Source code for ntia_conformance_checker.sbom_checker

# SPDX-FileCopyrightText: 2024 SPDX contributors
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: Apache-2.0

"""Main checking functionality."""

from __future__ import annotations

from typing import final

from .base_checker import BaseChecker
from .constants import SUPPORTED_SBOM_SPECS




[docs]
@final
class SbomChecker(BaseChecker):
    """
    SBOM checker factory - do not subclass this class.

    Subclass BaseChecker instead to implement a new compliance checker.

    Post-v3.0.2, SbomChecker acts like a factory that returns
    a subclass of BaseChecker based on the given "compliance" argument
    during instantiation.

    Currently there are two compliance standards available:

    - **"ntia" (default)**, returns an instance of NTIAChecker
      - NTIAChecker has the same behavior as the original SbomChecker
    - **"fsct3-min"**, returns an instance of FSCT3Checker
      - FSCT3Checker is a checker for FSCT 3rd Edition Baseline Attributes

    If "compliance" is not recognized, SbomChecker raises a ValueError.
    """

    # Note that all NTIA-specific functionalities are moved to
    # .ntia_checker.NTIAChecker, and common functionalities that can be shared
    # among checkers of different compliance standards are moved to
    # .base_checker.BaseChecker.

    def __new__(
        cls,
        file: str,
        validate: bool = True,
        compliance: str = "ntia",
        sbom_spec: str = "spdx2",
    ):
        """
        Returns an instance of a specific compliance checker.

        Args:
            file (str): The name of the file to be checked.
            validate (bool): Whether to validate the file.
            compliance (str): The compliance standard to be used. Defaults to "ntia".
            sbom_spec (str): The SBOM specification to be used. Defaults to "spdx2".

        Returns:
            BaseChecker: An instance of a specific compliance checker.
        """
        if sbom_spec not in SUPPORTED_SBOM_SPECS:
            raise ValueError(f"Unsupported SBOM specification: {sbom_spec}")

        if compliance == "ntia":
            # pylint: disable=import-outside-toplevel
            from .ntia_checker import NTIAChecker

            return NTIAChecker(file, validate, sbom_spec=sbom_spec)

        if compliance.startswith("fsct3"):
            # pylint: disable=import-outside-toplevel
            from .fsct_checker import FSCT3Checker

            return FSCT3Checker(file, validate, sbom_spec=sbom_spec)

        raise ValueError(f"Unknown compliance standard: {compliance}")

    def __init_subclass__(cls, /):  # prevent subclassing
        raise TypeError(
            "SbomChecker is a factory/dispatcher and must not be subclassed. "
            "Please subclass BaseChecker to implement custom checkers."
        )



[docs]
    def check_compliance(self) -> bool:
        raise NotImplementedError("This method is not implemented by SbomChecker.")