fossa

package
v1.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 9, 2021 License: MPL-2.0 Imports: 25 Imported by: 16

Documentation

Overview

Package fossa provides a high-level interface to the FOSSA API (by default, located at https://app.fossa.com).

Index

Constants

View Source
const BuildsAPI = "/api/cli/%s/latest_build"
View Source
const IssuesAPI = "/api/cli/%s/issues"
View Source
const OrganizationAPI = "/api/cli/organization"
View Source
const RevisionsAPI = "/api/revisions/%s"

RevisionsAPI is the API endpoint for revisions.

View Source
const RevisionsDependenciesAPI = "/api/revisions/%s/dependencies"

RevisionsDependenciesAPI is the API endpoint to retrieve transitive dependencies of a revision.

Variables

View Source
var (
	SignedURLAPI       = "/api/components/signed_url"
	ComponentsBuildAPI = "/api/components/build"
)
View Source
var (
	ErrNoProject   = errors.New("no project provided for upload")
	ErrNoRevision  = errors.New("no revision provided for upload")
	ErrNoBuildData = errors.New("no build data to upload")
)

Errors related to preconditions.

View Source
var (
	ErrForbidden            = errors.New("authentication failed (is the API key correct?)")
	ErrRevisionDoesNotExist = errors.New("revision does not exist (are the project and revision correct and published in FOSSA?)")
)

Errors resulting from a bad API response.

View Source
var (
	MockOrgID   string
	MockOrgSAML bool
)

Functions

func CreateTarball added in v0.7.4

func CreateTarball(dir string) (*os.File, []byte, error)

CreateTarball archives and compresses a directory's contents to a temporary file while simultaneously computing its MD5 hash. The caller is responsible for closing the file handle.

func CreateTarballFromFiles added in v0.7.18

func CreateTarballFromFiles(files []string, name string) (*os.File, []byte, error)

CreateTarballFromFiles archives and compresses a list of files to a temporary file while simultaneously computing its MD5 hash. The caller is responsible for closing the file handle.

func CreateTarballFromString added in v1.0.7

func CreateTarballFromString(filename, str string) (*os.File, []byte, error)

CreateTarball archives and compresses a directory's contents to a temporary file while simultaneously computing its MD5 hash. The caller is responsible for closing the file handle.

func Get added in v0.7.0

func Get(endpoint string) (res string, statusCode int, err error)

Get makes an authenticated GET request to a FOSSA API endpoint.

func GetJSON added in v0.7.0

func GetJSON(endpoint string, v interface{}) (statusCode int, err error)

GetJSON makes an authenticated JSON GET request to a FOSSA API endpoint.

func GetOrganizationID added in v0.7.0

func GetOrganizationID() (string, error)

func NormalizeGitURL

func NormalizeGitURL(project string) string

NormalizeGitURL normalizes all forms of git remote URLs to a single standard form.

func NormalizeGitURLTest added in v0.7.9

func NormalizeGitURLTest(project string) string

NormalizeGitURL normalizes all forms of git remote URLs to a single standard form. This works around the backend only normalizing strings starting with http. HACK until the backend and cli are more in sync

func Post

func Post(endpoint string, body []byte) (res string, statusCode int, err error)

Post makes an authenticated POST request to a FOSSA API endpoint. TODO: maybe `body` should be an `io.Reader` instead.

func SamlURL added in v1.1.4

func SamlURL(uri url.URL, org Organization) *url.URL

SamlURL constructs a SAML redirect URL for a given FOSSA URL

func SetAPIKey added in v0.7.6

func SetAPIKey(key string) *errors.Error

func SetEndpoint added in v0.7.6

func SetEndpoint(endpoint string) error

func SourceUnitType added in v0.7.0

func SourceUnitType(t pkg.Type) (string, error)

SourceUnitType normalizes pkg.Types into SourceUnit types.

func UploadContributors added in v1.1.0

func UploadContributors(data map[string]string, locator Locator)

UploadContributors posts contributor data to the project decribed by locator

Types

type ApiAnalysis added in v1.0.5

type ApiAnalysis struct {
	AnalyzerName string           `json:"analyzer"`
	Graphs       []ApiTaggedGraph `json:"strategies"`
}

func ApiFormatAnalyses added in v1.0.5

func ApiFormatAnalyses(analyses []module.Analysis) []ApiAnalysis

type ApiDep added in v1.0.5

type ApiDep struct {
	Type     string `json:"type"`
	Name     string `json:"name"`
	Revision string `json:"revision"`

	Location     string   `json:"location,omitempty"`
	Dependencies []ApiDep `json:"dependencies,omitempty"`
}

func ApiFormatDeps added in v1.0.5

func ApiFormatDeps(deps graph.Deps) []ApiDep

func ApiFormatPackage added in v1.0.5

func ApiFormatPackage(allDeps map[pkg.ID]pkg.Package, pkg pkg.Package) ApiDep

type ApiModule added in v1.0.5

type ApiModule struct {
	Filepath module.Filepath `json:"filepath"`
	Analyses []ApiAnalysis   `json:"analyses"`
}

func ApiFormatModules added in v1.0.5

func ApiFormatModules(scanned map[module.Filepath][]module.Analysis) []ApiModule

type ApiTaggedGraph added in v1.0.5

type ApiTaggedGraph struct {
	Strategy   string   `json:"strategy"`
	TargetFile string   `json:"targetFile"`
	Deps       []ApiDep `json:"depgraph"`
}

func ApiFormatGraphs added in v1.0.5

func ApiFormatGraphs(graphs []module.TaggedGraph) []ApiTaggedGraph

type AttributionDependencyLicense added in v1.0.14

type AttributionDependencyLicense struct {
	Name        string
	Attribution string
}

AttributionDependencyLicense is the structure of a license in an attribution report

type AttributionReport added in v1.0.14

type AttributionReport struct {
	Project            AttributionReportProject
	DirectDependencies []AttributionReportRow
	DeepDependencies   []AttributionReportRow
	Licenses           map[string]string
}

AttributionReport is the report including the dependency and license data for a project

func GetReport added in v1.0.14

func GetReport(locator Locator) (AttributionReport, error)

GetReport gets a report for the provided locator

type AttributionReportProject added in v1.0.14

type AttributionReportProject struct {
	Name     string
	Revision string
}

AttributionReportProject is the project for which the report is being made

type AttributionReportRow added in v1.0.14

type AttributionReportRow struct {
	Package         string
	Source          string
	Version         string
	IsGolang        bool
	Hash            string
	Authors         []string
	Description     string
	Licenses        []AttributionDependencyLicense
	OtherLicenses   []AttributionDependencyLicense
	ProjectURL      string
	DependencyPaths []string
	Notes           []string
	DownloadURL     string
	Title           string
}

AttributionReportRow is the structure of a single dependency in an attribution report

type Build

type Build struct {
	ID    int
	Error string
	Task  struct {
		Status string
	}
}

A Build holds the FOSSA API response for the builds API.

func GetLatestBuild added in v0.7.7

func GetLatestBuild(locator Locator) (Build, *errors.Error)

GetLatestBuild loads the most recent build for a revision or returns an error if the revision does not exist, or the revision has no builds.

type Component added in v0.7.5

type Component struct {
	PackageSpec string `json:"packageSpec"`
	Revision    string `json:"revision"`
}

type ComponentSpec added in v0.7.5

type ComponentSpec struct {
	Archives []Component `json:"archives"`
}

type DependencyLock added in v1.0.8

type DependencyLock struct {
	PathsTo PathsTo `json:"paths_to"`
}

type Issue added in v0.7.0

type Issue struct {
	ID             int    `json:"id"`
	PriorityString string `json:"priorityString"`
	Resolved       bool   `json:"resolved"`
	RevisionID     string `json:"revisionId"`
	Type           string `json:"type"`
	Rule           Rule   `json:"rule"`

	Name     string
	Revision string
}

An Issue holds the FOSSA API response for the issue API.

type Issues added in v0.7.7

type Issues struct {
	Count  int
	Issues []Issue
	Status string

	NormalizedByType map[string][]Issue
}

A wrapped list of issues returned by the FOSSA CLI issues endpoint If a push-only API key is used, then only the count is returned

func GetIssues added in v0.7.0

func GetIssues(locator Locator) (Issues, *errors.Error)

GetIssues loads the issues for a project.

type License added in v0.7.0

type License struct {
	ID             int64
	LicenseID      string
	RevisionID     string
	LicenseGroupID int64
	Ignored        bool
	Title          string
	URL            string
	Copyright      string
	Text           string
	Attribution    string
}

A License holds the FOSSA API response for the license API.

type Locator

type Locator struct {
	Fetcher  string `json:"fetcher"`
	Project  string `json:"package"`
	Revision string `json:"revision"`
}

Locator serializes FOSSA API locators.

func LocatorOf added in v0.7.0

func LocatorOf(id pkg.ID) Locator

LocatorOf returns the locator of a pkg.ID.

func ReadLocator

func ReadLocator(locator string) Locator

ReadLocator parses a string locator into a Locator.

func Upload

func Upload(title string, locator Locator, options UploadOptions, data []SourceUnit) (Locator, error)

Upload uploads a project's analysis.

func UploadTarball added in v0.7.4

func UploadTarball(options UploadTarballOptions) (Locator, error)

UploadTarball archives, compresses, and uploads a specified directory. It uses the directory name as the project name and the MD5 of the uploaded tarball as the revision name. It returns the locator of the uploaded tarball.

In order to upload the tarball, we need the revision name. In order to get the revision name, we need to compute the tarball's MD5 hash. In order to compute the MD5 hash, we need to see every byte of the final tarball.

To do this, we actually stream through the tarball _twice_: once to create the compressed tarball (and writing it to disk) while simultaneously calculating its hash, and again to perform the upload.

The alternative is to hold the entire tarball in memory while we upload. Since this will be running within CI machines, this is probably not a good idea. (See https://circleci.com/docs/2.0/configuration-reference/#resource_class for an example of our memory constraints.) func UploadTarball(name, revision, dir string, dependency, rawLicenseScan, upload bool, uploadOptions UploadOptions) (Locator, error) {

func UploadTarballDependency added in v0.7.18

func UploadTarballDependency(dir string, upload, rawLicenseScan bool) (Locator, error)

UploadTarballDependency uploads the directory specified to be treated on FOSSA as a dependency.

func UploadTarballDependencyFiles added in v0.7.18

func UploadTarballDependencyFiles(dir string, fileList []string, name string, upload bool) (Locator, error)

UploadTarballDependencyFiles generates and uploads a tarball from the provided list of files to FOSSA. The tarball's contents are marked as a component (as opposed to a project). The `rawLicenseScan` query parameter is automatically added to ensure that FOSSA does not try to discover more dependencies from the uploaded files.

func UploadTarballString added in v1.0.7

func UploadTarballString(name, s string, dependency, rawLicenseScan, upload bool) (Locator, error)

UploadTarballString uploads a string and uses the provided package to name it.

func (Locator) IsResolved

func (l Locator) IsResolved() bool

IsResolved returns true only if a locator is resolved.

func (Locator) OrgString added in v0.7.9

func (l Locator) OrgString() string

OrgString returns a locator converted to a string as a URL path for API access. The OrgID is included for custom fetchers.

func (Locator) ReportURL added in v0.7.6

func (l Locator) ReportURL() string

ReportURL provides a formatted URL.

func (Locator) String

func (l Locator) String() string

String returns a locator converted to a string as a URL path for API access.

func (Locator) URL added in v0.7.6

func (l Locator) URL() string

URL calculates the FOSSA URL for a project's locator.

type Organization added in v0.7.7

type Organization struct {
	OrganizationID int
	UsesSAML       bool `json:"usesSAML,omitEmpty"`
}

func GetOrganization added in v1.1.4

func GetOrganization() (Organization, error)

type PathsTo added in v1.0.8

type PathsTo struct {
	Paths [][]string `json:"paths"`
}

type Project added in v0.7.0

type Project struct {
	Title   string
	URL     string
	Public  bool
	Authors []string
}

A Project holds the FOSSA API response for the project API.

type Revision added in v0.7.0

type Revision struct {
	Locator        *Locator `json:"loc"`
	Licenses       []License
	Project        *Project
	DependencyLock DependencyLock `json:"DependencyLock"`
	Meta           []RevisionMeta
	Issues         []Issue
	Version        string
	Hash           string
	DownloadURL    string
}

A Revision holds the FOSSA API response for the revision API.

func GetRevision added in v0.7.0

func GetRevision(locator Locator) (Revision, error)

GetRevision loads a single revision.

func GetRevisionDependencies added in v0.7.18

func GetRevisionDependencies(locator Locator, licenseText bool) ([]Revision, error)

GetRevisionDependencies returns all transitive dependencies for a project revision.

func GetRevisions added in v0.7.0

func GetRevisions(locators []Locator) (revs []Revision, err error)

GetRevisions loads many revisions in batched requests.

type RevisionMeta added in v0.7.0

type RevisionMeta struct {
	LastScan string `json:"last_scan"`
}

A RevisionMeta holds metadata about a FOSSA API revision.

type Rule added in v0.7.27

type Rule struct {
	License string `json:"licenseId"`
}

Rule holds the representation of an Issue's Rule.

type SignedURL added in v0.7.4

type SignedURL struct {
	SignedURL string
}

type SourceUnit

type SourceUnit struct {
	Name     string
	Type     string
	Manifest string
	Build    SourceUnitBuild
}

SourceUnit is the basic module unit of the FOSSA API.

func Normalize

func Normalize(modules []module.Module) ([]SourceUnit, error)

Normalize transforms module.Modules into SourceUnits.

func SourceUnitFromModule added in v1.0.23

func SourceUnitFromModule(mod module.Module) (SourceUnit, error)

type SourceUnitBuild added in v0.7.0

type SourceUnitBuild struct {
	Artifact string
	Context  interface{}

	Succeeded bool
	Error     error `json:",omitempty"`

	Imports      []string
	Dependencies []SourceUnitDependency
}

A SourceUnitBuild contains the build information of a SourceUnit.

type SourceUnitDependency added in v0.7.0

type SourceUnitDependency struct {
	// Location
	Locator string   `json:"locator"`
	Imports []string `json:"imports,omitempty"`

	// Metadata
	Data *json.RawMessage `json:"data,omitempty"`

	// Context
	Depth              int      `json:"depth,omitempty"`
	Parent             string   `json:"parent,omitempty"`
	UnresolvedLocators []string `json:"unresolved_locators,omitempty"`
}

A SourceUnitDependency contains the dependency information of a SourceUnit.

type UploadOptions added in v0.7.6

type UploadOptions struct {
	Branch              string
	ProjectURL          string
	JIRAProjectKey      string
	Link                string
	Team                string
	Policy              string
	ReleaseGroup        string
	ReleaseGroupVersion string
}

UploadOptions are optional keys that provide extra metadata for an upload.

type UploadTarballOptions added in v1.1.2

type UploadTarballOptions struct {
	Name            string
	Revision        string
	Directory       string
	Title           string
	IsDependency    bool
	LicenseScanOnly bool
	Upload          bool
	UploadOptions   UploadOptions
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL