github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/apkdb/package.go (about) 1 package apkdb 2 3 import ( 4 "strings" 5 6 "github.com/nextlinux/gosbom/gosbom/file" 7 "github.com/nextlinux/gosbom/gosbom/license" 8 "github.com/nextlinux/gosbom/gosbom/linux" 9 "github.com/nextlinux/gosbom/gosbom/pkg" 10 11 "github.com/anchore/packageurl-go" 12 ) 13 14 func newPackage(d parsedData, release *linux.Release, dbLocation file.Location) pkg.Package { 15 // check if license is a valid spdx expression before splitting 16 licenseStrings := []string{d.License} 17 _, err := license.ParseExpression(d.License) 18 if err != nil { 19 // invalid so update to split on space 20 licenseStrings = strings.Split(d.License, " ") 21 } 22 23 p := pkg.Package{ 24 Name: d.Package, 25 Version: d.Version, 26 Locations: file.NewLocationSet(dbLocation.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), 27 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(dbLocation, licenseStrings...)...), 28 PURL: packageURL(d.ApkMetadata, release), 29 Type: pkg.ApkPkg, 30 MetadataType: pkg.ApkMetadataType, 31 Metadata: d.ApkMetadata, 32 } 33 34 p.SetID() 35 36 return p 37 } 38 39 // packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec) 40 func packageURL(m pkg.ApkMetadata, distro *linux.Release) string { 41 if distro == nil { 42 return "" 43 } 44 45 qualifiers := map[string]string{ 46 pkg.PURLQualifierArch: m.Architecture, 47 } 48 49 if m.OriginPackage != m.Package { 50 qualifiers[pkg.PURLQualifierUpstream] = m.OriginPackage 51 } 52 53 return packageurl.NewPackageURL( 54 packageurl.TypeAlpine, 55 strings.ToLower(distro.ID), 56 m.Package, 57 m.Version, 58 pkg.PURLQualifiers( 59 qualifiers, 60 distro, 61 ), 62 "", 63 ).ToString() 64 }