github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/formats/common/spdxhelpers/download_location.go

github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/formats/common/spdxhelpers/download_location.go (about)

     1  package spdxhelpers
     2  
     3  import "github.com/nextlinux/gosbom/gosbom/pkg"
     4  
     5  const NONE = "NONE"
     6  const NOASSERTION = "NOASSERTION"
     7  
     8  func DownloadLocation(p pkg.Package) string {
     9  	// 3.7: Package Download Location
    10  	// Cardinality: mandatory, one
    11  	// NONE if there is no download location whatsoever.
    12  	// NOASSERTION if:
    13  	//   (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
    14  	//   (ii) the SPDX file creator has made no attempt to determine this field; or
    15  	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
    16  
    17  	if hasMetadata(p) {
    18  		switch metadata := p.Metadata.(type) {
    19  		case pkg.ApkMetadata:
    20  			return NoneIfEmpty(metadata.URL)
    21  		case pkg.NpmPackageJSONMetadata:
    22  			return NoneIfEmpty(metadata.URL)
    23  		}
    24  	}
    25  	return NOASSERTION
    26  }