Merge "Add deps tracking for SBOMs" (cf066f01) · Commits · e / os / android_build

tools/compliance/cmd/sbom/sbom.go

+13 −1

Original line number	Diff line number	Diff line
		@@ -271,6 +271,17 @@ func getProjectMetadata(_ context, pmix projectmetadata.Index,
		return pms[index], nil
		}

		// inputFiles returns the complete list of files read
		func inputFiles(lg compliance.LicenseGraph, pmix projectmetadata.Index, licenseTexts []string) []string {
		projectMeta := pmix.AllMetadataFiles()
		targets := lg.TargetNames()
		files := make([]string, 0, len(licenseTexts)+len(targets)+len(projectMeta))
		files = append(files, licenseTexts...)
		files = append(files, targets...)
		files = append(files, projectMeta...)
		return files
		}

		// sbomGenerator implements the spdx bom utility

		// SBOM is part of the new government regulation issued to improve national cyber security
		@@ -417,6 +428,7 @@ func sbomGenerator(ctx *context, files ...string) ([]string, error) {
		fmt.Fprintf(ctx.stdout, "ExtractedText: <text>%v</text>\n", string(text))
		}

		deps := licenseTexts
		deps := inputFiles(lg, pmix, licenseTexts)
		sort.Strings(deps)
		return deps, nil
		}

tools/compliance/cmd/sbom/sbom_test.go

+130 −8

Original line number	Diff line number	Diff line
		@@ -129,7 +129,16 @@ func Test(t *testing.T) {
		spdxExtractedText{"&&&First Party License&&&"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/firstparty/bin/bin1.meta_lic",
		"testdata/firstparty/bin/bin2.meta_lic",
		"testdata/firstparty/highest.apex.meta_lic",
		"testdata/firstparty/lib/liba.so.meta_lic",
		"testdata/firstparty/lib/libb.so.meta_lic",
		"testdata/firstparty/lib/libc.a.meta_lic",
		"testdata/firstparty/lib/libd.so.meta_lic",
		},
		},
		{
		condition: "firstparty",
		@@ -172,7 +181,13 @@ func Test(t *testing.T) {
		spdxExtractedText{"&&&First Party License&&&"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/firstparty/application.meta_lic",
		"testdata/firstparty/bin/bin3.meta_lic",
		"testdata/firstparty/lib/liba.so.meta_lic",
		"testdata/firstparty/lib/libb.so.meta_lic",
		},
		},
		{
		condition: "firstparty",
		@@ -235,7 +250,16 @@ func Test(t *testing.T) {
		spdxExtractedText{"&&&First Party License&&&"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/firstparty/bin/bin1.meta_lic",
		"testdata/firstparty/bin/bin2.meta_lic",
		"testdata/firstparty/container.zip.meta_lic",
		"testdata/firstparty/lib/liba.so.meta_lic",
		"testdata/firstparty/lib/libb.so.meta_lic",
		"testdata/firstparty/lib/libc.a.meta_lic",
		"testdata/firstparty/lib/libd.so.meta_lic",
		},
		},
		{
		condition: "firstparty",
		@@ -272,7 +296,12 @@ func Test(t *testing.T) {
		spdxExtractedText{"&&&First Party License&&&"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/firstparty/bin/bin1.meta_lic",
		"testdata/firstparty/lib/liba.so.meta_lic",
		"testdata/firstparty/lib/libc.a.meta_lic",
		},
		},
		{
		condition: "firstparty",
		@@ -297,7 +326,10 @@ func Test(t *testing.T) {
		spdxExtractedText{"&&&First Party License&&&"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/firstparty/lib/libd.so.meta_lic",
		},
		},
		{
		condition: "notice",
		@@ -366,6 +398,13 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/notice/bin/bin1.meta_lic",
		"testdata/notice/bin/bin2.meta_lic",
		"testdata/notice/highest.apex.meta_lic",
		"testdata/notice/lib/liba.so.meta_lic",
		"testdata/notice/lib/libb.so.meta_lic",
		"testdata/notice/lib/libc.a.meta_lic",
		"testdata/notice/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -435,6 +474,13 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/notice/bin/bin1.meta_lic",
		"testdata/notice/bin/bin2.meta_lic",
		"testdata/notice/container.zip.meta_lic",
		"testdata/notice/lib/liba.so.meta_lic",
		"testdata/notice/lib/libb.so.meta_lic",
		"testdata/notice/lib/libc.a.meta_lic",
		"testdata/notice/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -484,6 +530,10 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/notice/application.meta_lic",
		"testdata/notice/bin/bin3.meta_lic",
		"testdata/notice/lib/liba.so.meta_lic",
		"testdata/notice/lib/libb.so.meta_lic",
		},
		},
		{
		@@ -527,6 +577,9 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/notice/bin/bin1.meta_lic",
		"testdata/notice/lib/liba.so.meta_lic",
		"testdata/notice/lib/libc.a.meta_lic",
		},
		},
		{
		@@ -552,7 +605,10 @@ func Test(t *testing.T) {
		spdxExtractedText{"%%%Notice License%%%"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
		expectedDeps: []string{
		"testdata/notice/NOTICE_LICENSE",
		"testdata/notice/lib/libd.so.meta_lic",
		},
		},
		{
		condition: "reciprocal",
		@@ -625,6 +681,13 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/reciprocal/bin/bin1.meta_lic",
		"testdata/reciprocal/bin/bin2.meta_lic",
		"testdata/reciprocal/highest.apex.meta_lic",
		"testdata/reciprocal/lib/liba.so.meta_lic",
		"testdata/reciprocal/lib/libb.so.meta_lic",
		"testdata/reciprocal/lib/libc.a.meta_lic",
		"testdata/reciprocal/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -698,6 +761,13 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/reciprocal/bin/bin1.meta_lic",
		"testdata/reciprocal/bin/bin2.meta_lic",
		"testdata/reciprocal/container.zip.meta_lic",
		"testdata/reciprocal/lib/liba.so.meta_lic",
		"testdata/reciprocal/lib/libb.so.meta_lic",
		"testdata/reciprocal/lib/libc.a.meta_lic",
		"testdata/reciprocal/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -751,6 +821,10 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/reciprocal/application.meta_lic",
		"testdata/reciprocal/bin/bin3.meta_lic",
		"testdata/reciprocal/lib/liba.so.meta_lic",
		"testdata/reciprocal/lib/libb.so.meta_lic",
		},
		},
		{
		@@ -794,6 +868,9 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/reciprocal/bin/bin1.meta_lic",
		"testdata/reciprocal/lib/liba.so.meta_lic",
		"testdata/reciprocal/lib/libc.a.meta_lic",
		},
		},
		{
		@@ -821,6 +898,7 @@ func Test(t *testing.T) {
		},
		expectedDeps: []string{
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -899,6 +977,13 @@ func Test(t *testing.T) {
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/restricted/RESTRICTED_LICENSE",
		"testdata/restricted/bin/bin1.meta_lic",
		"testdata/restricted/bin/bin2.meta_lic",
		"testdata/restricted/highest.apex.meta_lic",
		"testdata/restricted/lib/liba.so.meta_lic",
		"testdata/restricted/lib/libb.so.meta_lic",
		"testdata/restricted/lib/libc.a.meta_lic",
		"testdata/restricted/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -977,6 +1062,13 @@ func Test(t *testing.T) {
		"testdata/notice/NOTICE_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/restricted/RESTRICTED_LICENSE",
		"testdata/restricted/bin/bin1.meta_lic",
		"testdata/restricted/bin/bin2.meta_lic",
		"testdata/restricted/container.zip.meta_lic",
		"testdata/restricted/lib/liba.so.meta_lic",
		"testdata/restricted/lib/libb.so.meta_lic",
		"testdata/restricted/lib/libc.a.meta_lic",
		"testdata/restricted/lib/libd.so.meta_lic",
		},
		},
		{
		@@ -1024,6 +1116,9 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/reciprocal/RECIPROCAL_LICENSE",
		"testdata/restricted/RESTRICTED_LICENSE",
		"testdata/restricted/bin/bin1.meta_lic",
		"testdata/restricted/lib/liba.so.meta_lic",
		"testdata/restricted/lib/libc.a.meta_lic",
		},
		},
		{
		@@ -1049,7 +1144,10 @@ func Test(t *testing.T) {
		spdxExtractedText{"%%%Notice License%%%"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
		expectedDeps: []string{
		"testdata/notice/NOTICE_LICENSE",
		"testdata/restricted/lib/libd.so.meta_lic",
		},
		},
		{
		condition: "proprietary",
		@@ -1125,6 +1223,13 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/proprietary/PROPRIETARY_LICENSE",
		"testdata/proprietary/bin/bin1.meta_lic",
		"testdata/proprietary/bin/bin2.meta_lic",
		"testdata/proprietary/highest.apex.meta_lic",
		"testdata/proprietary/lib/liba.so.meta_lic",
		"testdata/proprietary/lib/libb.so.meta_lic",
		"testdata/proprietary/lib/libc.a.meta_lic",
		"testdata/proprietary/lib/libd.so.meta_lic",
		"testdata/restricted/RESTRICTED_LICENSE",
		},
		},
		@@ -1202,6 +1307,13 @@ func Test(t *testing.T) {
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/notice/NOTICE_LICENSE",
		"testdata/proprietary/PROPRIETARY_LICENSE",
		"testdata/proprietary/bin/bin1.meta_lic",
		"testdata/proprietary/bin/bin2.meta_lic",
		"testdata/proprietary/container.zip.meta_lic",
		"testdata/proprietary/lib/liba.so.meta_lic",
		"testdata/proprietary/lib/libb.so.meta_lic",
		"testdata/proprietary/lib/libc.a.meta_lic",
		"testdata/proprietary/lib/libd.so.meta_lic",
		"testdata/restricted/RESTRICTED_LICENSE",
		},
		},
		@@ -1255,6 +1367,10 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/proprietary/PROPRIETARY_LICENSE",
		"testdata/proprietary/application.meta_lic",
		"testdata/proprietary/bin/bin3.meta_lic",
		"testdata/proprietary/lib/liba.so.meta_lic",
		"testdata/proprietary/lib/libb.so.meta_lic",
		"testdata/restricted/RESTRICTED_LICENSE",
		},
		},
		@@ -1299,6 +1415,9 @@ func Test(t *testing.T) {
		expectedDeps: []string{
		"testdata/firstparty/FIRST_PARTY_LICENSE",
		"testdata/proprietary/PROPRIETARY_LICENSE",
		"testdata/proprietary/bin/bin1.meta_lic",
		"testdata/proprietary/lib/liba.so.meta_lic",
		"testdata/proprietary/lib/libc.a.meta_lic",
		},
		},
		{
		@@ -1324,7 +1443,10 @@ func Test(t *testing.T) {
		spdxExtractedText{"%%%Notice License%%%"},
		spdxExtractedClosingText{},
		},
		expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
		expectedDeps: []string{
		"testdata/notice/NOTICE_LICENSE",
		"testdata/proprietary/lib/libd.so.meta_lic",
		},
		},
		}
		for _, tt := range tests {

tools/compliance/graph.go

+9 −0

Original line number	Diff line number	Diff line
		@@ -88,6 +88,15 @@ func (lg *LicenseGraph) Targets() TargetNodeList {
		return targets
		}

		// TargetNames returns the list of target node names in the graph. (unordered)
		func (lg *LicenseGraph) TargetNames() []string {
		targets := make([]string, 0, len(lg.targets))
		for target := range lg.targets {
		targets = append(targets, target)
		}
		return targets
		}

		// compliance-only LicenseGraph methods

		// newLicenseGraph constructs a new, empty instance of LicenseGraph.