All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.analysis.spdxbom.mapper.GenericArtifactToSpdxPackage Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.spdxbom.mapper;

import com.metaeffekt.artifact.analysis.spdxbom.config.StoredConfig;
import com.metaeffekt.artifact.analysis.spdxbom.context.SpdxDocumentContext;
import com.metaeffekt.artifact.analysis.spdxbom.facade.SpdxApiFacade;
import com.metaeffekt.artifact.analysis.spdxbom.holder.FillPackageHolder;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.artifact.terms.model.TermsMetaData;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.spdx.library.InvalidSPDXAnalysisException;
import org.spdx.library.SpdxConstants;
import org.spdx.library.model.SpdxDocument;
import org.spdx.library.model.SpdxPackage;
import org.spdx.library.model.enumerations.ReferenceCategory;
import org.spdx.library.model.license.SpdxNoAssertionLicense;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillAuthors;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillChecksums;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillComment;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillExternalRefWithPurl;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillHomepageFromUrl;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillNotesAnnotation;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillOverflowKeyValueAnnotation;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillRequired;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillVersionInfo;

public class GenericArtifactToSpdxPackage extends AbstractArtifactMapper {
    public GenericArtifactToSpdxPackage(Map licenseStringAssessments, Set approvedAttributes, NormalizationMetaData normalizationMetaData) {
        super(licenseStringAssessments, approvedAttributes, normalizationMetaData);
    }

    @Override
    public Result getMapped(Artifact artifact, SpdxDocumentContext spdxDocumentContext) throws InvalidSPDXAnalysisException {
        SpdxDocument spdxDocument = spdxDocumentContext.getSpdxDocument();

        Set attributesWritten = new HashSet<>();
        Set referencedLicenses = new HashSet<>();

        SpdxPackage.SpdxPackageBuilder spdxPackageBuilder = spdxDocument.createPackage(
                SpdxApiFacade.getNextSpdxId(null, spdxDocumentContext),
                artifact.getId(),
                new SpdxNoAssertionLicense(),
                SpdxConstants.NOASSERTION_VALUE,
                new SpdxNoAssertionLicense()
        );

        // create helper to run fill methods
        FillPackageHolder fillHolder = new FillPackageHolder(artifact, spdxPackageBuilder, attributesWritten);

        fillRequired(fillHolder);
        fillComment(fillHolder);
        fillHomepageFromUrl(fillHolder);

        fillExternalRefWithPurl(fillHolder, spdxDocument, this::getGenericPurlString, ReferenceCategory.PACKAGE_MANAGER);

        fillAuthors(fillHolder);

        // fill version
        fillVersionInfo(fillHolder);

        // fill checksums
        fillChecksums(fillHolder, spdxDocument);

        // fill an annotation with additional key-value pairs
        fillOverflowKeyValueAnnotation(fillHolder, spdxDocumentContext, this.keyValueApprovedAttributes);

        // fill an annotation with notice parameter's "notes"
        fillNotesAnnotation(fillHolder, spdxDocumentContext, readNoticeParameters(fillHolder.getArtifact()));

        SpdxPackage built = spdxPackageBuilder.build();

        deriveLicensesAndCopyrights(artifact, spdxDocumentContext, attributesWritten, referencedLicenses, built);

        return new Result(built, attributesWritten, referencedLicenses);
    }

    @Override
    public StoredConfig getDefaultConfig() {
        StoredConfig config = new StoredConfig();

        config.mapperToUse = this.getClass().getSimpleName();
        config.mustMatch = new HashMap<>();
        config.specificity = -1000;

        return config;
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy