Add deps tracking for SBOMs
Test: m compliance_sbom
Bug: 242220547
Change-Id: Ife93e0e1cdc43490818798922d574ae1b1d441d1
diff --git a/tools/compliance/cmd/sbom/sbom.go b/tools/compliance/cmd/sbom/sbom.go
index 493d331..e031052 100644
--- a/tools/compliance/cmd/sbom/sbom.go
+++ b/tools/compliance/cmd/sbom/sbom.go
@@ -271,6 +271,17 @@
return pms[index], nil
}
+// inputFiles returns the complete list of files read
+func inputFiles(lg *compliance.LicenseGraph, pmix *projectmetadata.Index, licenseTexts []string) []string {
+ projectMeta := pmix.AllMetadataFiles()
+ targets := lg.TargetNames()
+ files := make([]string, 0, len(licenseTexts)+len(targets)+len(projectMeta))
+ files = append(files, licenseTexts...)
+ files = append(files, targets...)
+ files = append(files, projectMeta...)
+ return files
+}
+
// sbomGenerator implements the spdx bom utility
// SBOM is part of the new government regulation issued to improve national cyber security
@@ -417,6 +428,7 @@
fmt.Fprintf(ctx.stdout, "ExtractedText: <text>%v</text>\n", string(text))
}
- deps := licenseTexts
+ deps := inputFiles(lg, pmix, licenseTexts)
+ sort.Strings(deps)
return deps, nil
}
diff --git a/tools/compliance/cmd/sbom/sbom_test.go b/tools/compliance/cmd/sbom/sbom_test.go
index 6b40a27..4d623ce 100644
--- a/tools/compliance/cmd/sbom/sbom_test.go
+++ b/tools/compliance/cmd/sbom/sbom_test.go
@@ -129,7 +129,16 @@
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
+ expectedDeps: []string{
+ "testdata/firstparty/FIRST_PARTY_LICENSE",
+ "testdata/firstparty/bin/bin1.meta_lic",
+ "testdata/firstparty/bin/bin2.meta_lic",
+ "testdata/firstparty/highest.apex.meta_lic",
+ "testdata/firstparty/lib/liba.so.meta_lic",
+ "testdata/firstparty/lib/libb.so.meta_lic",
+ "testdata/firstparty/lib/libc.a.meta_lic",
+ "testdata/firstparty/lib/libd.so.meta_lic",
+ },
},
{
condition: "firstparty",
@@ -172,7 +181,13 @@
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
+ expectedDeps: []string{
+ "testdata/firstparty/FIRST_PARTY_LICENSE",
+ "testdata/firstparty/application.meta_lic",
+ "testdata/firstparty/bin/bin3.meta_lic",
+ "testdata/firstparty/lib/liba.so.meta_lic",
+ "testdata/firstparty/lib/libb.so.meta_lic",
+ },
},
{
condition: "firstparty",
@@ -235,7 +250,16 @@
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
+ expectedDeps: []string{
+ "testdata/firstparty/FIRST_PARTY_LICENSE",
+ "testdata/firstparty/bin/bin1.meta_lic",
+ "testdata/firstparty/bin/bin2.meta_lic",
+ "testdata/firstparty/container.zip.meta_lic",
+ "testdata/firstparty/lib/liba.so.meta_lic",
+ "testdata/firstparty/lib/libb.so.meta_lic",
+ "testdata/firstparty/lib/libc.a.meta_lic",
+ "testdata/firstparty/lib/libd.so.meta_lic",
+ },
},
{
condition: "firstparty",
@@ -272,7 +296,12 @@
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
+ expectedDeps: []string{
+ "testdata/firstparty/FIRST_PARTY_LICENSE",
+ "testdata/firstparty/bin/bin1.meta_lic",
+ "testdata/firstparty/lib/liba.so.meta_lic",
+ "testdata/firstparty/lib/libc.a.meta_lic",
+ },
},
{
condition: "firstparty",
@@ -297,7 +326,10 @@
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
+ expectedDeps: []string{
+ "testdata/firstparty/FIRST_PARTY_LICENSE",
+ "testdata/firstparty/lib/libd.so.meta_lic",
+ },
},
{
condition: "notice",
@@ -366,6 +398,13 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
+ "testdata/notice/bin/bin1.meta_lic",
+ "testdata/notice/bin/bin2.meta_lic",
+ "testdata/notice/highest.apex.meta_lic",
+ "testdata/notice/lib/liba.so.meta_lic",
+ "testdata/notice/lib/libb.so.meta_lic",
+ "testdata/notice/lib/libc.a.meta_lic",
+ "testdata/notice/lib/libd.so.meta_lic",
},
},
{
@@ -435,6 +474,13 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
+ "testdata/notice/bin/bin1.meta_lic",
+ "testdata/notice/bin/bin2.meta_lic",
+ "testdata/notice/container.zip.meta_lic",
+ "testdata/notice/lib/liba.so.meta_lic",
+ "testdata/notice/lib/libb.so.meta_lic",
+ "testdata/notice/lib/libc.a.meta_lic",
+ "testdata/notice/lib/libd.so.meta_lic",
},
},
{
@@ -484,6 +530,10 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
+ "testdata/notice/application.meta_lic",
+ "testdata/notice/bin/bin3.meta_lic",
+ "testdata/notice/lib/liba.so.meta_lic",
+ "testdata/notice/lib/libb.so.meta_lic",
},
},
{
@@ -527,6 +577,9 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
+ "testdata/notice/bin/bin1.meta_lic",
+ "testdata/notice/lib/liba.so.meta_lic",
+ "testdata/notice/lib/libc.a.meta_lic",
},
},
{
@@ -552,7 +605,10 @@
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
+ expectedDeps: []string{
+ "testdata/notice/NOTICE_LICENSE",
+ "testdata/notice/lib/libd.so.meta_lic",
+ },
},
{
condition: "reciprocal",
@@ -625,6 +681,13 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
+ "testdata/reciprocal/bin/bin1.meta_lic",
+ "testdata/reciprocal/bin/bin2.meta_lic",
+ "testdata/reciprocal/highest.apex.meta_lic",
+ "testdata/reciprocal/lib/liba.so.meta_lic",
+ "testdata/reciprocal/lib/libb.so.meta_lic",
+ "testdata/reciprocal/lib/libc.a.meta_lic",
+ "testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -698,6 +761,13 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
+ "testdata/reciprocal/bin/bin1.meta_lic",
+ "testdata/reciprocal/bin/bin2.meta_lic",
+ "testdata/reciprocal/container.zip.meta_lic",
+ "testdata/reciprocal/lib/liba.so.meta_lic",
+ "testdata/reciprocal/lib/libb.so.meta_lic",
+ "testdata/reciprocal/lib/libc.a.meta_lic",
+ "testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -751,6 +821,10 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
+ "testdata/reciprocal/application.meta_lic",
+ "testdata/reciprocal/bin/bin3.meta_lic",
+ "testdata/reciprocal/lib/liba.so.meta_lic",
+ "testdata/reciprocal/lib/libb.so.meta_lic",
},
},
{
@@ -794,6 +868,9 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
+ "testdata/reciprocal/bin/bin1.meta_lic",
+ "testdata/reciprocal/lib/liba.so.meta_lic",
+ "testdata/reciprocal/lib/libc.a.meta_lic",
},
},
{
@@ -821,6 +898,7 @@
},
expectedDeps: []string{
"testdata/notice/NOTICE_LICENSE",
+ "testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -899,6 +977,13 @@
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
+ "testdata/restricted/bin/bin1.meta_lic",
+ "testdata/restricted/bin/bin2.meta_lic",
+ "testdata/restricted/highest.apex.meta_lic",
+ "testdata/restricted/lib/liba.so.meta_lic",
+ "testdata/restricted/lib/libb.so.meta_lic",
+ "testdata/restricted/lib/libc.a.meta_lic",
+ "testdata/restricted/lib/libd.so.meta_lic",
},
},
{
@@ -977,6 +1062,13 @@
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
+ "testdata/restricted/bin/bin1.meta_lic",
+ "testdata/restricted/bin/bin2.meta_lic",
+ "testdata/restricted/container.zip.meta_lic",
+ "testdata/restricted/lib/liba.so.meta_lic",
+ "testdata/restricted/lib/libb.so.meta_lic",
+ "testdata/restricted/lib/libc.a.meta_lic",
+ "testdata/restricted/lib/libd.so.meta_lic",
},
},
{
@@ -1024,6 +1116,9 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
+ "testdata/restricted/bin/bin1.meta_lic",
+ "testdata/restricted/lib/liba.so.meta_lic",
+ "testdata/restricted/lib/libc.a.meta_lic",
},
},
{
@@ -1049,7 +1144,10 @@
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
+ expectedDeps: []string{
+ "testdata/notice/NOTICE_LICENSE",
+ "testdata/restricted/lib/libd.so.meta_lic",
+ },
},
{
condition: "proprietary",
@@ -1125,6 +1223,13 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
+ "testdata/proprietary/bin/bin1.meta_lic",
+ "testdata/proprietary/bin/bin2.meta_lic",
+ "testdata/proprietary/highest.apex.meta_lic",
+ "testdata/proprietary/lib/liba.so.meta_lic",
+ "testdata/proprietary/lib/libb.so.meta_lic",
+ "testdata/proprietary/lib/libc.a.meta_lic",
+ "testdata/proprietary/lib/libd.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1202,6 +1307,13 @@
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
+ "testdata/proprietary/bin/bin1.meta_lic",
+ "testdata/proprietary/bin/bin2.meta_lic",
+ "testdata/proprietary/container.zip.meta_lic",
+ "testdata/proprietary/lib/liba.so.meta_lic",
+ "testdata/proprietary/lib/libb.so.meta_lic",
+ "testdata/proprietary/lib/libc.a.meta_lic",
+ "testdata/proprietary/lib/libd.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1255,6 +1367,10 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
+ "testdata/proprietary/application.meta_lic",
+ "testdata/proprietary/bin/bin3.meta_lic",
+ "testdata/proprietary/lib/liba.so.meta_lic",
+ "testdata/proprietary/lib/libb.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1299,6 +1415,9 @@
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
+ "testdata/proprietary/bin/bin1.meta_lic",
+ "testdata/proprietary/lib/liba.so.meta_lic",
+ "testdata/proprietary/lib/libc.a.meta_lic",
},
},
{
@@ -1324,7 +1443,10 @@
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
- expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
+ expectedDeps: []string{
+ "testdata/notice/NOTICE_LICENSE",
+ "testdata/proprietary/lib/libd.so.meta_lic",
+ },
},
}
for _, tt := range tests {
diff --git a/tools/compliance/graph.go b/tools/compliance/graph.go
index 80a2f47..4a06634 100644
--- a/tools/compliance/graph.go
+++ b/tools/compliance/graph.go
@@ -88,6 +88,15 @@
return targets
}
+// TargetNames returns the list of target node names in the graph. (unordered)
+func (lg *LicenseGraph) TargetNames() []string {
+ targets := make([]string, 0, len(lg.targets))
+ for target := range lg.targets {
+ targets = append(targets, target)
+ }
+ return targets
+}
+
// compliance-only LicenseGraph methods
// newLicenseGraph constructs a new, empty instance of LicenseGraph.