spdx_tools.spdx.model.package 

  1# SPDX-FileCopyrightText: 2022 spdx contributors
  2#
  3# SPDX-License-Identifier: Apache-2.0
  4from dataclasses import field
  5from datetime import datetime
  6from enum import Enum, auto
  7
  8from beartype.typing import Dict, List, Optional, Union
  9from license_expression import LicenseExpression
 10
 11from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
 12from spdx_tools.common.typing.type_checks import check_types_and_set_values
 13from spdx_tools.spdx.model import Actor, Checksum, SpdxNoAssertion, SpdxNone
 14
 15
 16class PackagePurpose(Enum):
 17    APPLICATION = auto()
 18    FRAMEWORK = auto()
 19    LIBRARY = auto()
 20    CONTAINER = auto()
 21    OPERATING_SYSTEM = auto()
 22    DEVICE = auto()
 23    FIRMWARE = auto()
 24    SOURCE = auto()
 25    ARCHIVE = auto()
 26    FILE = auto()
 27    INSTALL = auto()
 28    OTHER = auto()
 29
 30
 31@dataclass_with_properties
 32class PackageVerificationCode:
 33    value: str
 34    excluded_files: List[str] = field(default_factory=list)
 35
 36    def __init__(self, value: str, excluded_files: List[str] = None):
 37        excluded_files = [] if excluded_files is None else excluded_files
 38        check_types_and_set_values(self, locals())
 39
 40
 41class ExternalPackageRefCategory(Enum):
 42    SECURITY = auto()
 43    PACKAGE_MANAGER = auto()
 44    PERSISTENT_ID = auto()
 45    OTHER = auto()
 46
 47
 48CATEGORY_TO_EXTERNAL_PACKAGE_REF_TYPES: Dict[ExternalPackageRefCategory, List[str]] = {
 49    ExternalPackageRefCategory.SECURITY: ["cpe22Type", "cpe23Type", "advisory", "fix", "url", "swid"],
 50    ExternalPackageRefCategory.PACKAGE_MANAGER: ["maven-central", "npm", "nuget", "bower", "purl"],
 51    ExternalPackageRefCategory.PERSISTENT_ID: ["swh", "gitoid"],
 52    ExternalPackageRefCategory.OTHER: [],
 53}
 54
 55
 56@dataclass_with_properties
 57class ExternalPackageRef:
 58    category: ExternalPackageRefCategory
 59    # In theory, once could refine the typing,
 60    # see https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/. But it's probably not worth the
 61    # effort.
 62    reference_type: str
 63    locator: str
 64    comment: Optional[str] = None
 65
 66    def __init__(
 67        self, category: ExternalPackageRefCategory, reference_type: str, locator: str, comment: Optional[str] = None
 68    ):
 69        check_types_and_set_values(self, locals())
 70
 71
 72@dataclass_with_properties
 73class Package:
 74    spdx_id: str
 75    name: str
 76    download_location: Union[str, SpdxNoAssertion, SpdxNone]
 77    version: Optional[str] = None
 78    file_name: Optional[str] = None
 79    supplier: Optional[Union[Actor, SpdxNoAssertion]] = None
 80    originator: Optional[Union[Actor, SpdxNoAssertion]] = None
 81    files_analyzed: bool = True
 82    verification_code: Optional[PackageVerificationCode] = None
 83    checksums: List[Checksum] = field(default_factory=list)
 84    homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
 85    source_info: Optional[str] = None
 86    license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
 87    license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = field(default_factory=list)
 88    license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
 89    license_comment: Optional[str] = None
 90    copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
 91    summary: Optional[str] = None
 92    description: Optional[str] = None
 93    comment: Optional[str] = None
 94    external_references: List[ExternalPackageRef] = field(default_factory=list)
 95    attribution_texts: List[str] = field(default_factory=list)
 96    primary_package_purpose: Optional[PackagePurpose] = None
 97    release_date: Optional[datetime] = None
 98    built_date: Optional[datetime] = None
 99    valid_until_date: Optional[datetime] = None
100
101    def __init__(
102        self,
103        spdx_id: str,
104        name: str,
105        download_location: Union[str, SpdxNoAssertion, SpdxNone],
106        version: Optional[str] = None,
107        file_name: Optional[str] = None,
108        supplier: Optional[Union[Actor, SpdxNoAssertion]] = None,
109        originator: Optional[Union[Actor, SpdxNoAssertion]] = None,
110        files_analyzed: bool = True,
111        verification_code: Optional[PackageVerificationCode] = None,
112        checksums: List[Checksum] = None,
113        homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
114        source_info: Optional[str] = None,
115        license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
116        license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
117        license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
118        license_comment: Optional[str] = None,
119        copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
120        summary: Optional[str] = None,
121        description: Optional[str] = None,
122        comment: Optional[str] = None,
123        external_references: List[ExternalPackageRef] = None,
124        attribution_texts: List[str] = None,
125        primary_package_purpose: Optional[PackagePurpose] = None,
126        release_date: Optional[datetime] = None,
127        built_date: Optional[datetime] = None,
128        valid_until_date: Optional[datetime] = None,
129    ):
130        checksums = [] if checksums is None else checksums
131        license_info_from_files = [] if license_info_from_files is None else license_info_from_files
132        external_references = [] if external_references is None else external_references
133        attribution_texts = [] if attribution_texts is None else attribution_texts
134        check_types_and_set_values(self, locals())
class PackagePurpose(enum.Enum): 
17class PackagePurpose(Enum):
18    APPLICATION = auto()
19    FRAMEWORK = auto()
20    LIBRARY = auto()
21    CONTAINER = auto()
22    OPERATING_SYSTEM = auto()
23    DEVICE = auto()
24    FIRMWARE = auto()
25    SOURCE = auto()
26    ARCHIVE = auto()
27    FILE = auto()
28    INSTALL = auto()
29    OTHER = auto()

Create a collection of name/value pairs.

Example enumeration:

>>> class Color(Enum):
...     RED = 1
...     BLUE = 2
...     GREEN = 3

Access them by:

  • attribute access::
>>> Color.RED
<Color.RED: 1>
  • value lookup:
>>> Color(1)
<Color.RED: 1>
  • name lookup:
>>> Color['RED']
<Color.RED: 1>

Enumerations can be iterated over, and know how many members they have:

>>> len(Color)
3

>>> list(Color)
[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]

Methods can be added to enumerations, and members can have their own attributes -- see the documentation for details.

APPLICATION = <PackagePurpose.APPLICATION: 1>
FRAMEWORK = <PackagePurpose.FRAMEWORK: 2>
LIBRARY = <PackagePurpose.LIBRARY: 3>
CONTAINER = <PackagePurpose.CONTAINER: 4>
OPERATING_SYSTEM = <PackagePurpose.OPERATING_SYSTEM: 5>
DEVICE = <PackagePurpose.DEVICE: 6>
FIRMWARE = <PackagePurpose.FIRMWARE: 7>
SOURCE = <PackagePurpose.SOURCE: 8>
ARCHIVE = <PackagePurpose.ARCHIVE: 9>
FILE = <PackagePurpose.FILE: 10>
INSTALL = <PackagePurpose.INSTALL: 11>
OTHER = <PackagePurpose.OTHER: 12>
Inherited Members
enum.Enum
name
value
@dataclass_with_properties
class PackageVerificationCode: 
32@dataclass_with_properties
33class PackageVerificationCode:
34    value: str
35    excluded_files: List[str] = field(default_factory=list)
36
37    def __init__(self, value: str, excluded_files: List[str] = None):
38        excluded_files = [] if excluded_files is None else excluded_files
39        check_types_and_set_values(self, locals())
PackageVerificationCode(value: str, excluded_files: list[str] = None) 
37    def __init__(self, value: str, excluded_files: List[str] = None):
38        excluded_files = [] if excluded_files is None else excluded_files
39        check_types_and_set_values(self, locals())
value: str 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
excluded_files: list[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
class ExternalPackageRefCategory(enum.Enum): 
42class ExternalPackageRefCategory(Enum):
43    SECURITY = auto()
44    PACKAGE_MANAGER = auto()
45    PERSISTENT_ID = auto()
46    OTHER = auto()

Create a collection of name/value pairs.

Example enumeration:

>>> class Color(Enum):
...     RED = 1
...     BLUE = 2
...     GREEN = 3

Access them by:

  • attribute access::
>>> Color.RED
<Color.RED: 1>
  • value lookup:
>>> Color(1)
<Color.RED: 1>
  • name lookup:
>>> Color['RED']
<Color.RED: 1>

Enumerations can be iterated over, and know how many members they have:

>>> len(Color)
3

>>> list(Color)
[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]

Methods can be added to enumerations, and members can have their own attributes -- see the documentation for details.

Inherited Members
enum.Enum
name
value
CATEGORY_TO_EXTERNAL_PACKAGE_REF_TYPES: dict[ExternalPackageRefCategory, list[str]] = {<ExternalPackageRefCategory.SECURITY: 1>: ['cpe22Type', 'cpe23Type', 'advisory', 'fix', 'url', 'swid'], <ExternalPackageRefCategory.PACKAGE_MANAGER: 2>: ['maven-central', 'npm', 'nuget', 'bower', 'purl'], <ExternalPackageRefCategory.PERSISTENT_ID: 3>: ['swh', 'gitoid'], <ExternalPackageRefCategory.OTHER: 4>: []}
@dataclass_with_properties
class ExternalPackageRef: 
57@dataclass_with_properties
58class ExternalPackageRef:
59    category: ExternalPackageRefCategory
60    # In theory, once could refine the typing,
61    # see https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/. But it's probably not worth the
62    # effort.
63    reference_type: str
64    locator: str
65    comment: Optional[str] = None
66
67    def __init__(
68        self, category: ExternalPackageRefCategory, reference_type: str, locator: str, comment: Optional[str] = None
69    ):
70        check_types_and_set_values(self, locals())
ExternalPackageRef( category: ExternalPackageRefCategory, reference_type: str, locator: str, comment: Optional[str] = None) 
67    def __init__(
68        self, category: ExternalPackageRefCategory, reference_type: str, locator: str, comment: Optional[str] = None
69    ):
70        check_types_and_set_values(self, locals())
category: ExternalPackageRefCategory 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
reference_type: str 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
locator: str 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
comment: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
@dataclass_with_properties
class Package: 
 73@dataclass_with_properties
 74class Package:
 75    spdx_id: str
 76    name: str
 77    download_location: Union[str, SpdxNoAssertion, SpdxNone]
 78    version: Optional[str] = None
 79    file_name: Optional[str] = None
 80    supplier: Optional[Union[Actor, SpdxNoAssertion]] = None
 81    originator: Optional[Union[Actor, SpdxNoAssertion]] = None
 82    files_analyzed: bool = True
 83    verification_code: Optional[PackageVerificationCode] = None
 84    checksums: List[Checksum] = field(default_factory=list)
 85    homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
 86    source_info: Optional[str] = None
 87    license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
 88    license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = field(default_factory=list)
 89    license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None
 90    license_comment: Optional[str] = None
 91    copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None
 92    summary: Optional[str] = None
 93    description: Optional[str] = None
 94    comment: Optional[str] = None
 95    external_references: List[ExternalPackageRef] = field(default_factory=list)
 96    attribution_texts: List[str] = field(default_factory=list)
 97    primary_package_purpose: Optional[PackagePurpose] = None
 98    release_date: Optional[datetime] = None
 99    built_date: Optional[datetime] = None
100    valid_until_date: Optional[datetime] = None
101
102    def __init__(
103        self,
104        spdx_id: str,
105        name: str,
106        download_location: Union[str, SpdxNoAssertion, SpdxNone],
107        version: Optional[str] = None,
108        file_name: Optional[str] = None,
109        supplier: Optional[Union[Actor, SpdxNoAssertion]] = None,
110        originator: Optional[Union[Actor, SpdxNoAssertion]] = None,
111        files_analyzed: bool = True,
112        verification_code: Optional[PackageVerificationCode] = None,
113        checksums: List[Checksum] = None,
114        homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
115        source_info: Optional[str] = None,
116        license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
117        license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
118        license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
119        license_comment: Optional[str] = None,
120        copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
121        summary: Optional[str] = None,
122        description: Optional[str] = None,
123        comment: Optional[str] = None,
124        external_references: List[ExternalPackageRef] = None,
125        attribution_texts: List[str] = None,
126        primary_package_purpose: Optional[PackagePurpose] = None,
127        release_date: Optional[datetime] = None,
128        built_date: Optional[datetime] = None,
129        valid_until_date: Optional[datetime] = None,
130    ):
131        checksums = [] if checksums is None else checksums
132        license_info_from_files = [] if license_info_from_files is None else license_info_from_files
133        external_references = [] if external_references is None else external_references
134        attribution_texts = [] if attribution_texts is None else attribution_texts
135        check_types_and_set_values(self, locals())
Package( spdx_id: str, name: str, download_location: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone], version: Optional[str] = None, file_name: Optional[str] = None, supplier: Union[spdx_tools.spdx.model.actor.Actor, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, NoneType] = None, originator: Union[spdx_tools.spdx.model.actor.Actor, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, NoneType] = None, files_analyzed: bool = True, verification_code: Optional[PackageVerificationCode] = None, checksums: list[spdx_tools.spdx.model.checksum.Checksum] = None, homepage: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] = None, source_info: Optional[str] = None, license_concluded: Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] = None, license_info_from_files: list[typing.Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone]] = None, license_declared: Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] = None, license_comment: Optional[str] = None, copyright_text: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] = None, summary: Optional[str] = None, description: Optional[str] = None, comment: Optional[str] = None, external_references: list[ExternalPackageRef] = None, attribution_texts: list[str] = None, primary_package_purpose: Optional[PackagePurpose] = None, release_date: Optional[datetime.datetime] = None, built_date: Optional[datetime.datetime] = None, valid_until_date: Optional[datetime.datetime] = None) 
102    def __init__(
103        self,
104        spdx_id: str,
105        name: str,
106        download_location: Union[str, SpdxNoAssertion, SpdxNone],
107        version: Optional[str] = None,
108        file_name: Optional[str] = None,
109        supplier: Optional[Union[Actor, SpdxNoAssertion]] = None,
110        originator: Optional[Union[Actor, SpdxNoAssertion]] = None,
111        files_analyzed: bool = True,
112        verification_code: Optional[PackageVerificationCode] = None,
113        checksums: List[Checksum] = None,
114        homepage: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
115        source_info: Optional[str] = None,
116        license_concluded: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
117        license_info_from_files: List[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
118        license_declared: Optional[Union[LicenseExpression, SpdxNoAssertion, SpdxNone]] = None,
119        license_comment: Optional[str] = None,
120        copyright_text: Optional[Union[str, SpdxNoAssertion, SpdxNone]] = None,
121        summary: Optional[str] = None,
122        description: Optional[str] = None,
123        comment: Optional[str] = None,
124        external_references: List[ExternalPackageRef] = None,
125        attribution_texts: List[str] = None,
126        primary_package_purpose: Optional[PackagePurpose] = None,
127        release_date: Optional[datetime] = None,
128        built_date: Optional[datetime] = None,
129        valid_until_date: Optional[datetime] = None,
130    ):
131        checksums = [] if checksums is None else checksums
132        license_info_from_files = [] if license_info_from_files is None else license_info_from_files
133        external_references = [] if external_references is None else external_references
134        attribution_texts = [] if attribution_texts is None else attribution_texts
135        check_types_and_set_values(self, locals())
spdx_id: str 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
name: str 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
download_location: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
version: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
file_name: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
supplier: Union[spdx_tools.spdx.model.actor.Actor, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
originator: Union[spdx_tools.spdx.model.actor.Actor, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
files_analyzed: bool 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
verification_code: Optional[PackageVerificationCode] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
checksums: list[spdx_tools.spdx.model.checksum.Checksum] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
homepage: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
source_info: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
license_concluded: Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
license_info_from_files: list[typing.Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone]] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
license_declared: Union[boolean.boolean.Expression, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
license_comment: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
copyright_text: Union[str, spdx_tools.spdx.model.spdx_no_assertion.SpdxNoAssertion, spdx_tools.spdx.model.spdx_none.SpdxNone, NoneType] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
summary: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
description: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
comment: Optional[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
external_references: list[ExternalPackageRef] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
attribution_texts: list[str] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
primary_package_purpose: Optional[PackagePurpose] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
release_date: Optional[datetime.datetime] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
built_date: Optional[datetime.datetime] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")
valid_until_date: Optional[datetime.datetime] 
47    def get_field(self) -> field_type:
48        return getattr(self, f"_{field_name}")