diff --git a/tools/compliance/cmd/sbom/sbom.go b/tools/compliance/cmd/sbom/sbom.go index 493d331046..e03105289f 100644 --- a/tools/compliance/cmd/sbom/sbom.go +++ b/tools/compliance/cmd/sbom/sbom.go @@ -271,6 +271,17 @@ func getProjectMetadata(_ *context, pmix *projectmetadata.Index, return pms[index], nil } +// inputFiles returns the complete list of files read +func inputFiles(lg *compliance.LicenseGraph, pmix *projectmetadata.Index, licenseTexts []string) []string { + projectMeta := pmix.AllMetadataFiles() + targets := lg.TargetNames() + files := make([]string, 0, len(licenseTexts)+len(targets)+len(projectMeta)) + files = append(files, licenseTexts...) + files = append(files, targets...) + files = append(files, projectMeta...) + return files +} + // sbomGenerator implements the spdx bom utility // SBOM is part of the new government regulation issued to improve national cyber security @@ -417,6 +428,7 @@ func sbomGenerator(ctx *context, files ...string) ([]string, error) { fmt.Fprintf(ctx.stdout, "ExtractedText: %v\n", string(text)) } - deps := licenseTexts + deps := inputFiles(lg, pmix, licenseTexts) + sort.Strings(deps) return deps, nil } diff --git a/tools/compliance/cmd/sbom/sbom_test.go b/tools/compliance/cmd/sbom/sbom_test.go index 6b40a2772c..4d623ce5a7 100644 --- a/tools/compliance/cmd/sbom/sbom_test.go +++ b/tools/compliance/cmd/sbom/sbom_test.go @@ -129,7 +129,16 @@ func Test(t *testing.T) { spdxExtractedText{"&&&First Party License&&&"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"}, + expectedDeps: []string{ + "testdata/firstparty/FIRST_PARTY_LICENSE", + "testdata/firstparty/bin/bin1.meta_lic", + "testdata/firstparty/bin/bin2.meta_lic", + "testdata/firstparty/highest.apex.meta_lic", + "testdata/firstparty/lib/liba.so.meta_lic", + "testdata/firstparty/lib/libb.so.meta_lic", + "testdata/firstparty/lib/libc.a.meta_lic", + "testdata/firstparty/lib/libd.so.meta_lic", + }, }, { condition: "firstparty", @@ -172,7 +181,13 @@ func Test(t *testing.T) { spdxExtractedText{"&&&First Party License&&&"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"}, + expectedDeps: []string{ + "testdata/firstparty/FIRST_PARTY_LICENSE", + "testdata/firstparty/application.meta_lic", + "testdata/firstparty/bin/bin3.meta_lic", + "testdata/firstparty/lib/liba.so.meta_lic", + "testdata/firstparty/lib/libb.so.meta_lic", + }, }, { condition: "firstparty", @@ -235,7 +250,16 @@ func Test(t *testing.T) { spdxExtractedText{"&&&First Party License&&&"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"}, + expectedDeps: []string{ + "testdata/firstparty/FIRST_PARTY_LICENSE", + "testdata/firstparty/bin/bin1.meta_lic", + "testdata/firstparty/bin/bin2.meta_lic", + "testdata/firstparty/container.zip.meta_lic", + "testdata/firstparty/lib/liba.so.meta_lic", + "testdata/firstparty/lib/libb.so.meta_lic", + "testdata/firstparty/lib/libc.a.meta_lic", + "testdata/firstparty/lib/libd.so.meta_lic", + }, }, { condition: "firstparty", @@ -272,7 +296,12 @@ func Test(t *testing.T) { spdxExtractedText{"&&&First Party License&&&"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"}, + expectedDeps: []string{ + "testdata/firstparty/FIRST_PARTY_LICENSE", + "testdata/firstparty/bin/bin1.meta_lic", + "testdata/firstparty/lib/liba.so.meta_lic", + "testdata/firstparty/lib/libc.a.meta_lic", + }, }, { condition: "firstparty", @@ -297,7 +326,10 @@ func Test(t *testing.T) { spdxExtractedText{"&&&First Party License&&&"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"}, + expectedDeps: []string{ + "testdata/firstparty/FIRST_PARTY_LICENSE", + "testdata/firstparty/lib/libd.so.meta_lic", + }, }, { condition: "notice", @@ -366,6 +398,13 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", + "testdata/notice/bin/bin1.meta_lic", + "testdata/notice/bin/bin2.meta_lic", + "testdata/notice/highest.apex.meta_lic", + "testdata/notice/lib/liba.so.meta_lic", + "testdata/notice/lib/libb.so.meta_lic", + "testdata/notice/lib/libc.a.meta_lic", + "testdata/notice/lib/libd.so.meta_lic", }, }, { @@ -435,6 +474,13 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", + "testdata/notice/bin/bin1.meta_lic", + "testdata/notice/bin/bin2.meta_lic", + "testdata/notice/container.zip.meta_lic", + "testdata/notice/lib/liba.so.meta_lic", + "testdata/notice/lib/libb.so.meta_lic", + "testdata/notice/lib/libc.a.meta_lic", + "testdata/notice/lib/libd.so.meta_lic", }, }, { @@ -484,6 +530,10 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", + "testdata/notice/application.meta_lic", + "testdata/notice/bin/bin3.meta_lic", + "testdata/notice/lib/liba.so.meta_lic", + "testdata/notice/lib/libb.so.meta_lic", }, }, { @@ -527,6 +577,9 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", + "testdata/notice/bin/bin1.meta_lic", + "testdata/notice/lib/liba.so.meta_lic", + "testdata/notice/lib/libc.a.meta_lic", }, }, { @@ -552,7 +605,10 @@ func Test(t *testing.T) { spdxExtractedText{"%%%Notice License%%%"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"}, + expectedDeps: []string{ + "testdata/notice/NOTICE_LICENSE", + "testdata/notice/lib/libd.so.meta_lic", + }, }, { condition: "reciprocal", @@ -625,6 +681,13 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", + "testdata/reciprocal/bin/bin1.meta_lic", + "testdata/reciprocal/bin/bin2.meta_lic", + "testdata/reciprocal/highest.apex.meta_lic", + "testdata/reciprocal/lib/liba.so.meta_lic", + "testdata/reciprocal/lib/libb.so.meta_lic", + "testdata/reciprocal/lib/libc.a.meta_lic", + "testdata/reciprocal/lib/libd.so.meta_lic", }, }, { @@ -698,6 +761,13 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", + "testdata/reciprocal/bin/bin1.meta_lic", + "testdata/reciprocal/bin/bin2.meta_lic", + "testdata/reciprocal/container.zip.meta_lic", + "testdata/reciprocal/lib/liba.so.meta_lic", + "testdata/reciprocal/lib/libb.so.meta_lic", + "testdata/reciprocal/lib/libc.a.meta_lic", + "testdata/reciprocal/lib/libd.so.meta_lic", }, }, { @@ -751,6 +821,10 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", + "testdata/reciprocal/application.meta_lic", + "testdata/reciprocal/bin/bin3.meta_lic", + "testdata/reciprocal/lib/liba.so.meta_lic", + "testdata/reciprocal/lib/libb.so.meta_lic", }, }, { @@ -794,6 +868,9 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", + "testdata/reciprocal/bin/bin1.meta_lic", + "testdata/reciprocal/lib/liba.so.meta_lic", + "testdata/reciprocal/lib/libc.a.meta_lic", }, }, { @@ -821,6 +898,7 @@ func Test(t *testing.T) { }, expectedDeps: []string{ "testdata/notice/NOTICE_LICENSE", + "testdata/reciprocal/lib/libd.so.meta_lic", }, }, { @@ -899,6 +977,13 @@ func Test(t *testing.T) { "testdata/notice/NOTICE_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", "testdata/restricted/RESTRICTED_LICENSE", + "testdata/restricted/bin/bin1.meta_lic", + "testdata/restricted/bin/bin2.meta_lic", + "testdata/restricted/highest.apex.meta_lic", + "testdata/restricted/lib/liba.so.meta_lic", + "testdata/restricted/lib/libb.so.meta_lic", + "testdata/restricted/lib/libc.a.meta_lic", + "testdata/restricted/lib/libd.so.meta_lic", }, }, { @@ -977,6 +1062,13 @@ func Test(t *testing.T) { "testdata/notice/NOTICE_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", "testdata/restricted/RESTRICTED_LICENSE", + "testdata/restricted/bin/bin1.meta_lic", + "testdata/restricted/bin/bin2.meta_lic", + "testdata/restricted/container.zip.meta_lic", + "testdata/restricted/lib/liba.so.meta_lic", + "testdata/restricted/lib/libb.so.meta_lic", + "testdata/restricted/lib/libc.a.meta_lic", + "testdata/restricted/lib/libd.so.meta_lic", }, }, { @@ -1024,6 +1116,9 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/reciprocal/RECIPROCAL_LICENSE", "testdata/restricted/RESTRICTED_LICENSE", + "testdata/restricted/bin/bin1.meta_lic", + "testdata/restricted/lib/liba.so.meta_lic", + "testdata/restricted/lib/libc.a.meta_lic", }, }, { @@ -1049,7 +1144,10 @@ func Test(t *testing.T) { spdxExtractedText{"%%%Notice License%%%"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"}, + expectedDeps: []string{ + "testdata/notice/NOTICE_LICENSE", + "testdata/restricted/lib/libd.so.meta_lic", + }, }, { condition: "proprietary", @@ -1125,6 +1223,13 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", "testdata/proprietary/PROPRIETARY_LICENSE", + "testdata/proprietary/bin/bin1.meta_lic", + "testdata/proprietary/bin/bin2.meta_lic", + "testdata/proprietary/highest.apex.meta_lic", + "testdata/proprietary/lib/liba.so.meta_lic", + "testdata/proprietary/lib/libb.so.meta_lic", + "testdata/proprietary/lib/libc.a.meta_lic", + "testdata/proprietary/lib/libd.so.meta_lic", "testdata/restricted/RESTRICTED_LICENSE", }, }, @@ -1202,6 +1307,13 @@ func Test(t *testing.T) { "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/notice/NOTICE_LICENSE", "testdata/proprietary/PROPRIETARY_LICENSE", + "testdata/proprietary/bin/bin1.meta_lic", + "testdata/proprietary/bin/bin2.meta_lic", + "testdata/proprietary/container.zip.meta_lic", + "testdata/proprietary/lib/liba.so.meta_lic", + "testdata/proprietary/lib/libb.so.meta_lic", + "testdata/proprietary/lib/libc.a.meta_lic", + "testdata/proprietary/lib/libd.so.meta_lic", "testdata/restricted/RESTRICTED_LICENSE", }, }, @@ -1255,6 +1367,10 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/proprietary/PROPRIETARY_LICENSE", + "testdata/proprietary/application.meta_lic", + "testdata/proprietary/bin/bin3.meta_lic", + "testdata/proprietary/lib/liba.so.meta_lic", + "testdata/proprietary/lib/libb.so.meta_lic", "testdata/restricted/RESTRICTED_LICENSE", }, }, @@ -1299,6 +1415,9 @@ func Test(t *testing.T) { expectedDeps: []string{ "testdata/firstparty/FIRST_PARTY_LICENSE", "testdata/proprietary/PROPRIETARY_LICENSE", + "testdata/proprietary/bin/bin1.meta_lic", + "testdata/proprietary/lib/liba.so.meta_lic", + "testdata/proprietary/lib/libc.a.meta_lic", }, }, { @@ -1324,7 +1443,10 @@ func Test(t *testing.T) { spdxExtractedText{"%%%Notice License%%%"}, spdxExtractedClosingText{}, }, - expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"}, + expectedDeps: []string{ + "testdata/notice/NOTICE_LICENSE", + "testdata/proprietary/lib/libd.so.meta_lic", + }, }, } for _, tt := range tests { diff --git a/tools/compliance/graph.go b/tools/compliance/graph.go index fac1d05b69..9ad319b808 100644 --- a/tools/compliance/graph.go +++ b/tools/compliance/graph.go @@ -88,6 +88,15 @@ func (lg *LicenseGraph) Targets() TargetNodeList { return targets } +// TargetNames returns the list of target node names in the graph. (unordered) +func (lg *LicenseGraph) TargetNames() []string { + targets := make([]string, 0, len(lg.targets)) + for target := range lg.targets { + targets = append(targets, target) + } + return targets +} + // compliance-only LicenseGraph methods // newLicenseGraph constructs a new, empty instance of LicenseGraph.