xref: /aosp_15_r20/external/spdx-tools/spdx/v2_2/package.go (revision ba677afa8f67bb56cbc794f4d0e378e0da058e16) 
1*ba677afaSXin Li// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
2*ba677afaSXin Li
3*ba677afaSXin Lipackage v2_2
4*ba677afaSXin Li
5*ba677afaSXin Liimport "github.com/spdx/tools-golang/spdx/common"
6*ba677afaSXin Li
7*ba677afaSXin Li// Package is a Package section of an SPDX Document for version 2.2 of the spec.
8*ba677afaSXin Litype Package struct {
9*ba677afaSXin Li	// NOT PART OF SPEC
10*ba677afaSXin Li	// flag: does this "package" contain files that were in fact "unpackaged",
11*ba677afaSXin Li	// e.g. included directly in the Document without being in a Package?
12*ba677afaSXin Li	IsUnpackaged bool `json:"-"`
13*ba677afaSXin Li
14*ba677afaSXin Li	// 7.1: Package Name
15*ba677afaSXin Li	// Cardinality: mandatory, one
16*ba677afaSXin Li	PackageName string `json:"name"`
17*ba677afaSXin Li
18*ba677afaSXin Li	// 7.2: Package SPDX Identifier: "SPDXRef-[idstring]"
19*ba677afaSXin Li	// Cardinality: mandatory, one
20*ba677afaSXin Li	PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
21*ba677afaSXin Li
22*ba677afaSXin Li	// 7.3: Package Version
23*ba677afaSXin Li	// Cardinality: optional, one
24*ba677afaSXin Li	PackageVersion string `json:"versionInfo,omitempty"`
25*ba677afaSXin Li
26*ba677afaSXin Li	// 7.4: Package File Name
27*ba677afaSXin Li	// Cardinality: optional, one
28*ba677afaSXin Li	PackageFileName string `json:"packageFileName,omitempty"`
29*ba677afaSXin Li
30*ba677afaSXin Li	// 7.5: Package Supplier: may have single result for either Person or Organization,
31*ba677afaSXin Li	//                        or NOASSERTION
32*ba677afaSXin Li	// Cardinality: optional, one
33*ba677afaSXin Li	PackageSupplier *common.Supplier `json:"supplier,omitempty"`
34*ba677afaSXin Li
35*ba677afaSXin Li	// 7.6: Package Originator: may have single result for either Person or Organization,
36*ba677afaSXin Li	//                          or NOASSERTION
37*ba677afaSXin Li	// Cardinality: optional, one
38*ba677afaSXin Li	PackageOriginator *common.Originator `json:"originator,omitempty"`
39*ba677afaSXin Li
40*ba677afaSXin Li	// 7.7: Package Download Location
41*ba677afaSXin Li	// Cardinality: mandatory, one
42*ba677afaSXin Li	PackageDownloadLocation string `json:"downloadLocation"`
43*ba677afaSXin Li
44*ba677afaSXin Li	// 7.8: FilesAnalyzed
45*ba677afaSXin Li	// Cardinality: optional, one; default value is "true" if omitted
46*ba677afaSXin Li	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
47*ba677afaSXin Li	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
48*ba677afaSXin Li	IsFilesAnalyzedTagPresent bool `json:"-"`
49*ba677afaSXin Li
50*ba677afaSXin Li	// 7.9: Package Verification Code
51*ba677afaSXin Li	PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"`
52*ba677afaSXin Li
53*ba677afaSXin Li	// 7.10: Package Checksum: may have keys for SHA1, SHA256, SHA512 and/or MD5
54*ba677afaSXin Li	// Cardinality: optional, one or many
55*ba677afaSXin Li	PackageChecksums []common.Checksum `json:"checksums,omitempty"`
56*ba677afaSXin Li
57*ba677afaSXin Li	// 7.11: Package Home Page
58*ba677afaSXin Li	// Cardinality: optional, one
59*ba677afaSXin Li	PackageHomePage string `json:"homepage,omitempty"`
60*ba677afaSXin Li
61*ba677afaSXin Li	// 7.12: Source Information
62*ba677afaSXin Li	// Cardinality: optional, one
63*ba677afaSXin Li	PackageSourceInfo string `json:"sourceInfo,omitempty"`
64*ba677afaSXin Li
65*ba677afaSXin Li	// 7.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
66*ba677afaSXin Li	// Cardinality: mandatory, one
67*ba677afaSXin Li	PackageLicenseConcluded string `json:"licenseConcluded"`
68*ba677afaSXin Li
69*ba677afaSXin Li	// 7.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
70*ba677afaSXin Li	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
71*ba677afaSXin Li	//              zero (must be omitted) if filesAnalyzed is false
72*ba677afaSXin Li	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
73*ba677afaSXin Li
74*ba677afaSXin Li	// 7.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
75*ba677afaSXin Li	// Cardinality: mandatory, one
76*ba677afaSXin Li	PackageLicenseDeclared string `json:"licenseDeclared"`
77*ba677afaSXin Li
78*ba677afaSXin Li	// 7.16: Comments on License
79*ba677afaSXin Li	// Cardinality: optional, one
80*ba677afaSXin Li	PackageLicenseComments string `json:"licenseComments,omitempty"`
81*ba677afaSXin Li
82*ba677afaSXin Li	// 7.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
83*ba677afaSXin Li	// Cardinality: mandatory, one
84*ba677afaSXin Li	PackageCopyrightText string `json:"copyrightText"`
85*ba677afaSXin Li
86*ba677afaSXin Li	// 7.18: Package Summary Description
87*ba677afaSXin Li	// Cardinality: optional, one
88*ba677afaSXin Li	PackageSummary string `json:"summary,omitempty"`
89*ba677afaSXin Li
90*ba677afaSXin Li	// 7.19: Package Detailed Description
91*ba677afaSXin Li	// Cardinality: optional, one
92*ba677afaSXin Li	PackageDescription string `json:"description,omitempty"`
93*ba677afaSXin Li
94*ba677afaSXin Li	// 7.20: Package Comment
95*ba677afaSXin Li	// Cardinality: optional, one
96*ba677afaSXin Li	PackageComment string `json:"comment,omitempty"`
97*ba677afaSXin Li
98*ba677afaSXin Li	// 7.21: Package External Reference
99*ba677afaSXin Li	// Cardinality: optional, one or many
100*ba677afaSXin Li	PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
101*ba677afaSXin Li
102*ba677afaSXin Li	// 7.22: Package External Reference Comment
103*ba677afaSXin Li	// Cardinality: conditional (optional, one) for each External Reference
104*ba677afaSXin Li	// contained within PackageExternalReference2_1 struct, if present
105*ba677afaSXin Li
106*ba677afaSXin Li	// 7.23: Package Attribution Text
107*ba677afaSXin Li	// Cardinality: optional, one or many
108*ba677afaSXin Li	PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
109*ba677afaSXin Li
110*ba677afaSXin Li	// Files contained in this Package
111*ba677afaSXin Li	Files []*File `json:"files,omitempty"`
112*ba677afaSXin Li
113*ba677afaSXin Li	Annotations []Annotation `json:"annotations,omitempty"`
114*ba677afaSXin Li}
115*ba677afaSXin Li
116*ba677afaSXin Li// PackageExternalReference is an External Reference to additional info
117*ba677afaSXin Li// about a Package, as defined in section 7.21 in version 2.2 of the spec.
118*ba677afaSXin Litype PackageExternalReference struct {
119*ba677afaSXin Li	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
120*ba677afaSXin Li	Category string `json:"referenceCategory"`
121*ba677afaSXin Li
122*ba677afaSXin Li	// type is an [idstring] as defined in Appendix VI;
123*ba677afaSXin Li	// called RefType here due to "type" being a Golang keyword
124*ba677afaSXin Li	RefType string `json:"referenceType"`
125*ba677afaSXin Li
126*ba677afaSXin Li	// locator is a unique string to access the package-specific
127*ba677afaSXin Li	// info, metadata or content within the target location
128*ba677afaSXin Li	Locator string `json:"referenceLocator"`
129*ba677afaSXin Li
130*ba677afaSXin Li	// 7.22: Package External Reference Comment
131*ba677afaSXin Li	// Cardinality: conditional (optional, one) for each External Reference
132*ba677afaSXin Li	ExternalRefComment string `json:"comment,omitempty"`
133*ba677afaSXin Li}
134