return self.add(v)
def new_vex_patched_relationship(self, from_, to, notes: None):
- props = {'security_statusNotes': notes} if notes else {}
+ props = {"security_statusNotes": notes} if notes else {}
return self._new_relationship(
oe.spdx30.security_VexFixedVulnAssessmentRelationship,
from_,
)
def new_vex_unpatched_relationship(self, from_, to, notes: None):
- props = {'security_statusNotes': notes} if notes else {}
+ props = {"security_statusNotes": notes} if notes else {}
return self._new_relationship(
oe.spdx30.security_VexAffectedVulnAssessmentRelationship,
from_,
)
def new_vex_ignored_relationship(self, from_, to, *, impact_statement, notes: None):
- props = {'security_statusNotes': notes} if notes else {}
+ props = {"security_statusNotes": notes} if notes else {}
return self._new_relationship(
oe.spdx30.security_VexNotAffectedVulnAssessmentRelationship,
from_,
index_sources_by_hash(e.to, dest)
-
def _generate_git_purl(d, download_location, srcrev):
"""Generate a Package URL for a Git source from its download location.
Returns the PURL string or None if no mapping matches.
"""
- if not download_location or not download_location.startswith('git+'):
+ if not download_location or not download_location.startswith("git+"):
return None
git_url = download_location[4:] # Remove 'git+' prefix
# Default handler: github.com
git_purl_handlers = {
- 'github.com': 'pkg:github',
+ "github.com": "pkg:github",
}
# Custom PURL mappings from SPDX_GIT_PURL_MAPPINGS
# Format: "domain1:purl_type1 domain2:purl_type2"
- custom_mappings = d.getVar('SPDX_GIT_PURL_MAPPINGS')
+ custom_mappings = d.getVar("SPDX_GIT_PURL_MAPPINGS")
if custom_mappings:
for mapping in custom_mappings.split():
- parts = mapping.split(':', 1)
+ parts = mapping.split(":", 1)
if len(parts) == 2:
git_purl_handlers[parts[0]] = parts[1]
bb.debug(2, f"Added custom Git PURL mapping: {parts[0]} -> {parts[1]}")
else:
- bb.warn(f"Invalid SPDX_GIT_PURL_MAPPINGS entry: {mapping} (expected format: domain:purl_type)")
+ bb.warn(
+ f"Invalid SPDX_GIT_PURL_MAPPINGS entry: {mapping} (expected format: domain:purl_type)"
+ )
try:
parsed = urllib.parse.urlparse(git_url)
for domain, purl_type in git_purl_handlers.items():
if hostname == domain:
- path = parsed.path.strip('/')
- path_parts = path.split('/')
+ path = parsed.path.strip("/")
+ path_parts = path.split("/")
if len(path_parts) >= 2:
owner = path_parts[0]
- repo = path_parts[1].replace('.git', '')
+ repo = path_parts[1].replace(".git", "")
return f"{purl_type}/{owner}/{repo}@{srcrev}"
break
if fd.type == "git":
# Use full SHA-1 from fd.revision
- srcrev = getattr(fd, 'revision', None)
- if srcrev and srcrev not in {'${AUTOREV}', 'AUTOINC', 'INVALID'}:
+ srcrev = getattr(fd, "revision", None)
+ if srcrev and srcrev not in {"${AUTOREV}", "AUTOINC", "INVALID"}:
version = srcrev
# Generate PURL for Git hosting services
- download_location = getattr(dl, 'software_downloadLocation', None)
+ download_location = getattr(dl, "software_downloadLocation", None)
if version and download_location:
purl = _generate_git_purl(d, download_location, version)
dl.software_packageUrl = purl
# Add VCS external reference for Git repositories
- download_location = getattr(dl, 'software_downloadLocation', None)
+ download_location = getattr(dl, "software_downloadLocation", None)
if download_location and isinstance(download_location, str):
- if download_location.startswith('git+'):
+ if download_location.startswith("git+"):
git_url = download_location[4:]
- if '@' in git_url:
- git_url = git_url.split('@')[0]
+ if "@" in git_url:
+ git_url = git_url.split("@")[0]
dl.externalRef = dl.externalRef or []
dl.externalRef.append(
)
-
def add_download_files(d, objset):
inputs = set()
if status == "Patched":
spdx_vex = recipe_objset.new_vex_patched_relationship(
- [spdx_cve_id], [recipe],
- notes=": ".join(v for v in (detail, description) if v)
+ [spdx_cve_id],
+ [recipe],
+ notes=": ".join(v for v in (detail, description) if v),
)
patches = []
for idx, filepath in enumerate(resources):
elif status == "Unpatched":
recipe_objset.new_vex_unpatched_relationship(
- [spdx_cve_id], [recipe],
- notes=": ".join(v for v in (detail, description) if v)
+ [spdx_cve_id],
+ [recipe],
+ notes=": ".join(v for v in (detail, description) if v),
)
elif status == "Ignored":
spdx_vex = recipe_objset.new_vex_ignored_relationship(
if include_sources:
debug_sources |= get_package_sources_from_debug(
- d, package, package_files, dep_sources, source_hash_cache,
+ d,
+ package,
+ package_files,
+ dep_sources,
+ source_hash_cache,
excluded_files=excluded_files,
)
if dep not in providers:
continue
- (dep, _) = providers[dep]
+ dep, _ = providers[dep]
if not oe.packagedata.packaged(dep, localdata):
continue
image_path = image_deploy_dir / image_filename
if os.path.isdir(image_path):
a, _ = add_package_files(
- d,
- objset,
- image_path,
- lambda file_counter: objset.new_spdxid(
- "imagefile", str(file_counter)
- ),
- lambda filepath: [],
- license_data=None,
- ignore_dirs=[],
- ignore_top_level_dirs=[],
- archive=None,
+ d,
+ objset,
+ image_path,
+ lambda file_counter: objset.new_spdxid(
+ "imagefile", str(file_counter)
+ ),
+ lambda filepath: [],
+ license_data=None,
+ ignore_dirs=[],
+ ignore_top_level_dirs=[],
+ archive=None,
)
artifacts.extend(a)
else:
oe.spdx30.Hash(
algorithm=oe.spdx30.HashAlgorithm.sha512,
hashValue=bb.utils.sha512_file(image_path),
- )
+ ),
],
)
)
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
