add CLI version parameter

This adds new a new -fv option to specify the
version of the output format if it supports versions.

Removes the old SPDX version handling.

Signed-off-by: Armin Tänzer <[email protected]>

setup.cfg

@@ -52,16 +52,11 @@ tern.formats =
     yaml = tern.formats.yaml.generator:YAML
     html = tern.formats.html.generator:HTML
     cyclonedxjson = tern.formats.cyclonedx.cyclonedxjson.generator:CycloneDXJSON
-    spdxjson22 = tern.formats.spdx_new.spdxjson22.generator:SpdxJSON22
-    spdxyaml22 = tern.formats.spdx_new.spdxyaml22.generator:SpdxYAML22
-    spdxxml22 = tern.formats.spdx_new.spdxxml22.generator:SpdxXML22
-    spdxrdf22 = tern.formats.spdx_new.spdxrdf22.generator:SpdxRDF22
-    spdxtagvalue22 = tern.formats.spdx_new.spdxtagvalue22.generator:SpdxTagValue22
-    spdxjson23 = tern.formats.spdx_new.spdxjson23.generator:SpdxJSON23
-    spdxyaml23 = tern.formats.spdx_new.spdxyaml23.generator:SpdxYAML23
-    spdxxml23 = tern.formats.spdx_new.spdxxml23.generator:SpdxXML23
-    spdxrdf23 = tern.formats.spdx_new.spdxrdf23.generator:SpdxRDF23
-    spdxtagvalue23 = tern.formats.spdx_new.spdxtagvalue23.generator:SpdxTagValue23
+    spdxjson_new = tern.formats.spdx_new.spdxjson.generator:SpdxJSON
+    spdxyaml_new = tern.formats.spdx_new.spdxyaml.generator:SpdxYAML
+    spdxxml_new = tern.formats.spdx_new.spdxxml.generator:SpdxXML
+    spdxrdf_new = tern.formats.spdx_new.spdxrdf.generator:SpdxRDF
+    spdxtagvalue_new = tern.formats.spdx_new.spdxtagvalue.generator:SpdxTagValue
 tern.extensions =
     cve_bin_tool = tern.extensions.cve_bin_tool.executor:CveBinTool
     scancode = tern.extensions.scancode.executor:Scancode

tern/__main__.py

@@ -216,6 +216,9 @@ def main():
                                "available formats: "
                                "spdxtagvalue, spdxjson, cyclonedxjson, json, "
                                "yaml, html")
+    parser_report.add_argument('-fv', '--format-version',
+                               metavar='FORMAT_VERSION',
+                               help="Specify the version of the report format.")
     parser_report.add_argument('-o', '--output-file', default=None,
                                metavar='FILE',
                                help="Write the report to a file. "

tern/formats/cyclonedx/cyclonedxjson/generator.py

@@ -50,12 +50,14 @@ def get_document_dict(image_obj_list):
 
 
 class CycloneDXJSON(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version, print_inclusive=False):
         ''' Generate a CycloneDX document
         The whole document should be stored in a dictionary which can be
         converted to JSON and dumped to a file using the write_report function
         in report.py. '''
         logger.debug('Generating CycloneDX JSON document...')
+        if format_version is not None:
+            logger.warning("The version parameter is not supported for CycloneDX JSON.")
 
         report = get_document_dict(image_obj_list)
 

tern/formats/default/generator.py

@@ -140,8 +140,11 @@ def print_licenses_only(image_obj_list):
 
 
 class Default(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version: str, print_inclusive=False):
         '''Generate a default report'''
+        if format_version is not None:
+            logger.warning("The version parameter is not supported for the default format.")
+
         report = formats.disclaimer.format(
             version_info=content.get_tool_version())
         logger.debug('Creating a detailed report of components in image...')
@@ -154,8 +157,11 @@ def generate(self, image_obj_list, print_inclusive=False):
             return report
         return report + print_licenses_only(image_obj_list)
 
-    def generate_layer(self, layer):
+    def generate_layer(self, layer, version: str):
         """Generate a default report for one layer object"""
+        if version is not None:
+            logger.warning("The version parameter is not supported for the default format.")
+
         report = formats.disclaimer.format(
             version_info=content.get_tool_version())
         logger.debug("Generating summary report for layer...")

tern/formats/generator.py

@@ -10,6 +10,6 @@
 class Generate(metaclass=ABCMeta):
     '''Base class for report plugins'''
     @abstractmethod
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version, print_inclusive=False):
         '''Format the report according to the plugin style.
         Each subclass is responsible for their own formatting.'''

tern/formats/html/generator.py

@@ -321,16 +321,22 @@ def get_report_dict(image_obj_list):
 
 
 class HTML(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version: str, print_inclusive=False):
         '''Given a list of image objects, create a html report
         for the images'''
+        if format_version is not None:
+            logger.warning("The version parameter is not supported for HTML.")
+
         report_dict = get_report_dict(image_obj_list)
         report = create_html_report(report_dict, image_obj_list)
         return report
 
-    def generate_layer(self, layer):
+    def generate_layer(self, layer, version: str):
         """Given a layer object, create a html report for the layer"""
         logger.debug("Creating HTML report...")
+        if version is not None:
+            logger.warning("The version parameter is not supported for HTML.")
+
         report = ""
         report = report + '\n' + head_layer % (css, get_tool_version())
         report = report + '\n' + report_dict_to_html(layer.to_dict())

tern/formats/json/generator.py

@@ -8,18 +8,28 @@
 """
 
 import json
+import logging
+
 from tern.formats import generator
+from tern.utils import constants
 
+logger = logging.getLogger(constants.logger_name)
 
 class JSON(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version: str, print_inclusive=False):
         '''Given a list of image objects, create a json object string'''
         image_list = []
+        if format_version is not None:
+            logger.warning("The version parameter is not supported for JSON.")
+
         for image in image_obj_list:
             image_list.append({'image': image.to_dict()})
         image_dict = {'images': image_list}
         return json.dumps(image_dict)
 
-    def generate_layer(self, layer):
+    def generate_layer(self, layer, format_version: str):
         """Create a json object for one layer"""
+        if format_version is not None:
+            logger.warning("The version parameter is not supported for JSON.")
+
         return json.dumps(layer.to_dict())

tern/formats/spdx/spdxjson/generator.py

@@ -9,7 +9,6 @@
 
 import json
 import logging
-import pickle
 
 from tern.formats.spdx.spdx import SPDX
 from tern.formats.spdx import spdx_common
@@ -141,7 +140,7 @@ def get_document_dict_snapshot(layer_obj, template):
 
 
 class SpdxJSON(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version: str, print_inclusive=False):
         '''Generate an SPDX document
         WARNING: This assumes that the list consists of one image or the base
         image and a stub image, in which case, the information in the stub
@@ -165,7 +164,7 @@ def generate(self, image_obj_list, print_inclusive=False):
 
         return json.dumps(report)
 
-    def generate_layer(self, layer):
+    def generate_layer(self, layer, format_version: str):
         """Generate an SPDX document containing package and file information
         at container build time"""
         logger.debug("Generating SPDX JSON document...")

tern/formats/spdx/spdxtagvalue/generator.py

@@ -51,7 +51,7 @@ def get_document_block(image_obj):
 
 
 class SpdxTagValue(generator.Generate):
-    def generate(self, image_obj_list, print_inclusive=False):
+    def generate(self, image_obj_list, format_version: str, print_inclusive=False):
         '''Generate an SPDX document
         WARNING: This assumes that the list consists of one image or the base
         image and a stub image, in which case, the information in the stub
@@ -142,7 +142,7 @@ def generate(self, image_obj_list, print_inclusive=False):
 
         return report
 
-    def generate_layer(self, layer_obj):  # pylint: disable=unused-argument
+    def generate_layer(self, layer_obj, format_version: str):  # pylint: disable=unused-argument
         """Currently Unsupported. Provide debug statement"""
         logger.critical("Generating SPDX tag-value documents at container "
                         "build time is currently unsupported")

tern/formats/spdx_new/spdx_formats_helper.py

@@ -20,6 +20,11 @@
 
 logger = logging.getLogger(constants.logger_name)
 
+SPDX_VERSION_MAPPING = {
+    "2.2": "SPDX-2.2",
+    "2.3": "SPDX-2.3",
+}
+
 
 def get_spdx_from_image_list(image_obj_list: List[Image], spdx_format: str, spdx_version: str) -> str:
     """Generate an SPDX document
@@ -32,7 +37,10 @@ def get_spdx_from_image_list(image_obj_list: List[Image], spdx_format: str, spdx
     layer which is also a 'Package' which 'CONTAINS' the real Packages"""
     logger.debug(f"Generating SPDX {spdx_format} document...")
 
-    spdx_document: Document = make_spdx_model(image_obj_list, spdx_version)
+    if spdx_version not in SPDX_VERSION_MAPPING:
+        raise ValueError(f"SPDX version {spdx_version} is not supported by tern.")
+
+    spdx_document: Document = make_spdx_model(image_obj_list, SPDX_VERSION_MAPPING[spdx_version])
 
     return convert_document_to_serialized_string(spdx_document, spdx_format)
 
@@ -42,8 +50,11 @@ def get_spdx_from_layer(layer: ImageLayer, spdx_format: str, spdx_version: str)
     at container build time"""
     logger.debug(f"Generating SPDX {spdx_format} snapshot document...")
 
+    if spdx_version not in SPDX_VERSION_MAPPING:
+        raise ValueError(f"SPDX version {spdx_version} is not supported by tern.")
+
     template = SPDX()
-    spdx_document: Document = make_spdx_model_snapshot(layer, template, spdx_version)
+    spdx_document: Document = make_spdx_model_snapshot(layer, template, SPDX_VERSION_MAPPING[spdx_version])
 
     return convert_document_to_serialized_string(spdx_document, spdx_format)
 

tern/formats/spdx_new/spdxjson22/generator.py → tern/formats/spdx_new/spdxjson/generator.py

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: BSD-2-Clause
 
 """
-SPDX-2.2 JSON document generator
+SPDX JSON document generator
 """
 from typing import List
 
@@ -14,9 +14,11 @@
 from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer
 
 
-class SpdxJSON22(generator.Generate):
-    def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str:
-        return get_spdx_from_image_list(image_obj_list, "JSON", "SPDX-2.2")
+class SpdxJSON(generator.Generate):
+    def generate(self, image_obj_list: List[Image], format_version: str, print_inclusive=False) -> str:
+        if format_version is None:
+            format_version = "2.2"
+        return get_spdx_from_image_list(image_obj_list, "JSON", format_version)
 
-    def generate_layer(self, layer: ImageLayer) -> str:
-        return get_spdx_from_layer(layer, "JSON", "SPDX-2.2")
+    def generate_layer(self, layer: ImageLayer, format_version) -> str:
+        return get_spdx_from_layer(layer, "JSON", format_version)

tern/formats/spdx_new/spdxrdf22/generator.py → tern/formats/spdx_new/spdxrdf/generator.py

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: BSD-2-Clause
 
 """
-SPDX-2.2 RDF-XML document generator
+SPDX RDF-XML document generator
 """
 from typing import List
 
@@ -14,9 +14,9 @@
 from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer
 
 
-class SpdxRDF22(generator.Generate):
-    def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str:
-        return get_spdx_from_image_list(image_obj_list, "RDF-XML", "SPDX-2.2")
+class SpdxRDF(generator.Generate):
+    def generate(self, image_obj_list: List[Image], format_version: str, print_inclusive=False) -> str:
+        return get_spdx_from_image_list(image_obj_list, "RDF-XML", format_version)
 
-    def generate_layer(self, layer: ImageLayer) -> str:
-        return get_spdx_from_layer(layer, "RDF-XML", "SPDX-2.2")
+    def generate_layer(self, layer: ImageLayer, format_version: str) -> str:
+        return get_spdx_from_layer(layer, "RDF-XML", format_version)

tern/formats/spdx_new/spdxtagvalue22/generator.py → tern/formats/spdx_new/spdxtagvalue/generator.py

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: BSD-2-Clause
 
 """
-SPDX-2.2 Tag-Value document generator
+SPDX Tag-Value document generator
 """
 
 from typing import List
@@ -15,9 +15,9 @@
 from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer
 
 
-class SpdxTagValue22(generator.Generate):
-    def generate(self, image_obj_list: List[Image], print_inclusive=False) -> str:
-        return get_spdx_from_image_list(image_obj_list, "Tag-Value", "SPDX-2.2")
+class SpdxTagValue(generator.Generate):
+    def generate(self, image_obj_list: List[Image], format_version: str, print_inclusive=False) -> str:
+        return get_spdx_from_image_list(image_obj_list, "Tag-Value", format_version)
 
-    def generate_layer(self, layer: ImageLayer) -> str:
-        return get_spdx_from_layer(layer, "Tag-Value", "SPDX-2.2")
+    def generate_layer(self, layer: ImageLayer, format_version: str) -> str:
+        return get_spdx_from_layer(layer, "Tag-Value", format_version)

tern/formats/spdx_new/spdxxml/generator.py

@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2021 VMware, Inc. All Rights Reserved.
+# SPDX-License-Identifier: BSD-2-Clause
+
+"""
+SPDX XML document generator
+"""
+from typing import List
+
+from tern.classes.image import Image
+from tern.classes.image_layer import ImageLayer
+from tern.formats import generator
+from tern.formats.spdx_new.spdx_formats_helper import get_spdx_from_image_list, get_spdx_from_layer
+
+
+class SpdxXML(generator.Generate):
+    def generate(self, image_obj_list: List[Image], format_version: str, print_inclusive=False) -> str:
+        return get_spdx_from_image_list(image_obj_list, "XML", format_version)
+
+    def generate_layer(self, layer: ImageLayer, format_version: str) -> str:
+        return get_spdx_from_layer(layer, "XML", format_version)