xref: /aosp_15_r20/external/spdx-tools/spdx/v2_1/package.go (revision ba677afa8f67bb56cbc794f4d0e378e0da058e16) 
1// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
2
3package v2_1
4
5import "github.com/spdx/tools-golang/spdx/common"
6
7// Package is a Package section of an SPDX Document for version 2.1 of the spec.
8type Package struct {
9	// 3.1: Package Name
10	// Cardinality: mandatory, one
11	PackageName string `json:"name"`
12
13	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
14	// Cardinality: mandatory, one
15	PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
16
17	// 3.3: Package Version
18	// Cardinality: optional, one
19	PackageVersion string `json:"versionInfo,omitempty"`
20
21	// 3.4: Package File Name
22	// Cardinality: optional, one
23	PackageFileName string `json:"packageFileName,omitempty"`
24
25	// 3.5: Package Supplier: may have single result for either Person or Organization,
26	//                        or NOASSERTION
27	// Cardinality: optional, one
28	PackageSupplier *common.Supplier `json:"supplier,omitempty"`
29
30	// 3.6: Package Originator: may have single result for either Person or Organization,
31	//                          or NOASSERTION
32	// Cardinality: optional, one
33	PackageOriginator *common.Originator `json:"originator,omitempty"`
34
35	// 3.7: Package Download Location
36	// Cardinality: mandatory, one
37	PackageDownloadLocation string `json:"downloadLocation"`
38
39	// 3.8: FilesAnalyzed
40	// Cardinality: optional, one; default value is "true" if omitted
41	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
42	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
43	IsFilesAnalyzedTagPresent bool `json:"-"`
44
45	// 3.9: Package Verification Code
46	PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"`
47
48	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
49	// Cardinality: optional, one or many
50	PackageChecksums []common.Checksum `json:"checksums,omitempty"`
51
52	// 3.11: Package Home Page
53	// Cardinality: optional, one
54	PackageHomePage string `json:"homepage,omitempty"`
55
56	// 3.12: Source Information
57	// Cardinality: optional, one
58	PackageSourceInfo string `json:"sourceInfo,omitempty"`
59
60	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
61	// Cardinality: mandatory, one
62	PackageLicenseConcluded string `json:"licenseConcluded"`
63
64	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
65	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
66	//              zero (must be omitted) if filesAnalyzed is false
67	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
68
69	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
70	// Cardinality: mandatory, one
71	PackageLicenseDeclared string `json:"licenseDeclared"`
72
73	// 3.16: Comments on License
74	// Cardinality: optional, one
75	PackageLicenseComments string `json:"licenseComments,omitempty"`
76
77	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
78	// Cardinality: mandatory, one
79	PackageCopyrightText string `json:"copyrightText"`
80
81	// 3.18: Package Summary Description
82	// Cardinality: optional, one
83	PackageSummary string `json:"summary,omitempty"`
84
85	// 3.19: Package Detailed Description
86	// Cardinality: optional, one
87	PackageDescription string `json:"description,omitempty"`
88
89	// 3.20: Package Comment
90	// Cardinality: optional, one
91	PackageComment string `json:"comment,omitempty"`
92
93	// 3.21: Package External Reference
94	// Cardinality: optional, one or many
95	PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
96
97	// Files contained in this Package
98	Files []*File `json:"files,omitempty"`
99
100	Annotations []Annotation `json:"annotations,omitempty"`
101}
102
103// PackageExternalReference is an External Reference to additional info
104// about a Package, as defined in section 3.21 in version 2.1 of the spec.
105type PackageExternalReference struct {
106	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
107	Category string `json:"referenceCategory"`
108
109	// type is an [idstring] as defined in Appendix VI;
110	// called RefType here due to "type" being a Golang keyword
111	RefType string `json:"referenceType"`
112
113	// locator is a unique string to access the package-specific
114	// info, metadata or content within the target location
115	Locator string `json:"referenceLocator"`
116
117	// 3.22: Package External Reference Comment
118	// Cardinality: conditional (optional, one) for each External Reference
119	ExternalRefComment string `json:"comment,omitempty"`
120}
121