fossa

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2019 License: MPL-2.0 Imports: 25 Imported by: 16

Documentation

Overview

Package fossa provides a high-level interface to the FOSSA API (by default, located at https://app.fossa.com).

Index

Constants

View Source
const BuildsAPI = "/api/cli/%s/latest_build"
View Source
const IssuesAPI = "/api/cli/%s/issues"
View Source
const OrganizationAPI = "/api/cli/organization"
View Source
const RevisionsAPI = "/api/revisions/%s"

RevisionsAPI is the API endpoint for revisions.

View Source
const RevisionsDependenciesAPI = "/api/revisions/%s/dependencies"

RevisionsDependenciesAPI is the API endpoint to retrieve transitive dependencies of a revision.

Variables

View Source
var (
	SignedURLAPI       = "/api/components/signed_url"
	ComponentsBuildAPI = "/api/components/build"
)
View Source
var (
	ErrNoProject   = errors.New("no project provided for upload")
	ErrNoRevision  = errors.New("no revision provided for upload")
	ErrNoBuildData = errors.New("no build data to upload")
)

Errors related to preconditions.

View Source
var (
	ErrForbidden            = errors.New("authentication failed (is the API key correct?)")
	ErrRevisionDoesNotExist = errors.New("revision does not exist (are the project and revision correct and published in FOSSA?)")
)

Errors resulting from a bad API response.

View Source
var (
	MockOrgID string
)

Functions

func CreateTarball added in v0.7.4

func CreateTarball(dir string) (*os.File, []byte, error)

CreateTarball archives and compresses a directory's contents to a temporary file while simultaneously computing its MD5 hash. The caller is responsible for closing the file handle.

func CreateTarballFromFiles added in v0.7.18

func CreateTarballFromFiles(files []string, name string) (*os.File, []byte, error)

CreateTarballFromFiles archives and compresses a list of files to a temporary file while simultaneously computing its MD5 hash. The caller is responsible for closing the file handle.

func Get added in v0.7.0

func Get(endpoint string) (res string, statusCode int, err error)

Get makes an authenticated GET request to a FOSSA API endpoint.

func GetJSON added in v0.7.0

func GetJSON(endpoint string, v interface{}) (statusCode int, err error)

GetJSON makes an authenticated JSON GET request to a FOSSA API endpoint.

func GetOrganizationID added in v0.7.0

func GetOrganizationID() (string, error)

func NormalizeGitURL

func NormalizeGitURL(project string) string

NormalizeGitURL normalizes all forms of git remote URLs to a single standard form.

func NormalizeGitURLTest added in v0.7.9

func NormalizeGitURLTest(project string) string

NormalizeGitURL normalizes all forms of git remote URLs to a single standard form. This works around the backend only normalizing strings starting with http. HACK until the backend and cli are more in sync

func Post

func Post(endpoint string, body []byte) (res string, statusCode int, err error)

Post makes an authenticated POST request to a FOSSA API endpoint. TODO: maybe `body` should be an `io.Reader` instead.

func SetAPIKey added in v0.7.6

func SetAPIKey(key string) *errors.Error

func SetEndpoint added in v0.7.6

func SetEndpoint(endpoint string) error

func SourceUnitType added in v0.7.0

func SourceUnitType(t pkg.Type) (string, error)

SourceUnitType normalizes pkg.Types into SourceUnit types.

Types

type ApiAnalysis added in v1.0.5

type ApiAnalysis struct {
	AnalyzerName string           `json:"analyzer"`
	Graphs       []ApiTaggedGraph `json:"strategies"`
}

func ApiFormatAnalyses added in v1.0.5

func ApiFormatAnalyses(analyses []module.Analysis) []ApiAnalysis

type ApiDep added in v1.0.5

type ApiDep struct {
	Type     string `json:"type"`
	Name     string `json:"name"`
	Revision string `json:"revision"`

	Location     string   `json:"location,omitempty"`
	Dependencies []ApiDep `json:"dependencies,omitempty"`
}

func ApiFormatDeps added in v1.0.5

func ApiFormatDeps(deps graph.Deps) []ApiDep

func ApiFormatPackage added in v1.0.5

func ApiFormatPackage(allDeps map[pkg.ID]pkg.Package, pkg pkg.Package) ApiDep

type ApiModule added in v1.0.5

type ApiModule struct {
	Filepath module.Filepath `json:"filepath"`
	Analyses []ApiAnalysis   `json:"analyses"`
}

func ApiFormatModules added in v1.0.5

func ApiFormatModules(scanned map[module.Filepath][]module.Analysis) []ApiModule

type ApiTaggedGraph added in v1.0.5

type ApiTaggedGraph struct {
	Strategy   string   `json:"strategy"`
	TargetFile string   `json:"targetFile"`
	Deps       []ApiDep `json:"depgraph"`
}

func ApiFormatGraphs added in v1.0.5

func ApiFormatGraphs(graphs []module.TaggedGraph) []ApiTaggedGraph

type Build

type Build struct {
	ID    int
	Error string
	Task  struct {
		Status string
	}
}

A Build holds the FOSSA API response for the builds API.

func GetLatestBuild added in v0.7.7

func GetLatestBuild(locator Locator) (Build, error)

GetLatestBuild loads the most recent build for a revision or returns an error if the revision does not exist, or the revision has no builds.

type Component added in v0.7.5

type Component struct {
	PackageSpec string `json:"packageSpec"`
	Revision    string `json:"revision"`
}

type ComponentSpec added in v0.7.5

type ComponentSpec struct {
	Archives []Component `json:"archives"`
}

type Issue added in v0.7.0

type Issue struct {
	ID             int    `json:"id"`
	PriorityString string `json:"priorityString"`
	Resolved       bool   `json:"resolved"`
	RevisionID     string `json:"revisionId"`
	Type           string `json:"type"`
	Rule           Rule   `json:"rule"`

	Name     string
	Revision string
}

An Issue holds the FOSSA API response for the issue API.

type Issues added in v0.7.7

type Issues struct {
	Count  int
	Issues []Issue
	Status string

	NormalizedByType map[string][]Issue
}

A wrapped list of issues returned by the FOSSA CLI issues endpoint If a push-only API key is used, then only the count is returned

func GetIssues added in v0.7.0

func GetIssues(locator Locator) (Issues, error)

GetIssues loads the issues for a project.

type License added in v0.7.0

type License struct {
	ID             int64
	LicenseID      string
	RevisionID     string
	LicenseGroupID int64
	Ignored        bool
	Title          string
	URL            string
	Copyright      string
	Text           string
	Attribution    string
}

A License holds the FOSSA API response for the license API.

type Locator

type Locator struct {
	Fetcher  string `json:"fetcher"`
	Project  string `json:"package"`
	Revision string `json:"revision"`
}

Locator serializes FOSSA API locators.

func LocatorOf added in v0.7.0

func LocatorOf(id pkg.ID) Locator

LocatorOf returns the locator of a pkg.ID.

func ReadLocator

func ReadLocator(locator string) Locator

ReadLocator parses a string locator into a Locator.

func Upload

func Upload(title string, locator Locator, options UploadOptions, data []SourceUnit) (Locator, error)

Upload uploads a project's analysis.

func UploadTarball added in v0.7.4

func UploadTarball(dir string, dependency, rawLicenseScan, upload bool) (Locator, error)

UploadTarball archives, compresses, and uploads a specified directory. It uses the directory name as the project name and the MD5 of the uploaded tarball as the revision name. It returns the locator of the uploaded tarball.

In order to upload the tarball, we need the revision name. In order to get the revision name, we need to compute the tarball's MD5 hash. In order to compute the MD5 hash, we need to see every byte of the final tarball.

To do this, we actually stream through the tarball _twice_: once to create the compressed tarball (and writing it to disk) while simultaneously calculating its hash, and again to perform the upload.

The alternative is to hold the entire tarball in memory while we upload. Since this will be running within CI machines, this is probably not a good idea. (See https://circleci.com/docs/2.0/configuration-reference/#resource_class for an example of our memory constraints.)

func UploadTarballDependency added in v0.7.18

func UploadTarballDependency(dir string, upload, rawLicenseScan bool) (Locator, error)

UploadTarballDependency uploads the directory specified to be treated on FOSSA as a dependency.

func UploadTarballDependencyFiles added in v0.7.18

func UploadTarballDependencyFiles(dir string, fileList []string, name string, upload bool) (Locator, error)

UploadTarballDependencyFiles generates and uploads a tarball from the provided list of files to FOSSA. The tarball's contents are marked as a component (as opposed to a project). The `rawLicenseScan` query parameter is automatically added to ensure that FOSSA does not try to discover more dependencies from the uploaded files.

func UploadTarballProject added in v0.7.18

func UploadTarballProject(dir string, rawLicenseScan bool) (Locator, error)

UploadTarballProject uploads the directory specified to be treated on FOSSA as a project.

func (Locator) IsResolved

func (l Locator) IsResolved() bool

IsResolved returns true only if a locator is resolved.

func (Locator) OrgString added in v0.7.9

func (l Locator) OrgString() string

OrgString returns a locator converted to a string as a URL path for API access. The OrgID is included for custom fetchers.

func (Locator) ReportURL added in v0.7.6

func (l Locator) ReportURL() string

ReportURL provides a formatted URL.

func (Locator) String

func (l Locator) String() string

String returns a locator converted to a string as a URL path for API access.

func (Locator) URL added in v0.7.6

func (l Locator) URL() string

URL calculates the FOSSA URL for a project's locator.

type Organization added in v0.7.7

type Organization struct {
	OrganizationID int
}

type Project added in v0.7.0

type Project struct {
	Title   string
	URL     string
	Public  bool
	Authors []string
}

A Project holds the FOSSA API response for the project API.

type Revision added in v0.7.0

type Revision struct {
	Locator  *Locator `json:"loc"`
	Licenses []License
	Project  *Project
	Meta     []RevisionMeta
	Issues   []Issue
	Version  string
	Hash     string
}

A Revision holds the FOSSA API response for the revision API.

func GetRevision added in v0.7.0

func GetRevision(locator Locator) (Revision, error)

GetRevision loads a single revision.

func GetRevisionDependencies added in v0.7.18

func GetRevisionDependencies(locator Locator, licenseText bool) ([]Revision, error)

GetRevisionDependencies returns all transitive dependencies for a project revision.

func GetRevisions added in v0.7.0

func GetRevisions(locators []Locator) (revs []Revision, err error)

GetRevisions loads many revisions in batched requests.

type RevisionMeta added in v0.7.0

type RevisionMeta struct {
	LastScan string `json:"last_scan"`
}

A RevisionMeta holds metadata about a FOSSA API revision.

type Rule added in v0.7.27

type Rule struct {
	License string `json:"licenseId"`
}

Rule holds the representation of an Issue's Rule.

type SignedURL added in v0.7.4

type SignedURL struct {
	SignedURL string
}

type SourceUnit

type SourceUnit struct {
	Name     string
	Type     string
	Manifest string
	Build    SourceUnitBuild
}

SourceUnit is the basic module unit of the FOSSA API.

func Normalize

func Normalize(modules []module.Module) ([]SourceUnit, error)

Normalize transforms module.Modules into SourceUnits.

type SourceUnitBuild added in v0.7.0

type SourceUnitBuild struct {
	Artifact string
	Context  interface{}

	Succeeded bool
	Error     error `json:",omitempty"`

	Imports      []string
	Dependencies []SourceUnitDependency
}

A SourceUnitBuild contains the build information of a SourceUnit.

type SourceUnitDependency added in v0.7.0

type SourceUnitDependency struct {
	// Location
	Locator string   `json:"locator"`
	Imports []string `json:"imports,omitempty"`

	// Metadata
	Data *json.RawMessage `json:"data,omitempty"`

	// Context
	Depth              int      `json:"depth,omitempty"`
	Parent             string   `json:"parent,omitempty"`
	UnresolvedLocators []string `json:"unresolved_locators,omitempty"`
}

A SourceUnitDependency contains the dependency information of a SourceUnit.

type UploadOptions added in v0.7.6

type UploadOptions struct {
	Branch         string
	ProjectURL     string
	JIRAProjectKey string
	Link           string
	Team           string
}

UploadOptions are optional keys that provide extra metadata for an upload.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL