From d000acebb0eaf3f67d3874b1b441c06d392cb2a8 Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Thu, 7 Nov 2024 09:27:42 +0100 Subject: [PATCH 1/2] chore: update packageurl-hs package Signed-off-by: Maximilian Huber --- src/Opossum/Opossum.hs | 45 +++++++++++++--------- src/Opossum/OpossumDependencyCheckUtils.hs | 1 - src/Opossum/OpossumExiftoolUtils.hs | 1 - src/Opossum/OpossumScancodeUtils.hs | 1 - src/Opossum/OpossumScanossUtils.hs | 1 - stack.yaml | 2 +- 6 files changed, 27 insertions(+), 24 deletions(-) diff --git a/src/Opossum/Opossum.hs b/src/Opossum/Opossum.hs index 3d9c505..7a18abc 100644 --- a/src/Opossum/Opossum.hs +++ b/src/Opossum/Opossum.hs @@ -31,6 +31,7 @@ module Opossum.Opossum , justExcludeFromNoticeFlags , Opossum(..) , writeOpossumStats + , module X ) where import qualified Data.Aeson as A @@ -48,7 +49,7 @@ import qualified Data.Text as T import Data.UUID (UUID) import qualified Data.Vector as V import GHC.Generics -import PURL.PURL +import Purl.Purl as X import qualified System.FilePath as FP import System.IO (Handle, hClose, hPutStrLn, stdout) import qualified System.IO as IO @@ -183,17 +184,17 @@ data Coordinates = , _packageNamespace :: Maybe T.Text , _packageName :: Maybe T.Text , _packageVersion :: Maybe T.Text - , _packagePURLAppendix :: Maybe T.Text + , _packagePurlAppendix :: Maybe T.Text } deriving (Show, Generic, Eq) opoossumCoordinatesPreObjectList :: Coordinates -> [A.Pair] -opoossumCoordinatesPreObjectList (Coordinates packageType packageNamespace packageName packageVersion packagePURLAppendix) = +opoossumCoordinatesPreObjectList (Coordinates packageType packageNamespace packageName packageVersion packagePurlAppendix) = [ "packageType" A..= packageType , "packageNamespace" A..= packageNamespace , "packageName" A..= packageName , "packageVersion" A..= packageVersion - , "packagePURLAppendix" A..= packagePURLAppendix + , "packagePurlAppendix" A..= packagePurlAppendix ] instance A.ToJSON Coordinates where @@ -206,27 +207,33 @@ instance A.FromJSON Coordinates where packageNamespace <- v A..:? "packageNamespace" packageName <- v A..:? "packageName" packageVersion <- v A..:? "packageVersion" - packagePURLAppendix <- v A..:? "packagePURLAppendix" + packagePurlAppendix <- v A..:? "packagePurlAppendix" return $ Coordinates packageType packageNamespace packageName packageVersion - packagePURLAppendix - -purlToCoordinates :: PURL -> Coordinates -purlToCoordinates (PURL { _PURL_type = type_ - , _PURL_namespace = namespace - , _PURL_name = name - , _PURL_version = version - }) = - Coordinates - (fmap (T.pack . show) type_) - (fmap T.pack namespace) - (Just $ T.pack name) - (fmap T.pack version) - Nothing -- TODO: appendix + packagePurlAppendix + +purlToCoordinates :: Purl -> Coordinates +purlToCoordinates (purl@Purl { purlType = type_ + , purlName = name + , purlVersion = version + }) = + let + packageNamespace = case purlNamespace purl of + "" -> Nothing + ns -> Just (T.pack ns) + packageVersion = case version of + "" -> Nothing + v -> Just (T.pack v) + in Coordinates + ((Just . T.pack) type_) + packageNamespace + (Just $ T.pack name) + packageVersion + Nothing -- TODO: appendix coordinatesAreNotNull :: Coordinates -> Bool coordinatesAreNotNull (Coordinates Nothing Nothing _ Nothing _) = False diff --git a/src/Opossum/OpossumDependencyCheckUtils.hs b/src/Opossum/OpossumDependencyCheckUtils.hs index 2cffefd..4521dcc 100644 --- a/src/Opossum/OpossumDependencyCheckUtils.hs +++ b/src/Opossum/OpossumDependencyCheckUtils.hs @@ -20,7 +20,6 @@ module Opossum.OpossumDependencyCheckUtils import Opossum.Opossum import Opossum.OpossumUtils -import PURL.PURL import qualified Control.Monad.State as MTL import qualified Data.Aeson as A diff --git a/src/Opossum/OpossumExiftoolUtils.hs b/src/Opossum/OpossumExiftoolUtils.hs index 2f77670..751f17a 100644 --- a/src/Opossum/OpossumExiftoolUtils.hs +++ b/src/Opossum/OpossumExiftoolUtils.hs @@ -17,7 +17,6 @@ module Opossum.OpossumExiftoolUtils import Opossum.Opossum import Opossum.OpossumUtils -import PURL.PURL import qualified Control.Monad.State as MTL import qualified Data.Aeson as A diff --git a/src/Opossum/OpossumScancodeUtils.hs b/src/Opossum/OpossumScancodeUtils.hs index 8b6e9e8..36bccd0 100644 --- a/src/Opossum/OpossumScancodeUtils.hs +++ b/src/Opossum/OpossumScancodeUtils.hs @@ -26,7 +26,6 @@ module Opossum.OpossumScancodeUtils import Opossum.Opossum import Opossum.OpossumUtils -import PURL.PURL import qualified Control.Monad.State as MTL import qualified Data.Aeson as A diff --git a/src/Opossum/OpossumScanossUtils.hs b/src/Opossum/OpossumScanossUtils.hs index 3616637..ad242e0 100644 --- a/src/Opossum/OpossumScanossUtils.hs +++ b/src/Opossum/OpossumScanossUtils.hs @@ -22,7 +22,6 @@ module Opossum.OpossumScanossUtils import Opossum.Opossum import Opossum.OpossumUtils -import PURL.PURL import qualified Control.Monad.State as MTL import qualified Data.Aeson as A diff --git a/stack.yaml b/stack.yaml index 166d374..6077e66 100644 --- a/stack.yaml +++ b/stack.yaml @@ -12,7 +12,7 @@ extra-deps: - git: https://github.com/maxhbr/spdx-tools-hs commit: cbf3583bdb6af620f54285af3662dc2d89c88568 - git: https://github.com/maxhbr/packageurl-hs - commit: 81d3701a1a630e529862d3c639a69e09848f7cf6 + commit: 73af4872a0c019a77249e7beb5e2ee1068a59548 - git: https://github.com/phadej/spdx commit: ef1807e08299150e4b42dfb33e87e2982be8d49c From 7dc7445e7268a0660395b4989476e8cb2fcff3f8 Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Thu, 7 Nov 2024 10:43:00 +0100 Subject: [PATCH 2/2] chore: update packageurl-hs package Signed-off-by: Maximilian Huber --- src/Opossum/OpossumDependencyCheckUtils.hs | 12 ++++++------ src/Opossum/OpossumScancodeUtils.hs | 8 ++++---- src/Opossum/OpossumScanossUtils.hs | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/Opossum/OpossumDependencyCheckUtils.hs b/src/Opossum/OpossumDependencyCheckUtils.hs index 4521dcc..75fd91a 100644 --- a/src/Opossum/OpossumDependencyCheckUtils.hs +++ b/src/Opossum/OpossumDependencyCheckUtils.hs @@ -124,7 +124,7 @@ instance A.FromJSON DependencyCheckEvidence where -} data DependencyCheckPackage = DependencyCheckPackage - { _dcp_id :: Either String PURL + { _dcp_id :: Either String Purl , _dcp_url :: Maybe T.Text , _dcp_description :: Maybe String , _dcp_confidence :: Maybe DependencyCheckConfidence @@ -141,7 +141,7 @@ instance A.FromJSON DependencyCheckPackage where (\case Just purl -> Right purl Nothing -> Left raw) - (parsePURL raw)) + (parsePurl raw)) (v A..: "id") <*> v A..:? "url" <*> v A..:? "description" <*> @@ -438,8 +438,8 @@ dependencyCheckPackageToCoordinates (DependencyCheckPackage {_dcp_id = id}) = Right purl -> purlToCoordinates purl Left raw -> Coordinates (Just (T.pack raw)) Nothing Nothing Nothing Nothing -evidenceToPURLs :: Map.Map String [DependencyCheckEvidence] -> [PURL] -evidenceToPURLs evidence = +evidenceToPurls :: Map.Map String [DependencyCheckEvidence] -> [Purl] +evidenceToPurls evidence = let findBestFromEvidences :: [DependencyCheckEvidence] -> Maybe String findBestFromEvidences [] = Nothing findBestFromEvidences (e:_) = Just $ _dce_value e @@ -451,14 +451,14 @@ evidenceToPURLs evidence = in maybeToList $ fmap (\product' -> - PURL Nothing Nothing vendor product' version Nothing Nothing) + Purl Nothing Nothing vendor product' version Nothing Nothing) product evidenceToPackages :: Map.Map String [DependencyCheckEvidence] -> [DependencyCheckPackage] evidenceToPackages = map (\purl -> DependencyCheckPackage (Right purl) Nothing Nothing Nothing) . - evidenceToPURLs + evidenceToPurls dependencyCheckDependencyToOpossum :: DependencyCheckDependency -> IO Opossum dependencyCheckDependencyToOpossum (dcd@DependencyCheckDependency { _dcd_isVirtual = isVirtual diff --git a/src/Opossum/OpossumScancodeUtils.hs b/src/Opossum/OpossumScancodeUtils.hs index 36bccd0..0a86163 100644 --- a/src/Opossum/OpossumScancodeUtils.hs +++ b/src/Opossum/OpossumScancodeUtils.hs @@ -143,7 +143,7 @@ renderLicense licenses = -} data ScancodePackage = ScancodePackage - { _scp_purl :: Maybe PURL + { _scp_purl :: Maybe Purl , _scp_licenses :: SPDX.MaybeLicenseExpression , _scp_copyright :: Maybe String , _scp_dependencies :: [ScancodePackage] @@ -156,7 +156,7 @@ instance A.FromJSON ScancodePackage where purl <- v A..:? "purl" >>= (\case - Just purl -> return $ parsePURL purl + Just purl -> return $ parsePurl purl Nothing -> return Nothing) dependencies <- (v A..:? "dependencies" >>= @@ -274,12 +274,12 @@ opossumFromScancodePackage scp@(ScancodePackage { _scp_purl = purl }) providedPath = let typeFromPurl = case purl of - Just (PURL {_PURL_type = t}) -> maybe "generic" show t + Just (Purl {_Purl_type = t}) -> maybe "generic" show t _ -> "generic" pathFromPurl = typeFromPurl FP. case purl of - Just (PURL {_PURL_namespace = ns, _PURL_name = n, _PURL_version = v}) -> + Just (Purl {_Purl_namespace = ns, _Purl_name = n, _Purl_version = v}) -> foldl1 (FP.) $ maybeToList ns ++ [intercalate "@" $ n : maybeToList v] _ -> "UNKNOWN" diff --git a/src/Opossum/OpossumScanossUtils.hs b/src/Opossum/OpossumScanossUtils.hs index ad242e0..1a35398 100644 --- a/src/Opossum/OpossumScanossUtils.hs +++ b/src/Opossum/OpossumScanossUtils.hs @@ -177,7 +177,7 @@ data ScanossFinding = ScanossFinding { _ScanossFinding_id :: String , _ScanossFinding_matched :: String - , _ScanossFinding_purl :: [PURL] + , _ScanossFinding_purl :: [Purl] , _ScanossFinding_vendor :: Maybe T.Text , _ScanossFinding_component :: Maybe T.Text , _ScanossFinding_version :: Maybe T.Text @@ -217,7 +217,7 @@ instance A.FromJSON ScanossFinding where AKM.filterWithKey (\key -> const (not (key `elem` keysToFilter)))) v ScanossFinding <$> v A..: "id" <*> v A..: "matched" <*> - (fmap (Maybe.mapMaybe (parsePURL)) $ v A..: "purl") <*> + (fmap (Maybe.mapMaybe (parsePurl)) $ v A..: "purl") <*> v A..:? "vendor" <*> v A..:? "component" <*> v A..:? "version" <*>