Update PR as per feedback

- update copyright statements - use `go` for Golang modules package format - rafactor how PURLs are generated - remove CycloneDX template
tern-tools · Jul 31, 2021 · ce1c04d · ce1c04d
1 parent 225dbb1
commit ce1c04d
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 72 deletions.
diff --git a/tern/analyze/default/command_lib/base.yml b/tern/analyze/default/command_lib/base.yml
@@ -434,7 +434,7 @@ npm:
     delimiter: "LICF"
 # golang----------------------------------------------------------------------
 go:
-  pkg_format: 'go.mod'
+  pkg_format: 'go'
   os_guess:
     - 'None'
   path:

diff --git a/tern/formats/cyclonedx/__init__.py b/tern/formats/cyclonedx/__init__.py
@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2019 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
diff --git a/tern/formats/cyclonedx/cyclonedx.py b/tern/formats/cyclonedx/cyclonedx.py
diff --git a/tern/formats/cyclonedx/cyclonedx_common.py b/tern/formats/cyclonedx/cyclonedx_common.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 """
@@ -33,38 +33,13 @@
 }
 
 
-pkg_format_purl_type_mapping = {
-    'deb': 'deb',
-    'rpm': 'rpm',
-    'apk': 'apk',
-    'pip': 'pip',
-    'gem': 'gem',
-    'npm': 'npm',
-    'go.mod': 'go',
-}
-
-
 purl_types_with_namespaces = [
     'deb',
     'rpm',
     'apk',
 ]
 
 
-# map Tern OS guesses to package URL namespace
-os_guess_purl_namespace_mapping = {
-    'debian': 'debian',
-    'ubuntu': 'ubuntu',
-    'alpine linux': 'alpine',
-    'centos': 'centos',
-    'fedora': 'fedora',
-    'opensuse': 'opensuse',
-    'rhel': 'rhel',
-    # Arch Linux
-    # Photon
-}
-
-
 def get_serial_number():
     ''' Return a randomly generated CycloneDX BOM serial number '''
     return 'urn:uuid:' + str(uuid.uuid4())
@@ -86,23 +61,14 @@ def get_property(name, value):
     return {'name': name, 'value': value}
 
 
-def get_purl_type(pkg_format):
-    return pkg_format_purl_type_mapping.get(pkg_format.lower())
-
-
 def get_purl_namespace(os_guess, pkg_format):
     if pkg_format in purl_types_with_namespaces:
-        for os in os_guess_purl_namespace_mapping:
-            if os_guess.lower().startswith(os):
-                return os_guess_purl_namespace_mapping.get(os)
+        return os_guess.partition(' ')[0].lower()
     return None
 
 
 def get_os_guess(image_obj):
-    for layer in image_obj.layers:
-        if layer.os_guess:
-            return layer.os_guess
-    return None
+    return image_obj.layers[0].os_guess or None
 
 
 def get_license_from_name(name):

diff --git a/tern/formats/cyclonedx/cyclonedxjson/__init__.py b/tern/formats/cyclonedx/cyclonedxjson/__init__.py
@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
diff --git a/tern/formats/cyclonedx/cyclonedxjson/generator.py b/tern/formats/cyclonedx/cyclonedxjson/generator.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 '''
@@ -12,7 +12,6 @@
 
 from tern.utils import constants
 from tern.formats import generator
-from tern.formats.cyclonedx.cyclonedx import CycloneDX
 from tern.formats.cyclonedx import cyclonedx_common
 from tern.formats.cyclonedx.cyclonedxjson import image_helpers as mhelpers
 from tern.formats.cyclonedx.cyclonedxjson import package_helpers as phelpers
@@ -22,7 +21,7 @@
 logger = logging.getLogger(constants.logger_name)
 
 
-def get_document_dict(image_obj_list, template):  # pylint: disable=[unused-argument]
+def get_document_dict(image_obj_list):
     ''' Return document info as a dictionary '''
     docu_dict = {
         'bomFormat': 'CycloneDX',
@@ -58,7 +57,6 @@ def generate(self, image_obj_list, print_inclusive=False):
         in report.py. '''
         logger.debug('Generating CycloneDX JSON document...')
 
-        template = CycloneDX()
-        report = get_document_dict(image_obj_list, template)
+        report = get_document_dict(image_obj_list)
 
         return json.dumps(report, indent=2)
diff --git a/tern/formats/cyclonedx/cyclonedxjson/image_helpers.py b/tern/formats/cyclonedx/cyclonedxjson/image_helpers.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 '''

diff --git a/tern/formats/cyclonedx/cyclonedxjson/package_helpers.py b/tern/formats/cyclonedx/cyclonedxjson/package_helpers.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2021 Patrick Dwyer. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 '''
@@ -20,7 +20,7 @@ def get_package_dict(os_guess, package):
         'type': 'application',
     }
 
-    purl_type = cyclonedx_common.get_purl_type(package.pkg_format)
+    purl_type = package.pkg_format
     purl_namespace = cyclonedx_common.get_purl_namespace(os_guess, package.pkg_format)
     if purl_type:
         purl = PackageURL(purl_type, purl_namespace, package.name, package.version)