github.com/anchore/syft@v1.38.2/syft/format/internal/spdxutil/helpers/download_location.go (about)

     1  package helpers
     2  
     3  import (
     4  	"strings"
     5  
     6  	urilib "github.com/spdx/gordf/uri"
     7  
     8  	"github.com/anchore/syft/syft/pkg"
     9  )
    10  
    11  const NONE = "NONE"
    12  const NOASSERTION = "NOASSERTION"
    13  const SUPPLIERORG = "Organization"
    14  
    15  func DownloadLocation(p pkg.Package) string {
    16  	// 3.7: Package Download Location
    17  	// Cardinality: mandatory, one
    18  	// NONE if there is no download location whatsoever.
    19  	// NOASSERTION if:
    20  	//   (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
    21  	//   (ii) the SPDX file creator has made no attempt to determine this field; or
    22  	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
    23  
    24  	var location string
    25  	if hasMetadata(p) {
    26  		switch metadata := p.Metadata.(type) {
    27  		case pkg.ApkDBEntry:
    28  			location = metadata.URL
    29  		case pkg.NpmPackage:
    30  			location = metadata.URL
    31  		case pkg.NpmPackageLockEntry:
    32  			location = metadata.Resolved
    33  		case pkg.PhpComposerLockEntry:
    34  			location = metadata.Dist.URL
    35  		case pkg.PhpComposerInstalledEntry:
    36  			location = metadata.Dist.URL
    37  		case pkg.OpamPackage:
    38  			location = metadata.URL
    39  		}
    40  	}
    41  	return URIValue(location)
    42  }
    43  
    44  func isURIValid(uri string) bool {
    45  	_, err := urilib.NewURIRef(uri)
    46  	return err == nil
    47  }
    48  
    49  func URIValue(uri string) string {
    50  	if strings.ToLower(uri) != "none" {
    51  		if isURIValid(uri) {
    52  			return uri
    53  		}
    54  		return NOASSERTION
    55  	}
    56  	return NONE
    57  }