document, pkg *IndexEntry, files []string) error
Msg("file entry detected")

sfile := spdx.NewFile()
sfile.LicenseInfoInFile = "unknown"
sfile.LicenseInfoInFile = pkg.PackageLicense
sfile.SetEntity(
&spdx.Entity{
Name: file,
Expand Down
15 changes: 13 additions & 2 deletions pkg/distro/deb/deb.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import (
"stackerbuild.io/stacker-bom/pkg/buildgen"
)

const unknownLicense = "unknown"

// ParsePackage given a deb pkg emits a sbom.
func ParsePackage(input, output, author, organization, license string) error {
debfile, _, err := deb.LoadFile(input)
Expand Down Expand Up @@ -273,6 +275,8 @@ func InstalledPackages(doc *spdx.Document) error {
}

func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
license := unknownLicense

spkg := &spdx.Package{
Entity: spdx.Entity{
Name: pkg.Package,
Expand All @@ -285,7 +289,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
Person: pkg.Maintainer,
},
FilesAnalyzed: true,
LicenseDeclared: "unknown",
LicenseDeclared: license,
}

fhandle, err := os.Open(path)
Expand Down Expand Up @@ -338,7 +342,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
Msg("file entry detected")

sfile := spdx.NewFile()
sfile.LicenseInfoInFile = "unknown"
sfile.LicenseInfoInFile = unknownLicense
sfile.SetEntity(
&spdx.Entity{
Name: line,
Expand Down Expand Up @@ -366,9 +370,16 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
}

spkg.CopyrightText = string(buf)
license = getSpdxLicense(string(buf))
}
}

spkg.LicenseDeclared = license

for _, file := range spkg.Files() {
file.LicenseInfoInFile = license
}

if err := doc.AddPackage(spkg); err != nil {
log.Error().Err(err).Msg("unable to add package to doc")

Expand Down
Loading

0 comments on commit f637c0e

Please # to comment.