v0/spdx/package.go - platform/external/spdx-tools - Git at Google

 // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later

 package spdx

 // Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
 type Package2_1 struct {

 	// NOT PART OF SPEC
 	// flag: does this "package" contain files that were in fact "unpackaged",
 	// e.g. included directly in the Document without being in a Package?
 	IsUnpackaged bool

 	// 3.1: Package Name
 	// Cardinality: mandatory, one
 	PackageName string

 	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
 	// Cardinality: mandatory, one
 	PackageSPDXIdentifier string

 	// 3.3: Package Version
 	// Cardinality: optional, one
 	PackageVersion string

 	// 3.4: Package File Name
 	// Cardinality: optional, one
 	PackageFileName string

 	// 3.5: Package Supplier: may have single result for either Person or Organization,
 	//                        or NOASSERTION
 	// Cardinality: optional, one
 	PackageSupplierPerson       string
 	PackageSupplierOrganization string
 	PackageSupplierNOASSERTION  bool

 	// 3.6: Package Originator: may have single result for either Person or Organization,
 	//                          or NOASSERTION
 	// Cardinality: optional, one
 	PackageOriginatorPerson       string
 	PackageOriginatorOrganization string
 	PackageOriginatorNOASSERTION  bool

 	// 3.7: Package Download Location
 	// Cardinality: mandatory, one
 	PackageDownloadLocation string

 	// 3.8: FilesAnalyzed
 	// Cardinality: optional, one; default value is "true" if omitted
 	FilesAnalyzed bool
 	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
 	IsFilesAnalyzedTagPresent bool

 	// 3.9: Package Verification Code
 	// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
 	//              zero (must be omitted) if filesAnalyzed is false
 	PackageVerificationCode string
 	// Spec also allows specifying a single file to exclude from the
 	// verification code algorithm; intended to enable exclusion of
 	// the SPDX document file itself.
 	PackageVerificationCodeExcludedFile string

 	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
 	// Cardinality: optional, one or many
 	PackageChecksumSHA1   string
 	PackageChecksumSHA256 string
 	PackageChecksumMD5    string

 	// 3.11: Package Home Page
 	// Cardinality: optional, one
 	PackageHomePage string

 	// 3.12: Source Information
 	// Cardinality: optional, one
 	PackageSourceInfo string

 	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
 	// Cardinality: mandatory, one
 	PackageLicenseConcluded string

 	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
 	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
 	//              zero (must be omitted) if filesAnalyzed is false
 	PackageLicenseInfoFromFiles []string

 	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
 	// Cardinality: mandatory, one
 	PackageLicenseDeclared string

 	// 3.16: Comments on License
 	// Cardinality: optional, one
 	PackageLicenseComments string

 	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
 	// Cardinality: mandatory, one
 	PackageCopyrightText string

 	// 3.18: Package Summary Description
 	// Cardinality: optional, one
 	PackageSummary string

 	// 3.19: Package Detailed Description
 	// Cardinality: optional, one
 	PackageDescription string

 	// 3.20: Package Comment
 	// Cardinality: optional, one
 	PackageComment string

 	// 3.21: Package External Reference
 	// Cardinality: optional, one or many
 	PackageExternalReferences []*PackageExternalReference2_1

 	// 3.22: Package External Reference Comment
 	// Cardinality: conditional (optional, one) for each External Reference
 	// contained within PackageExternalReference2_1 struct, if present

 	// Files contained in this Package
 	Files []*File2_1

 	// Relationships applicable to this Package
 	Relationships []*Relationship2_1

 	// Annotations applicable to this Package
 	Annotations []*Annotation2_1
 }

 // PackageExternalReference2_1 is an External Reference to additional info
 // about a Package, as defined in section 3.21 in version 2.1 of the spec.
 type PackageExternalReference2_1 struct {

 	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
 	Category string

 	// type is an [idstring] as defined in Appendix VI;
 	// called RefType here due to "type" being a Golang keyword
 	RefType string

 	// locator is a unique string to access the package-specific
 	// info, metadata or content within the target location
 	Locator string

 	// 3.22: Package External Reference Comment
 	// Cardinality: conditional (optional, one) for each External Reference
 	ExternalRefComment string
 }
	// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later

	package spdx

	// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
	type Package2_1 struct {

	// NOT PART OF SPEC
	// flag: does this "package" contain files that were in fact "unpackaged",
	// e.g. included directly in the Document without being in a Package?
	IsUnpackaged bool

	// 3.1: Package Name
	// Cardinality: mandatory, one
	PackageName string

	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
	// Cardinality: mandatory, one
	PackageSPDXIdentifier string

	// 3.3: Package Version
	// Cardinality: optional, one
	PackageVersion string

	// 3.4: Package File Name
	// Cardinality: optional, one
	PackageFileName string

	// 3.5: Package Supplier: may have single result for either Person or Organization,
	// or NOASSERTION
	// Cardinality: optional, one
	PackageSupplierPerson string
	PackageSupplierOrganization string
	PackageSupplierNOASSERTION bool

	// 3.6: Package Originator: may have single result for either Person or Organization,
	// or NOASSERTION
	// Cardinality: optional, one
	PackageOriginatorPerson string
	PackageOriginatorOrganization string
	PackageOriginatorNOASSERTION bool

	// 3.7: Package Download Location
	// Cardinality: mandatory, one
	PackageDownloadLocation string

	// 3.8: FilesAnalyzed
	// Cardinality: optional, one; default value is "true" if omitted
	FilesAnalyzed bool
	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
	IsFilesAnalyzedTagPresent bool

	// 3.9: Package Verification Code
	// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
	// zero (must be omitted) if filesAnalyzed is false
	PackageVerificationCode string
	// Spec also allows specifying a single file to exclude from the
	// verification code algorithm; intended to enable exclusion of
	// the SPDX document file itself.
	PackageVerificationCodeExcludedFile string

	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
	// Cardinality: optional, one or many
	PackageChecksumSHA1 string
	PackageChecksumSHA256 string
	PackageChecksumMD5 string

	// 3.11: Package Home Page
	// Cardinality: optional, one
	PackageHomePage string

	// 3.12: Source Information
	// Cardinality: optional, one
	PackageSourceInfo string

	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
	// Cardinality: mandatory, one
	PackageLicenseConcluded string

	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
	// zero (must be omitted) if filesAnalyzed is false
	PackageLicenseInfoFromFiles []string

	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
	// Cardinality: mandatory, one
	PackageLicenseDeclared string

	// 3.16: Comments on License
	// Cardinality: optional, one
	PackageLicenseComments string

	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
	// Cardinality: mandatory, one
	PackageCopyrightText string

	// 3.18: Package Summary Description
	// Cardinality: optional, one
	PackageSummary string

	// 3.19: Package Detailed Description
	// Cardinality: optional, one
	PackageDescription string

	// 3.20: Package Comment
	// Cardinality: optional, one
	PackageComment string

	// 3.21: Package External Reference
	// Cardinality: optional, one or many
	PackageExternalReferences []*PackageExternalReference2_1

	// 3.22: Package External Reference Comment
	// Cardinality: conditional (optional, one) for each External Reference
	// contained within PackageExternalReference2_1 struct, if present

	// Files contained in this Package
	Files []*File2_1

	// Relationships applicable to this Package
	Relationships []*Relationship2_1

	// Annotations applicable to this Package
	Annotations []*Annotation2_1
	}

	// PackageExternalReference2_1 is an External Reference to additional info
	// about a Package, as defined in section 3.21 in version 2.1 of the spec.
	type PackageExternalReference2_1 struct {

	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
	Category string

	// type is an [idstring] as defined in Appendix VI;
	// called RefType here due to "type" being a Golang keyword
	RefType string

	// locator is a unique string to access the package-specific
	// info, metadata or content within the target location
	Locator string

	// 3.22: Package External Reference Comment
	// Cardinality: conditional (optional, one) for each External Reference
	ExternalRefComment string
	}