All Downloads are FREE. Search and download functionalities are using the official Maven repository.

utils.PurlExtensions.kt Maven / Gradle / Ivy

Go to download

Part of the OSS Review Toolkit (ORT), a suite to automate software compliance checks.

There is a newer version: 42.0.0
Show newest version
/*
 * Copyright (C) 2020 The ORT Project Authors (see )
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * License-Filename: LICENSE
 */

package org.ossreviewtoolkit.model.utils

import java.net.URLDecoder

import org.ossreviewtoolkit.model.ArtifactProvenance
import org.ossreviewtoolkit.model.Hash
import org.ossreviewtoolkit.model.Identifier
import org.ossreviewtoolkit.model.Package
import org.ossreviewtoolkit.model.Provenance
import org.ossreviewtoolkit.model.RemoteArtifact
import org.ossreviewtoolkit.model.RepositoryProvenance
import org.ossreviewtoolkit.model.UnknownProvenance
import org.ossreviewtoolkit.model.VcsInfo
import org.ossreviewtoolkit.model.VcsType

/**
 * Map a [Package]'s type to the string representation of the respective [PurlType], or fall back to [PurlType.GENERIC]
 * if the [Package]'s type has no direct equivalent.
 */
fun Identifier.getPurlType() =
    when (type.lowercase()) {
        "bower" -> PurlType.BOWER
        "carthage" -> PurlType.CARTHAGE
        "composer" -> PurlType.COMPOSER
        "conan" -> PurlType.CONAN
        "crate" -> PurlType.CARGO
        "go" -> PurlType.GOLANG
        "gem" -> PurlType.GEM
        "hackage" -> PurlType.HACKAGE
        "maven" -> PurlType.MAVEN
        "npm" -> PurlType.NPM
        "nuget" -> PurlType.NUGET
        "pod" -> PurlType.COCOAPODS
        "pub" -> PurlType.PUB
        "pypi" -> PurlType.PYPI
        "swift" -> PurlType.SWIFT
        else -> PurlType.GENERIC
    }.toString()

/**
 * Create the canonical [package URL](https://github.com/package-url/purl-spec) ("purl") based on the properties of
 * the [Identifier]. Some issues remain with this specification
 * (see e.g. https://github.com/package-url/purl-spec/issues/33).
 * Optional [qualifiers] may be given and will be appended to the purl as query parameters e.g.
 * pkg:deb/debian/[email protected]?arch=i386&distro=jessie
 * Optional [subpath] may be given and will be appended to the purl e.g.
 * pkg:golang/google.golang.org/genproto#googleapis/api/annotations
 *
 * This implementation uses the package type as 'type' purl element as it is used
 * [in the documentation](https://github.com/package-url/purl-spec/blob/master/README.rst#purl).
 * E.g. 'maven' for Gradle projects.
 */
@JvmOverloads
fun Identifier.toPurl(qualifiers: Map = emptyMap(), subpath: String = "") =
    if (this == Identifier.EMPTY) {
        ""
    } else {
        val combined = "$namespace/$name"
        val purlNamespace = combined.substringBeforeLast('/')
        val purlName = combined.substringAfterLast('/')
        createPurl(getPurlType(), purlNamespace, purlName, version, qualifiers, subpath)
    }

fun Identifier.toPurl(extras: PurlExtras) = toPurl(extras.qualifiers, extras.subpath)

/**
 * Encode a [Provenance] to extra qualifying data / a subpath of PURL.
 */
fun Provenance.toPurlExtras(): PurlExtras =
    when (this) {
        is ArtifactProvenance -> with(sourceArtifact) {
            val checksum = "${hash.algorithm.name.lowercase()}:${hash.value}"
            PurlExtras(
                "download_url" to url,
                "checksum" to checksum
            )
        }

        is RepositoryProvenance -> with(vcsInfo) {
            PurlExtras(
                "vcs_type" to type.toString(),
                "vcs_url" to url,
                "vcs_revision" to revision,
                "resolved_revision" to resolvedRevision,
                subpath = vcsInfo.path
            )
        }

        is UnknownProvenance -> PurlExtras()
    }

/**
 * Decode [Provenance] from extra qualifying data / a subpath of the purl represented by this [String]. Return
 * [UnknownProvenance] if extra data is not present.
 */
fun String.toProvenance(): Provenance {
    val extras = substringAfter('?')

    fun getQualifierValue(name: String) = extras.substringAfter("$name=").takeWhile { it != '&' && it != '#' }

    return when {
        "download_url=" in extras -> {
            val encodedUrl = getQualifierValue("download_url")

            val checksum = getQualifierValue("checksum")
            val (algorithm, value) = checksum.split(':', limit = 2)

            ArtifactProvenance(
                sourceArtifact = RemoteArtifact(
                    url = URLDecoder.decode(encodedUrl, "UTF-8"),
                    hash = Hash(value, algorithm)
                )
            )
        }

        "vcs_url=" in extras -> {
            val encodedUrl = getQualifierValue("vcs_url")

            RepositoryProvenance(
                vcsInfo = VcsInfo(
                    type = VcsType.forName(getQualifierValue("vcs_type")),
                    url = URLDecoder.decode(encodedUrl, "UTF-8"),
                    revision = getQualifierValue("vcs_revision"),
                    path = extras.substringAfterLast('#', "")
                ),
                resolvedRevision = getQualifierValue("resolved_revision")
            )
        }

        else -> UnknownProvenance
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy