diff --git a/plugins/reporters/aosd/build.gradle.kts b/plugins/reporters/aosd/build.gradle.kts new file mode 100644 index 0000000000000..5563f6ff448ad --- /dev/null +++ b/plugins/reporters/aosd/build.gradle.kts @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2024 The ORT Project Authors (see ) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * License-Filename: LICENSE + */ + +plugins { + // Apply precompiled plugins. + id("ort-library-conventions") + + // Apply third-party plugins. + alias(libs.plugins.kotlinSerialization) +} + +dependencies { + api(projects.model) + api(projects.reporter) + + implementation(projects.utils.spdxUtils) + + implementation(libs.kotlinx.serialization.core) + implementation(libs.kotlinx.serialization.json) + + funTestImplementation(testFixtures(projects.reporter)) + + funTestImplementation(libs.jsonSchemaValidator) + funTestImplementation(libs.kotest.assertions.json) +} diff --git a/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-with-findings-1.0.json b/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-with-findings-1.0.json new file mode 100644 index 0000000000000..6eaab3f9d6d8b --- /dev/null +++ b/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-with-findings-1.0.json @@ -0,0 +1,162 @@ +{ + "directDependencies": [ + "NPM:@ort:no-license-file:1.0", + "NPM:@ort:license-file:1.0", + "NPM:@ort:license-file-and-additional-licenses:1.0", + "NPM:@ort:concluded-license:1.0", + "NPM:@ort:declared-license:1.0" + ], + "dependencies": [ + { + "id": "NPM:@ort:no-license-file:1.0", + "name": "no-license-file", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:license-file:1.0", + "name": "license-file", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:license-file-and-additional-licenses:1.0", + "name": "license-file-and-additional-licenses", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2", + "Copyright 3" + ] + }, + "origin": "licensefile" + }, + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2", + "Copyright 3" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:concluded-license:1.0", + "name": "concluded-license", + "version": "1.0", + "licenses": [ + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "origin": "packagemanagement" + }, + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + }, + { + "name": "BSD-2-Clause", + "spdxId": "BSD-2-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\nANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:declared-license:1.0", + "name": "declared-license", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "origin": "packagemanagement" + }, + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + } + ] +} diff --git a/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-without-findings-1.0.json b/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-without-findings-1.0.json new file mode 100644 index 0000000000000..479f75008a18a --- /dev/null +++ b/plugins/reporters/aosd/src/funTest/assets/aosd.NPM-%40ort-project-without-findings-1.0.json @@ -0,0 +1,156 @@ +{ + "directDependencies": [], + "dependencies": [ + { + "id": "NPM:@ort:no-license-file:1.0", + "name": "no-license-file", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:license-file:1.0", + "name": "license-file", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:license-file-and-additional-licenses:1.0", + "name": "license-file-and-additional-licenses", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2", + "Copyright 3" + ] + }, + "origin": "licensefile" + }, + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2", + "Copyright 3" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:concluded-license:1.0", + "name": "concluded-license", + "version": "1.0", + "licenses": [ + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "origin": "packagemanagement" + }, + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + }, + { + "name": "BSD-2-Clause", + "spdxId": "BSD-2-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\nANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1", + "Copyright 2" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + }, + { + "id": "NPM:@ort:declared-license:1.0", + "name": "declared-license", + "version": "1.0", + "licenses": [ + { + "name": "MIT", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n", + "origin": "packagemanagement" + }, + { + "name": "BSD-3-Clause", + "spdxId": "BSD-3-Clause", + "text": "Redistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this list\nof conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice, this\nlist of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n\nNeither the name of the ORGANIZATION nor the names of its contributors may be\nused to endorse or promote products derived from this software without specific\nprior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\nTHE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n", + "copyrights": { + "holders": [ + "Copyright 1" + ] + }, + "origin": "licensefile" + } + ], + "deployPackage": { + "name": "default" + }, + "externalDependencies": [] + } + ] +} diff --git a/plugins/reporters/aosd/src/funTest/assets/aosd.example.json b/plugins/reporters/aosd/src/funTest/assets/aosd.example.json new file mode 100644 index 0000000000000..c8820cf2b2b40 --- /dev/null +++ b/plugins/reporters/aosd/src/funTest/assets/aosd.example.json @@ -0,0 +1,114 @@ +{ + "$schema": "./aosd.schema.json", + "directDependencies": [ + "1" + ], + "dependencies": [ + { + "id": "1", + "name": "cross-env", + "version": "7.0.3", + "versionRange": "", + "scmUrl": "https://registry.npmjs.org/cross-env/-/cross-env-7.0.3.tgz", + "licenses": [ + { + "name": "MIT License", + "spdxId": "MIT", + "copyrights": { + "holders": [] + }, + "text": "Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + "origin": "licensefile" + } + ], + "parts": [ + { + "name": "default", + "description": "Package: cross-env - License key: MIT - Checksum: 5d10770886077388d316ac13903ecb440a36baa0f0432feea0ed8fe76ab36be6", + "providers": [ + { + "additionalLicenses": [ + { + "name": "MIT License", + "spdxId": "MIT", + "text": "Permission2 is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + "url": "http://opensource.org/licenses/mit-license.php", + "copyrights": { + "holders": [], + "notice": "" + }, + "origin": "licensefile" + } + ], + "modified": false, + "usage": "dynamic_linking" + } + ], + "external": true + } + ], + "deployPackage": { + "name": "default", + "downloadUrl": "", + "checksums": { + "integrity": "" + } + }, + "externalDependencies": [ + "2" + ] + }, + { + "id": "2", + "name": "cross-spawn", + "version": "7.0.3", + "versionRange": "", + "scmUrl": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "licenses": [ + { + "name": "MIT License", + "spdxId": "MIT", + "copyrights": { + "holders": [] + }, + "text": "Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + "origin": "licensefile" + } + ], + "parts": [ + { + "name": "default", + "description": "Package: cross-spawn - License key: MIT - Checksum: 5d10770886077388d316ac13903ecb440a36baa0f0432feea0ed8fe76ab36be6", + "providers": [ + { + "additionalLicenses": [ + { + "name": "MIT License", + "spdxId": "MIT", + "text": "Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", + "url": "http://opensource.org/licenses/mit-license.php", + "copyrights": { + "holders": [], + "notice": "" + }, + "origin": "licensefile" + } + ], + "modified": false, + "usage": "dynamic_linking" + } + ], + "external": true + } + ], + "deployPackage": { + "name": "default", + "downloadUrl": "", + "checksums": { + "integrity": "" + } + }, + "externalDependencies": [] + } + ] +} diff --git a/plugins/reporters/aosd/src/funTest/assets/aosd.schema.json b/plugins/reporters/aosd/src/funTest/assets/aosd.schema.json new file mode 100644 index 0000000000000..5ec42e6d0ac16 --- /dev/null +++ b/plugins/reporters/aosd/src/funTest/assets/aosd.schema.json @@ -0,0 +1,313 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.cip.audi.de/bitbucket/projects/AEVAOSD/repos/aosd_importer/raw/scripts/aosdjsongenerator/schema/product_import.schema.json", + "type": "object", + "title": "The AOSD 2.0 JSON import", + "description": "Defines the JSON format for automatically importing product dependencies into AOSD2.0", + "definitions": { + "license": { + "type": "object", + "title": "AOSD License information", + "description": "Indication of the licenses under which the software may be used. All licenses are cumulative (and) unless the multiLicensing flag is set.", + "required": [ + "spdxId", + "text" + ], + "additionalProperties": false, + "properties": { + "name": { + "description": "Full name of the license", + "type": "string" + }, + "spdxId": { + "description": "SPDX license identifier from https://spdx.org/licenses/", + "type": "string", + "default": "Commercial" + }, + "text": { + "description": "License text", + "type": "string" + }, + "url": { + "description": "URL where the license is published and can be read.", + "type": "string", + "default": "https://..." + }, + "copyrights": { + "type": "object", + "additionalProperties": false, + "properties": { + "holders": { + "type": "array", + "items": { + "type": "string" + } + }, + "notice": { + "type": "string" + } + } + }, + "origin": { + "description": "Identifying the origin of the license information.", + "type": "string", + "enum": [ + "packagemanagement", + "scm", + "licensefile" + ] + } + } + }, + "part": { + "type": "object", + "additionalProperties": false, + "required": [ + "name", + "providers" + ], + "description": "A part represents a library that is available in the version and can be used separately by third parties. This is not a dependency of the product.", + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "features": { + "type": "array", + "description": "WARNING: Features are not yet implemented!", + "items": { + "type": "string" + } + }, + "providers": { + "type": "array", + "items": { + "$ref": "#/definitions/provider" + } + }, + "external": { + "type": "boolean", + "description": "True, if the part is the work of a third party" + } + } + }, + "internalDependency": { + "type": "object", + "required": [ + "from", + "to" + ], + "additionalProperties": false, + "properties": { + "from": { + "description": "Name of the software part that requires the dependency", + "type": "string" + }, + "to": { + "description": "Name of the software part, which is required as dependency", + "type": "string" + } + } + }, + "externalDependency": { + "type": "object", + "required": [ + "id", + "name", + "version", + "licenses", + "parts", + "deployPackage" + ], + "additionalProperties": false, + "properties": { + "id": { + "description": "Unique identifier of the dependency", + "type": "string" + }, + "name": { + "description": "Product name of the dependency", + "type": "string" + }, + "scmUrl": { + "description": "Source code repository of the dependency", + "type": "string", + "default": "https://..." + }, + "description": { + "description": "Short description.", + "type": "string" + }, + "version": { + "description": "The exact version number", + "default": "1.0.0", + "type": "string" + }, + "versionRange": { + "description": "The possible version range of the dependency", + "default": "^1.0.0", + "type": "string" + }, + "licenses": { + "type": "array", + "description": "Indication of the licenses under which the software may be used. All licenses are cumulative (and).", + "items": { + "description": "Indication of the licenses under which the software may be used. All licenses are cumulative (and).", + "$ref": "#/definitions/license" + } + }, + "parts": { + "type": "array", + "description": "The part description is optional for dividing the version into smaller pieacse. e.g. for additional license or usage information if necessary", + "items": { + "description": "A part represents a library that is available in the version and can be used separately by third parties. This is not a dependency of the product", + "$ref": "#/definitions/part" + } + }, + "deployPackage": { + "type": "object", + "additionalProperties": false, + "description": "A deploy package represents a binary package e.g. for a target platform.", + "required": [ + "name" + ], + "dependencies": { + "downloadUrl": { + "required": [ + "checksums" + ] + } + }, + "properties": { + "name": { + "description": "Name or identifier of the variant", + "type": "string" + }, + "downloadUrl": { + "description": "Information about the download location of the variant (binary)", + "type": "string" + }, + "checksums": { + "type": "object", + "description": "The variant (binary) of the product can be verified using the given (file-)checksum.", + "additionalProperties": false, + "oneOf": [ + { + "required": [ + "sha256" + ] + }, + { + "required": [ + "integrity" + ] + } + ], + "properties": { + "md5": { + "type": "string" + }, + "sha1": { + "type": "string" + }, + "sha256": { + "type": "string" + }, + "integrity": { + "type": "string" + } + } + }, + "disclaimer": { + "description": "Information on the custom disclaimer of the software", + "type": "string" + } + } + }, + "internalDependencies": { + "type": "array", + "description": "Provide the ability to model dependencies between two parts of the software. The precondition is that both parts have been described in the JSON", + "items": { + "$ref": "#/definitions/internalDependency" + } + }, + "externalDependencies": { + "type": "array", + "description": "Reference to the ID of the dependencies which are required by this one.", + "items": { + "type": "string" + } + } + } + }, + "feature": { + "type": "object", + "title": "AOSD Feature information", + "required": [ + "id" + ], + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "shortDescription": { + "type": "string" + } + } + }, + "provider": { + "description": "If the version has been divided into individual parts, then these can be made available for third-party use by providing the usage features and license information if necessary (e.g. dual licensing)", + "required": [ + "additionalLicenses", + "modified", + "usage" + ], + "additionalProperties": false, + "properties": { + "additionalLicenses": { + "type": "array", + "items": { + "$ref": "#/definitions/license" + } + }, + "modified": { + "type": "boolean", + "default": false + }, + "usage": { + "type": "string", + "enum": [ + "dynamic_linking", + "static_linking", + "sys_call_dyn_link", + "sys_call_process" + ], + "default": "dynamic_linking" + } + } + } + }, + "required": [ + "directDependencies", + "dependencies" + ], + "properties": { + "directDependencies": { + "description": "Ids of dependencies directly related to the project", + "type": "array", + "items": { + "type": "string" + } + }, + "dependencies": { + "description": "Description of the products to be evaluated by AOSD", + "type": "array", + "items": { + "$ref": "#/definitions/externalDependency" + } + } + } +} diff --git a/plugins/reporters/aosd/src/funTest/kotlin/AudiOpenSourceDiagnosticsReporterFunTest.kt b/plugins/reporters/aosd/src/funTest/kotlin/AudiOpenSourceDiagnosticsReporterFunTest.kt new file mode 100644 index 0000000000000..26a3a606b0cb5 --- /dev/null +++ b/plugins/reporters/aosd/src/funTest/kotlin/AudiOpenSourceDiagnosticsReporterFunTest.kt @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2024 The ORT Project Authors (see ) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * License-Filename: LICENSE + */ + +package org.ossreviewtoolkit.plugins.reporters.aosd + +import com.networknt.schema.InputFormat +import com.networknt.schema.JsonSchemaFactory +import com.networknt.schema.SpecVersion + +import io.kotest.assertions.assertSoftly +import io.kotest.assertions.json.shouldEqualJson +import io.kotest.core.spec.style.WordSpec +import io.kotest.engine.spec.tempdir +import io.kotest.matchers.collections.beEmpty +import io.kotest.matchers.collections.shouldHaveSize +import io.kotest.matchers.result.shouldBeSuccess +import io.kotest.matchers.should + +import kotlinx.serialization.json.decodeFromStream + +import org.ossreviewtoolkit.reporter.ORT_RESULT +import org.ossreviewtoolkit.reporter.ReporterInput +import org.ossreviewtoolkit.utils.test.getAssetFile + +class AudiOpenSourceDiagnosticsReporterFunTest : WordSpec({ + "The example JSON report" should { + "be valid according to the schema" { + val schemaFile = getAssetFile("aosd.schema.json") + val schema = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V7).getSchema(schemaFile.toURI()) + + val exampleFile = getAssetFile("aosd.example.json") + val errors = schema.validate(exampleFile.readText(), InputFormat.JSON) + + errors should beEmpty() + } + + "deserialize correctly" { + val aosdFile = getAssetFile("aosd.example.json") + val aosd = aosdFile.inputStream().use { JSON.decodeFromStream(it) } + + with(aosd) { + directDependencies shouldHaveSize 1 + dependencies shouldHaveSize 2 + } + } + } + + "The generated report" should { + "match the expected result" { + val outputDir = tempdir() + val reportFiles = AudiOpenSourceDiagnosticsReporter().generateReport(ReporterInput(ORT_RESULT), outputDir) + + reportFiles shouldHaveSize 2 + + assertSoftly { + with(reportFiles[0]) { + this shouldBeSuccess { actualFile -> + val expectedFile = getAssetFile("aosd.NPM-%40ort-project-with-findings-1.0.json") + actualFile.readText() shouldEqualJson expectedFile.readText() + } + } + + with(reportFiles[1]) { + this shouldBeSuccess { actualFile -> + val expectedFile = getAssetFile("aosd.NPM-%40ort-project-without-findings-1.0.json") + actualFile.readText() shouldEqualJson expectedFile.readText() + } + } + } + } + } +}) diff --git a/plugins/reporters/aosd/src/main/kotlin/AudiOpenSourceDiagnosticsReporter.kt b/plugins/reporters/aosd/src/main/kotlin/AudiOpenSourceDiagnosticsReporter.kt new file mode 100644 index 0000000000000..cae0c14b12c14 --- /dev/null +++ b/plugins/reporters/aosd/src/main/kotlin/AudiOpenSourceDiagnosticsReporter.kt @@ -0,0 +1,147 @@ +/* + * Copyright (C) 2024 The ORT Project Authors (see ) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * License-Filename: LICENSE + */ + +package org.ossreviewtoolkit.plugins.reporters.aosd + +import java.io.File + +import org.ossreviewtoolkit.model.ArtifactProvenance +import org.ossreviewtoolkit.model.Hash +import org.ossreviewtoolkit.model.HashAlgorithm +import org.ossreviewtoolkit.model.Package +import org.ossreviewtoolkit.model.RemoteArtifact +import org.ossreviewtoolkit.model.RepositoryProvenance +import org.ossreviewtoolkit.model.config.PluginConfiguration +import org.ossreviewtoolkit.model.licenses.LicenseView +import org.ossreviewtoolkit.plugins.reporters.aosd.AOSD2.ExternalDependency +import org.ossreviewtoolkit.reporter.Reporter +import org.ossreviewtoolkit.reporter.ReporterInput +import org.ossreviewtoolkit.utils.spdx.SpdxLicense + +class AudiOpenSourceDiagnosticsReporter : Reporter { + override val type = "AOSD" + + override fun generateReport( + input: ReporterInput, + outputDir: File, + config: PluginConfiguration + ): List> { + val reportFiles = input.ortResult.getProjects(omitExcluded = true).map { project -> + val directDependencies = input.ortResult.getDependencies(project.id, maxLevel = 1, omitExcluded = true) + .map { it.toCoordinates() } + + val dependencies = input.ortResult.getPackages(omitExcluded = true).map { + it.metadata.toExternalDependency(input) + } + + runCatching { + val model = AOSD2(directDependencies = directDependencies, dependencies = dependencies) + val projectName = project.id.toPath("-") + + outputDir.resolve("aosd.$projectName.json").writeReport(model) + } + } + + return reportFiles + } +} + +private fun Package.toExternalDependency(input: ReporterInput): ExternalDependency = + ExternalDependency( + id = id.toCoordinates(), + name = id.name, + scmUrl = vcsProcessed.url.takeUnless { it.isEmpty() }, + description = description.takeUnless { it.isEmpty() }, + version = id.version, + licenses = toLicenses(input), + deployPackage = binaryArtifact.toDeployPackage(), + externalDependencies = input.ortResult.getDependencies(id, maxLevel = 1, omitExcluded = true).map { + it.toCoordinates() + } + ) + +private fun Package.toLicenses(input: ReporterInput): List { + val licenses = mutableListOf() + val resolvedLicenseInfo = input.licenseInfoResolver.resolveLicenseInfo(id).filterExcluded() + + fun getLicenses( + licenseView: LicenseView, + origin: AOSD2.Origin, + copyrights: List = emptyList() + ): List { + val effectiveLicense = resolvedLicenseInfo.effectiveLicense( + licenseView, + input.ortResult.getPackageLicenseChoices(id), + input.ortResult.getRepositoryLicenseChoices() + ) + + return effectiveLicense?.decompose()?.map { licenseExpression -> + val name = licenseExpression.toString() + val text = input.licenseTextProvider.getLicenseText(name) + + AOSD2.License( + name = name, + spdxId = SpdxLicense.forId(name)?.id, + text = text.orEmpty(), + copyrights = copyrights.takeUnless { it.isEmpty() }?.let { AOSD2.Copyrights(copyrights) }, + origin = origin + ) + }.orEmpty() + } + + val copyrights = resolvedLicenseInfo.getCopyrights().toList() + + // Declared licenses come from package management metadata. + licenses += getLicenses(LicenseView.ONLY_DECLARED, AOSD2.Origin.PACKAGE_MANAGEMENT) + + // Group licenses detected by a scanner by their provenance / origin. + val provenance = input.ortResult.scanner?.provenances?.find { it.id == id }?.packageProvenance + when (provenance) { + is RepositoryProvenance -> licenses += getLicenses( + LicenseView.ONLY_DETECTED, + AOSD2.Origin.SCM, + copyrights + ) + + is ArtifactProvenance -> licenses += getLicenses( + LicenseView.ONLY_DETECTED, + AOSD2.Origin.LICENSE_FILE, + copyrights + ) + + null -> {} + } + + return licenses +} + +private fun RemoteArtifact.toDeployPackage(): AOSD2.DeployPackage = + AOSD2.DeployPackage( + name = "default", + downloadUrl = url.takeUnless { it.isEmpty() }, + checksums = hash.takeIf { it.algorithm.isVerifiable }?.toChecksums() + ) + +private fun Hash.toChecksums(): AOSD2.Checksums = + when (algorithm) { + HashAlgorithm.MD5 -> AOSD2.Checksums(md5 = value) + HashAlgorithm.SHA1 -> AOSD2.Checksums(sha1 = value) + HashAlgorithm.SHA256 -> AOSD2.Checksums(sha256 = value) + else -> AOSD2.Checksums(integrity = value) + } diff --git a/plugins/reporters/aosd/src/main/kotlin/Model.kt b/plugins/reporters/aosd/src/main/kotlin/Model.kt new file mode 100644 index 0000000000000..726e1afb9cf95 --- /dev/null +++ b/plugins/reporters/aosd/src/main/kotlin/Model.kt @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2024 The ORT Project Authors (see ) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * License-Filename: LICENSE + */ + +@file:Suppress("MatchingDeclarationName") + +package org.ossreviewtoolkit.plugins.reporters.aosd + +import java.io.File + +import kotlinx.serialization.SerialName +import kotlinx.serialization.Serializable +import kotlinx.serialization.json.Json +import kotlinx.serialization.json.encodeToStream + +/** + * The JSON format for importing product dependencies into AOSD 2.0, see https://www.aosd.cloud.audi/jsonschemadoc/. + */ +@Serializable +internal data class AOSD2( + /** The reference to the official JSON schema. */ + @SerialName("\$schema") + val schema: String = "https://www.aosd.cloud.audi/jsonschemadoc/static/aosd.schema.json", + /** Ids of dependencies directly related to the project. */ + val directDependencies: List, + /** Description of the products to be evaluated by AOSD. */ + val dependencies: List +) { + @Serializable + data class ExternalDependency( + /** Unique identifier of the dependency. */ + val id: String, + /** Product name of the dependency. */ + val name: String, + /** Source code repository of the dependency. */ + val scmUrl: String? = null, + /** Short description. */ + val description: String? = null, + /** The exact version number. */ + val version: String, + /** The possible version range of the dependency. */ + val versionRange: String? = null, + /** Indication of the licenses under which the software may be used. All licenses are cumulative (and). */ + val licenses: List, + + /** + * The part description is optional for dividing the dependency into smaller pieces, e.g. for additional + * license or usage information if necessary. + */ + val parts: List = emptyList(), + + /** A deploy package represents a binary package, e.g. for a target platform. */ + val deployPackage: DeployPackage, + + /** + * Provide the ability to model dependencies between two parts of the software. The precondition is that both + * parts have been described in the JSON. + */ + val internalDependencies: List? = null, + + /** References to the IDs of the dependencies which are required by this one. */ + val externalDependencies: List? = null + ) + + /** + * Indication of the licenses under which the software may be used. All licenses are cumulative (and). + */ + @Serializable + data class License( + /** Full name of the license. */ + val name: String? = null, + /** SPDX license identifier from https://spdx.org/licenses/. */ + val spdxId: String? = null, + /** The license text. */ + val text: String, + /** The URL where the license is published and can be read. */ + val url: String? = null, + /** The copyrights associated with the license. */ + val copyrights: Copyrights? = null, + /** The origin of the license information. */ + val origin: Origin? = null + ) + + @Serializable + data class Copyrights( + val holders: List? = null, + val notice: String? = null + ) + + /** + * The origin of the license information. + */ + @Serializable + enum class Origin { + @SerialName("packagemanagement") + PACKAGE_MANAGEMENT, + @SerialName("scm") + SCM, + @SerialName("licensefile") + LICENSE_FILE + } + + /** + * A part represents a library that is available in the version and can be used separately by third parties. This is + * not a dependency of the product. + */ + @Serializable + data class Part( + val name: String, + val description: String? = null, + /** WARNING: Features are not yet implemented! */ + val features: List? = null, + val providers: List, + /** True, if the part is the work of a third party. */ + val external: Boolean? = null + ) + + @Serializable + data class Provider( + val additionalLicenses: List, + val modified: Boolean = false, + val usage: Usage = Usage.DYNAMIC_LINKING + ) + + @Serializable + enum class Usage { + @SerialName("dynamic_linking") + DYNAMIC_LINKING, + @SerialName("static_linking") + STATIC_LINKING, + @SerialName("sys_call_dyn_link") + SYS_CALL_DYN_LINK, + @SerialName("sys_call_process") + SYS_CALL_PROCESS + } + + /** + * A deploy package represents a binary package e.g. for a target platform. + */ + @Serializable + data class DeployPackage( + /** Name or identifier of the variant. */ + val name: String, + /** Information about the download location of the variant (binary). */ + val downloadUrl: String? = null, + /** The variant (binary) of the product can be verified using the given (file-)checksum. */ + val checksums: Checksums? = null, + /** Information on the custom disclaimer of the software. */ + val disclaimer: String? = null + ) + + /** + * The variant (binary) of the product can be verified using the given (file-)checksum. + */ + @Serializable + data class Checksums( + val md5: String? = null, + val sha1: String? = null, + val sha256: String? = null, + val integrity: String? = null + ) + + @Serializable + data class InternalDependency( + /** Name of the software part that requires the dependency. */ + val from: String, + /** Name of the software part, which is required as dependency. */ + val to: String + ) +} + +internal val JSON = Json { encodeDefaults = false } + +internal fun File.writeReport(model: AOSD2): File = apply { outputStream().use { JSON.encodeToStream(model, it) } } diff --git a/plugins/reporters/aosd/src/main/resources/META-INF/services/org.ossreviewtoolkit.reporter.Reporter b/plugins/reporters/aosd/src/main/resources/META-INF/services/org.ossreviewtoolkit.reporter.Reporter new file mode 100644 index 0000000000000..a3f50cccb264d --- /dev/null +++ b/plugins/reporters/aosd/src/main/resources/META-INF/services/org.ossreviewtoolkit.reporter.Reporter @@ -0,0 +1 @@ +org.ossreviewtoolkit.plugins.reporters.aosd.AudiOpenSourceDiagnosticsReporter diff --git a/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationModel.kt b/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationModel.kt index 3d4b60eec0909..ec8f520cffc6b 100644 --- a/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationModel.kt +++ b/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationModel.kt @@ -31,10 +31,10 @@ import org.ossreviewtoolkit.utils.spdx.isSpdxExpression @Serializable internal data class FossInfo( /** - * The reference to the JSON schema in use. + * The reference to the official JSON schema. */ @SerialName("\$schema") - val schema: String? = "https://github.com/boschrexroth/json-schema/blob/a84eab6/ctrlx-automation/ctrlx-core/apps/" + + val schema: String = "https://github.com/boschrexroth/json-schema/blob/a84eab6/ctrlx-automation/ctrlx-core/apps/" + "fossinfo/fossinfo.v1.schema.json", /** diff --git a/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationReporter.kt b/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationReporter.kt index 76536ecafd71e..0bd04a278c43d 100644 --- a/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationReporter.kt +++ b/plugins/reporters/ctrlx/src/main/kotlin/CtrlXAutomationReporter.kt @@ -29,6 +29,7 @@ import org.ossreviewtoolkit.model.licenses.LicenseView import org.ossreviewtoolkit.reporter.Reporter import org.ossreviewtoolkit.reporter.ReporterInput import org.ossreviewtoolkit.utils.spdx.SpdxConstants +import org.ossreviewtoolkit.utils.spdx.SpdxLicense class CtrlXAutomationReporter : Reporter { companion object { @@ -71,9 +72,10 @@ class CtrlXAutomationReporter : Reporter { input.ortResult.getRepositoryLicenseChoices() ) val licenses = effectiveLicense?.decompose()?.map { - val id = it.toString() - val text = input.licenseTextProvider.getLicenseText(id) - License(name = id, spdx = id, text = text.orEmpty()) + val name = it.toString() + val spdxId = SpdxLicense.forId(name)?.id + val text = input.licenseTextProvider.getLicenseText(name) + License(name = name, spdx = spdxId, text = text.orEmpty()) } // The specification requires at least one license. diff --git a/website/docs/tools/reporter.md b/website/docs/tools/reporter.md index f33f4211193f9..ffd8329912721 100644 --- a/website/docs/tools/reporter.md +++ b/website/docs/tools/reporter.md @@ -7,6 +7,7 @@ sidebar_position: 6 The *reporter* generates a wide variety of documents in different formats from ORT result files. Currently, the following formats are supported (reporter names are case-insensitive): +* [Audio Open Source Diagnostics](https://www.aosd.cloud.audi/help) (`-f AOSD`) * [AsciiDoc Template](../configuration/reporter-templates.md#asciidoc-templates) (`-f AsciiDocTemplate`) * Customizable with [Apache Freemarker](https://freemarker.apache.org/) templates and [AsciiDoc](https://asciidoc.org/) * PDF style customizable with Asciidoctor [PDF themes](https://docs.asciidoctor.org/pdf-converter/latest/theme/) @@ -15,7 +16,7 @@ Currently, the following formats are supported (reporter names are case-insensit * HTML (`-f HtmlTemplate`) * DocBook (`-f DocBookTemplate`) * Man page (`-f ManPageTemplate`) -* [ctrlX AUTOMATION](https://apps.boschrexroth.com/microsites/ctrlx-automation/) platform [FOSS information](https://github.com/boschrexroth/json-schema/tree/master/ctrlx-automation/ctrlx-core/apps/fossinfo) (`-f CtrlXAutomation`) +* [ctrlX AUTOMATION](https://apps.boschrexroth.com/microsites/ctrlx-automation/) platform [FOSS information](https://github.com/boschrexroth/json-schema/tree/master/ctrlx-automation/ctrlx-os/apps/fossinfo) (`-f CtrlXAutomation`) * [CycloneDX](https://cyclonedx.org/) BOM (`-f CycloneDx`) * FossID report download (HTML, SPDX, and Excel types) * [GitLabLicenseModel](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportslicense_scanning-ultimate) (`-f GitLabLicenseModel`)