add core types
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
diff --git a/spdx/core/annotation.go b/spdx/core/annotation.go
new file mode 100644
index 0000000..ea0e16f
--- /dev/null
+++ b/spdx/core/annotation.go
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Annotation is an Annotation section of an SPDX Document for version 2.2 of the spec.
+type Annotation struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 8.1: Annotator
+ // Cardinality: conditional (mandatory, one) if there is an Annotation
+ Annotator common.Annotator `json:"annotator"`
+
+ // 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
+ // Cardinality: conditional (mandatory, one) if there is an Annotation
+ AnnotationDate string `json:"annotationDate"`
+
+ // 8.3: Annotation Type: "REVIEW" or "OTHER"
+ // Cardinality: conditional (mandatory, one) if there is an Annotation
+ AnnotationType string `json:"annotationType"`
+
+ // 8.4: SPDX Identifier Reference
+ // Cardinality: conditional (mandatory, one) if there is an Annotation
+ // This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
+ AnnotationSPDXIdentifier common.DocElementID `json:"-"`
+
+ // 8.5: Annotation Comment
+ // Cardinality: conditional (mandatory, one) if there is an Annotation
+ AnnotationComment string `json:"comment"`
+}
diff --git a/spdx/core/core.go b/spdx/core/core.go
new file mode 100644
index 0000000..ab4978e
--- /dev/null
+++ b/spdx/core/core.go
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+// Metadata includes additional information to map back and forth
+// to other SPDX types
+type Metadata struct {
+ SpdxVersion string
+}
diff --git a/spdx/core/creation_info.go b/spdx/core/creation_info.go
new file mode 100644
index 0000000..e85e2f9
--- /dev/null
+++ b/spdx/core/creation_info.go
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// CreationInfo is a Document Creation Information section of an
+// SPDX Document for version 2.2 of the spec.
+type CreationInfo struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 2.7: License List Version
+ // Cardinality: optional, one
+ LicenseListVersion string `json:"licenseListVersion"`
+
+ // 2.8: Creators: may have multiple keys for Person, Organization
+ // and/or Tool
+ // Cardinality: mandatory, one or many
+ Creators []common.Creator `json:"creators"`
+
+ // 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
+ // Cardinality: mandatory, one
+ Created string `json:"created"`
+
+ // 2.10: Creator Comment
+ // Cardinality: optional, one
+ CreatorComment string `json:"comment"`
+}
diff --git a/spdx/core/document.go b/spdx/core/document.go
new file mode 100644
index 0000000..a8b5a54
--- /dev/null
+++ b/spdx/core/document.go
@@ -0,0 +1,73 @@
+// Package spdx contains the struct definition for an SPDX Document
+// and its constituent parts.
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// ExternalDocumentRef is a reference to an external SPDX document
+// as defined in section 2.6 for version 2.2 of the spec.
+type ExternalDocumentRef struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // DocumentRefID is the ID string defined in the start of the
+ // reference. It should _not_ contain the "DocumentRef-" part
+ // of the mandatory ID string.
+ DocumentRefID string `json:"externalDocumentId"`
+
+ // URI is the URI defined for the external document
+ URI string `json:"spdxDocument"`
+
+ // Checksum is the actual hash data
+ Checksum common.Checksum `json:"checksum"`
+}
+
+// Document is an SPDX Document for version 2.2 of the spec.
+// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT)
+type Document struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 2.1: SPDX Version; should be in the format "SPDX-2.2"
+ // Cardinality: mandatory, one
+ SPDXVersion string `json:"spdxVersion"`
+
+ // 2.2: Data License; should be "CC0-1.0"
+ // Cardinality: mandatory, one
+ DataLicense string `json:"dataLicense"`
+
+ // 2.3: SPDX Identifier; should be "DOCUMENT" to represent
+ // mandatory identifier of SPDXRef-DOCUMENT
+ // Cardinality: mandatory, one
+ SPDXIdentifier common.ElementID `json:"SPDXID"`
+
+ // 2.4: Document Name
+ // Cardinality: mandatory, one
+ DocumentName string `json:"name"`
+
+ // 2.5: Document Namespace
+ // Cardinality: mandatory, one
+ DocumentNamespace string `json:"documentNamespace"`
+
+ // 2.6: External Document References
+ // Cardinality: optional, one or many
+ ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
+
+ // 2.11: Document Comment
+ // Cardinality: optional, one
+ DocumentComment string `json:"comment,omitempty"`
+
+ CreationInfo *CreationInfo `json:"creationInfo"`
+ Packages []*Package `json:"packages"`
+ Files []*File `json:"files"`
+ OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos"`
+ Relationships []*Relationship `json:"relationships"`
+ Annotations []*Annotation `json:"annotations"`
+ Snippets []Snippet `json:"snippets"`
+
+ // DEPRECATED in version 2.0 of spec
+ Reviews []*Review
+}
diff --git a/spdx/core/file.go b/spdx/core/file.go
new file mode 100644
index 0000000..eeead9f
--- /dev/null
+++ b/spdx/core/file.go
@@ -0,0 +1,101 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// File is a File section of an SPDX Document for version 2.2 of the spec.
+type File struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 4.1: File Name
+ // Cardinality: mandatory, one
+ FileName string `json:"fileName"`
+
+ // 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
+ // Cardinality: mandatory, one
+ FileSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+ // 4.3: File Types
+ // Cardinality: optional, multiple
+ FileTypes []string `json:"fileTypes,omitempty"`
+
+ // 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
+ // Cardinality: mandatory, one SHA1, others may be optionally provided
+ Checksums []common.Checksum `json:"checksums"`
+
+ // 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ LicenseConcluded string `json:"licenseConcluded"`
+
+ // 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one or many
+ LicenseInfoInFiles []string `json:"licenseInfoInFiles"`
+
+ // 4.7: Comments on License
+ // Cardinality: optional, one
+ LicenseComments string `json:"licenseComments,omitempty"`
+
+ // 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ FileCopyrightText string `json:"copyrightText"`
+
+ // DEPRECATED in version 2.1 of spec
+ // 4.9-4.11: Artifact of Project variables (defined below)
+ // Cardinality: optional, one or many
+ ArtifactOfProjects []*ArtifactOfProject `json:"-"`
+
+ // 4.12: File Comment
+ // Cardinality: optional, one
+ FileComment string `json:"comment,omitempty"`
+
+ // 4.13: File Notice
+ // Cardinality: optional, one
+ FileNotice string `json:"noticeText,omitempty"`
+
+ // 4.14: File Contributor
+ // Cardinality: optional, one or many
+ FileContributors []string `json:"fileContributors,omitempty"`
+
+ // 4.15: File Attribution Text
+ // Cardinality: optional, one or many
+ FileAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+ // DEPRECATED in version 2.0 of spec
+ // 4.16: File Dependencies
+ // Cardinality: optional, one or many
+ FileDependencies []string `json:"-"`
+
+ // Snippets contained in this File
+ // Note that Snippets could be defined in a different Document! However,
+ // the only ones that _THIS_ document can contain are this ones that are
+ // defined here -- so this should just be an ElementID.
+ Snippets map[common.ElementID]*Snippet `json:"-"`
+
+ Annotations []Annotation `json:"annotations,omitempty"`
+}
+
+// ArtifactOfProject is a DEPRECATED collection of data regarding
+// a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec.
+type ArtifactOfProject struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // DEPRECATED in version 2.1 of spec
+ // 4.9: Artifact of Project Name
+ // Cardinality: conditional, required if present, one per AOP
+ Name string
+
+ // DEPRECATED in version 2.1 of spec
+ // 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
+ // Cardinality: optional, one per AOP
+ HomePage string
+
+ // DEPRECATED in version 2.1 of spec
+ // 4.11: Artifact of Project Uniform Resource Identifier
+ // Cardinality: optional, one per AOP
+ URI string
+}
diff --git a/spdx/core/other_license.go b/spdx/core/other_license.go
new file mode 100644
index 0000000..bb33bfa
--- /dev/null
+++ b/spdx/core/other_license.go
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+// OtherLicense is an Other License Information section of an
+// SPDX Document for version 2.2 of the spec.
+type OtherLicense struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 6.1: License Identifier: "LicenseRef-[idstring]"
+ // Cardinality: conditional (mandatory, one) if license is not
+ // on SPDX License List
+ LicenseIdentifier string `json:"licenseId"`
+
+ // 6.2: Extracted Text
+ // Cardinality: conditional (mandatory, one) if there is a
+ // License Identifier assigned
+ ExtractedText string `json:"extractedText"`
+
+ // 6.3: License Name: single line of text or "NOASSERTION"
+ // Cardinality: conditional (mandatory, one) if license is not
+ // on SPDX License List
+ LicenseName string `json:"name,omitempty"`
+
+ // 6.4: License Cross Reference
+ // Cardinality: conditional (optional, one or many) if license
+ // is not on SPDX License List
+ LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
+
+ // 6.5: License Comment
+ // Cardinality: optional, one
+ LicenseComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/core/package.go b/spdx/core/package.go
new file mode 100644
index 0000000..df99f13
--- /dev/null
+++ b/spdx/core/package.go
@@ -0,0 +1,139 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Package is a Package section of an SPDX Document for version 2.2 of the spec.
+type Package struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // NOT PART OF SPEC
+ // flag: does this "package" contain files that were in fact "unpackaged",
+ // e.g. included directly in the Document without being in a Package?
+ IsUnpackaged bool
+
+ // 3.1: Package Name
+ // Cardinality: mandatory, one
+ PackageName string `json:"name"`
+
+ // 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
+ // Cardinality: mandatory, one
+ PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+ // 3.3: Package Version
+ // Cardinality: optional, one
+ PackageVersion string `json:"versionInfo,omitempty"`
+
+ // 3.4: Package File Name
+ // Cardinality: optional, one
+ PackageFileName string `json:"packageFileName,omitempty"`
+
+ // 3.5: Package Supplier: may have single result for either Person or Organization,
+ // or NOASSERTION
+ // Cardinality: optional, one
+ PackageSupplier *common.Supplier `json:"supplier,omitempty"`
+
+ // 3.6: Package Originator: may have single result for either Person or Organization,
+ // or NOASSERTION
+ // Cardinality: optional, one
+ PackageOriginator *common.Originator `json:"originator,omitempty"`
+
+ // 3.7: Package Download Location
+ // Cardinality: mandatory, one
+ PackageDownloadLocation string `json:"downloadLocation"`
+
+ // 3.8: FilesAnalyzed
+ // Cardinality: optional, one; default value is "true" if omitted
+ FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
+ // NOT PART OF SPEC: did FilesAnalyzed tag appear?
+ IsFilesAnalyzedTagPresent bool
+
+ // 3.9: Package Verification Code
+ PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"`
+
+ // 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
+ // Cardinality: optional, one or many
+ PackageChecksums []common.Checksum `json:"checksums"`
+
+ // 3.11: Package Home Page
+ // Cardinality: optional, one
+ PackageHomePage string `json:"homepage,omitempty"`
+
+ // 3.12: Source Information
+ // Cardinality: optional, one
+ PackageSourceInfo string `json:"sourceInfo,omitempty"`
+
+ // 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ PackageLicenseConcluded string `json:"licenseConcluded"`
+
+ // 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
+ // zero (must be omitted) if filesAnalyzed is false
+ PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
+
+ // 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ PackageLicenseDeclared string `json:"licenseDeclared"`
+
+ // 3.16: Comments on License
+ // Cardinality: optional, one
+ PackageLicenseComments string `json:"licenseComments,omitempty"`
+
+ // 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ PackageCopyrightText string `json:"copyrightText"`
+
+ // 3.18: Package Summary Description
+ // Cardinality: optional, one
+ PackageSummary string `json:"summary,omitempty"`
+
+ // 3.19: Package Detailed Description
+ // Cardinality: optional, one
+ PackageDescription string `json:"description,omitempty"`
+
+ // 3.20: Package Comment
+ // Cardinality: optional, one
+ PackageComment string `json:"comment,omitempty"`
+
+ // 3.21: Package External Reference
+ // Cardinality: optional, one or many
+ PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
+
+ // 3.22: Package External Reference Comment
+ // Cardinality: conditional (optional, one) for each External Reference
+ // contained within PackageExternalReference2_1 struct, if present
+
+ // 3.23: Package Attribution Text
+ // Cardinality: optional, one or many
+ PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+ // Files contained in this Package
+ Files []*File
+
+ Annotations []Annotation `json:"annotations"`
+}
+
+// PackageExternalReference is an External Reference to additional info
+// about a Package, as defined in section 3.21 in version 2.2 of the spec.
+type PackageExternalReference struct {
+ CoreMetadata Metadata
+
+ // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
+ Category string `json:"referenceCategory"`
+
+ // type is an [idstring] as defined in Appendix VI;
+ // called RefType here due to "type" being a Golang keyword
+ RefType string `json:"referenceType"`
+
+ // locator is a unique string to access the package-specific
+ // info, metadata or content within the target location
+ Locator string `json:"referenceLocator"`
+
+ // 3.22: Package External Reference Comment
+ // Cardinality: conditional (optional, one) for each External Reference
+ ExternalRefComment string `json:"comment"`
+}
diff --git a/spdx/core/relationship.go b/spdx/core/relationship.go
new file mode 100644
index 0000000..7d01d81
--- /dev/null
+++ b/spdx/core/relationship.go
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Relationship is a Relationship section of an SPDX Document for
+// version 2.2 of the spec.
+type Relationship struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 7.1: Relationship
+ // Cardinality: optional, one or more; one per Relationship
+ // one mandatory for SPDX Document with multiple packages
+ // RefA and RefB are first and second item
+ // Relationship is type from 7.1.1
+ RefA common.DocElementID `json:"spdxElementId"`
+ RefB common.DocElementID `json:"relatedSpdxElement"`
+ Relationship string `json:"relationshipType"`
+
+ // 7.2: Relationship Comment
+ // Cardinality: optional, one
+ RelationshipComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/core/review.go b/spdx/core/review.go
new file mode 100644
index 0000000..61b4cab
--- /dev/null
+++ b/spdx/core/review.go
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+// Review is a Review section of an SPDX Document for version 2.2 of the spec.
+// DEPRECATED in version 2.0 of spec; retained here for compatibility.
+type Review struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // DEPRECATED in version 2.0 of spec
+ // 9.1: Reviewer
+ // Cardinality: optional, one
+ Reviewer string
+ // including AnnotatorType: one of "Person", "Organization" or "Tool"
+ ReviewerType string
+
+ // DEPRECATED in version 2.0 of spec
+ // 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
+ // Cardinality: conditional (mandatory, one) if there is a Reviewer
+ ReviewDate string
+
+ // DEPRECATED in version 2.0 of spec
+ // 9.3: Review Comment
+ // Cardinality: optional, one
+ ReviewComment string
+}
diff --git a/spdx/core/snippet.go b/spdx/core/snippet.go
new file mode 100644
index 0000000..0c3cb0b
--- /dev/null
+++ b/spdx/core/snippet.go
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package core
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Snippet is a Snippet section of an SPDX Document for version 2.2 of the spec.
+type Snippet struct {
+ // CoreMetadata includes additional information to map back and forth
+ // to other SPDX types
+ CoreMetadata Metadata
+
+ // 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
+ // Cardinality: mandatory, one
+ SnippetSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+ // 5.2: Snippet from File SPDX Identifier
+ // Cardinality: mandatory, one
+ SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"`
+
+ // Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
+ Ranges []common.SnippetRange `json:"ranges"`
+
+ // 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ SnippetLicenseConcluded string `json:"licenseConcluded"`
+
+ // 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
+ // Cardinality: optional, one or many
+ LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
+
+ // 5.7: Snippet Comments on License
+ // Cardinality: optional, one
+ SnippetLicenseComments string `json:"licenseComments,omitempty"`
+
+ // 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+ // Cardinality: mandatory, one
+ SnippetCopyrightText string `json:"copyrightText"`
+
+ // 5.9: Snippet Comment
+ // Cardinality: optional, one
+ SnippetComment string `json:"comment,omitempty"`
+
+ // 5.10: Snippet Name
+ // Cardinality: optional, one
+ SnippetName string `json:"name,omitempty"`
+
+ // 5.11: Snippet Attribution Text
+ // Cardinality: optional, one or many
+ SnippetAttributionTexts []string `json:"-"`
+}