README
¶
Software Identification Tags
The swid package provides a golang API for manipulating Software Identification (SWID) Tags as described by ISO/IEC 19770-2:2015, NISTIR-8060, as well as by their "concise" counterpart CoSWID.
Resources
Developer tips
Before doing a PR (and routinely during the dev/test cycle) run
make presubmit
and check its output to make sure your code coverage figures are in line with the target and that there are no newly introduced lint problems.
Documentation
¶
Overview ¶
Package swid provides an API for creating and interacting with Software Identification (SWID) Tags as defined by ISO/IEC 19770-2:2015 as well as by their "concise" counterpart (CoSWID) defined by draft-ietf-sacm-coswid.
The library aims at using the most space-efficient encoding when using CBOR and the most expressive one when using XML and JSON, preferring to serialize strings rather tham of their equivalent code-points. When decoding, the most space efficient representation is used. In dealing with unknown code-points, we follow the Postel principle: refusing to encode unknown protocol entities, while accepting unknown values - provided they fit the underlying type system.
Creating Tags ¶
A tag can be created with a call to NewTag() specifying a tag ID, the name of the software being described and its version:
tag, err := NewTag( "com.acme.rrd2013-ce-sp1-v4-1-5-0", "ACME Roadrunner Detector 2013 Coyote Edition SP1", "4.1.5", )
This will generate a Tag with a minimal structure. You can then use the API to add additional information and meta data to the tag.
You will need to add one or more "entity" entries, representing the organization(s) responsible for the information contained in the tag. All entities have an associated "role" and a recommended "registration id":
entity, err := NewEntity(
"The ACME Corporation",
RoleTagCreator, RoleSoftwareCreator,
)
err = entity.SetRegID("acme.com")
The newly created entity can be attached to the parent tag using the AddEntity method:
err = tag.AddEntity(*entity)
Next any number of files, directories as well as other kinds of resources can be collected, e.g.:
fileSize := int64(532712)
fileHash, _ := hex.DecodeString("a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a")
dir := Directory{
FileSystemItem: FileSystemItem{
Root: "%programdata%",
FsName: "rrdetector",
},
PathElements: PathElements{
Files: &Files{
File{
FileSystemItem: FileSystemItem{
FsName: "rrdetector.exe",
},
Size: &fileSize,
Hash: &HashEntry{
HashAlgID: 1,
HashValue: fileHash,
},
},
},
},
}
And subsequently added to the tag's "payload":
payload := NewPayload()
if err := payload.AddDirectory(dir); err != nil { ... }
if err := tag.AddPayload(*payload); err != nil { ... }
Note that the same data structures could be added to an "evidence" instead, were the tag describing a "live" system rather than a software package.
Once the tag is complete, it can be serialized using one of the CBOR, XML or JSON marshalers:
data, err := tag.ToXML() // or tag.ToCBOR(), or tag.ToJSON()
Consuming Tags ¶
A tag can be de-serialized using one of the "From" interfaces. For example, to decode a CoSWID tag from a memory buffer:
var tag SoftwareIdentity
data := []byte{ 0xa6, 0x00, 0x78, 0x21, 0x65, 0x78, ... }
if err := tag.FromCBOR(data); err != nil { ... }
Similarly, for a SWID tag:
var tag SoftwareIdentity
data := []btye(`<SoftwareIdentity xmlns="...`)
if err := tag.FromXML(data); err != nil { ... }
Or a CoSWID/JSON tag:
var tag SoftwareIdentity
data := []btye(`{"tag-id":"example.acme.roadrunner-sw-bl-v1-0-0", ...`)
if err := tag.FromJSON(data); err != nil { ... }
Note that all nested fields are accessible from outside the swid package, so (for now) no special getters are provided by the API.
Enjoy!
Example (CompletePrimaryTag) ¶
tag, _ := NewTag(
"com.acme.rrd2013-ce-sp1-v4-1-5-0",
"ACME Roadrunner Detector 2013 Coyote Edition SP1",
"4.1.5",
)
entity, _ := NewEntity("The ACME Corporation", RoleTagCreator, RoleSoftwareCreator)
_ = entity.SetRegID("acme.com")
_ = tag.AddEntity(*entity)
entity, _ = NewEntity("Coyote Services, Inc.", RoleDistributor)
_ = entity.SetRegID("mycoyote.com")
_ = tag.AddEntity(*entity)
link, _ := NewLink("www.gnu.org/licenses/gpl.txt", *NewRel("license"))
_ = tag.AddLink(*link)
meta := SoftwareMeta{
ActivationStatus: "trial",
Product: "Roadrunner Detector",
ColloquialVersion: "2013",
Edition: "coyote",
Revision: "sp1",
}
_ = tag.AddSoftwareMeta(meta)
fileSize := int64(532712)
fileHash, _ := hex.DecodeString("a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a")
dir := Directory{
FileSystemItem: FileSystemItem{
Root: "%programdata%",
FsName: "rrdetector",
},
PathElements: &PathElements{
Files: &Files{
File{
FileSystemItem: FileSystemItem{
FsName: "rrdetector.exe",
},
Size: &fileSize,
Hash: &HashEntry{
HashAlgID: 1,
HashValue: fileHash,
},
},
},
},
}
file := File{
FileSystemItem: FileSystemItem{
FsName: "test.exe",
},
Size: &fileSize,
Hash: &HashEntry{
HashAlgID: 1,
HashValue: fileHash,
},
}
payload := NewPayload()
_ = payload.AddDirectory(dir)
_ = payload.AddFile(file)
tag.Payload = payload
// encode tag to XML
data, _ := tag.ToXML()
fmt.Println(string(data))
Output: <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" tagId="com.acme.rrd2013-ce-sp1-v4-1-5-0" name="ACME Roadrunner Detector 2013 Coyote Edition SP1" version="4.1.5"><Meta activationStatus="trial" colloquialVersion="2013" edition="coyote" product="Roadrunner Detector" revision="sp1"></Meta><Entity name="The ACME Corporation" regid="acme.com" role="tagCreator softwareCreator"></Entity><Entity name="Coyote Services, Inc." regid="mycoyote.com" role="distributor"></Entity><Link href="www.gnu.org/licenses/gpl.txt" rel="license"></Link><Payload><Directory name="rrdetector" root="%programdata%"><File name="rrdetector.exe" size="532712" hash="sha-256:oxT8LcZjrnpra8Z4dZQFc5bms/VpzVD9XdtNG7r9K2o="></File></Directory><File name="test.exe" size="532712" hash="sha-256:oxT8LcZjrnpra8Z4dZQFc5bms/VpzVD9XdtNG7r9K2o="></File></Payload></SoftwareIdentity>
Example (Links) ¶
// make new tag
tag, _ := NewTag("example.acme.roadrunner-sw-v1-0-0", "Roadrunner software bundle", "1.0.0")
// make entity and add it to the tag
entity, _ := NewEntity("ACME Ltd", RoleTagCreator, RoleSoftwareCreator, RoleAggregator)
_ = entity.SetRegID("acme.example")
_ = tag.AddEntity(*entity)
// make links and append them to tag
link, _ := NewLink("example.acme.roadrunner-hw-v1-0-0", *NewRel("psa-rot-compound"))
_ = tag.AddLink(*link)
link, _ = NewLink("example.acme.roadrunner-sw-bl-v1-0-0", *NewRel(RelComponent))
_ = tag.AddLink(*link)
link, _ = NewLink("example.acme.roadrunner-sw-prot-v1-0-0", *NewRel(RelComponent))
_ = tag.AddLink(*link)
link, _ = NewLink("example.acme.roadrunner-sw-arot-v1-0-0", *NewRel(RelComponent))
_ = tag.AddLink(*link)
// encode tag to JSON
data, _ := tag.ToJSON()
fmt.Println(string(data))
// encode tag to XML
data, _ = tag.ToXML()
fmt.Println(string(data))
Output: {"tag-id":"example.acme.roadrunner-sw-v1-0-0","tag-version":0,"software-name":"Roadrunner software bundle","software-version":"1.0.0","entity":[{"entity-name":"ACME Ltd","reg-id":"acme.example","role":["tagCreator","softwareCreator","aggregator"]}],"link":[{"href":"example.acme.roadrunner-hw-v1-0-0","rel":"psa-rot-compound"},{"href":"example.acme.roadrunner-sw-bl-v1-0-0","rel":"component"},{"href":"example.acme.roadrunner-sw-prot-v1-0-0","rel":"component"},{"href":"example.acme.roadrunner-sw-arot-v1-0-0","rel":"component"}]} <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" tagId="example.acme.roadrunner-sw-v1-0-0" name="Roadrunner software bundle" version="1.0.0"><Entity name="ACME Ltd" regid="acme.example" role="tagCreator softwareCreator aggregator"></Entity><Link href="example.acme.roadrunner-hw-v1-0-0" rel="psa-rot-compound"></Link><Link href="example.acme.roadrunner-sw-bl-v1-0-0" rel="component"></Link><Link href="example.acme.roadrunner-sw-prot-v1-0-0" rel="component"></Link><Link href="example.acme.roadrunner-sw-arot-v1-0-0" rel="component"></Link></SoftwareIdentity>
Index ¶
- Constants
- func MustHexDecode(t *testing.T, s string) []byte
- func ValidHashEntry(algID uint64, value []byte) error
- type CoSWIDExtension
- type Directories
- type Directory
- type DirectoryExtension
- type Entities
- type Entity
- type EntityExtension
- type Evidence
- type EvidenceExtension
- type File
- type FileExtension
- type FileSystemItem
- type Files
- type GlobalAttributes
- type HashEntry
- func (h *HashEntry) AlgIDToString() string
- func (h HashEntry) MarshalJSON() ([]byte, error)
- func (h HashEntry) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (h *HashEntry) Set(algID uint64, value []byte) error
- func (h *HashEntry) UnmarshalJSON(data []byte) error
- func (h *HashEntry) UnmarshalXMLAttr(attr xml.Attr) error
- type Link
- type LinkExtension
- type Links
- type Ownership
- func (o Ownership) Check() error
- func (o Ownership) MarshalCBOR() ([]byte, error)
- func (o Ownership) MarshalJSON() ([]byte, error)
- func (o Ownership) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (o Ownership) String() string
- func (o *Ownership) UnmarshalCBOR(data []byte) error
- func (o *Ownership) UnmarshalJSON(data []byte) error
- func (o *Ownership) UnmarshalXMLAttr(attr xml.Attr) error
- type PathElements
- type Payload
- type PayloadExtension
- type Process
- type ProcessExtension
- type Processes
- type Rel
- func (r Rel) Check() error
- func (r Rel) MarshalCBOR() ([]byte, error)
- func (r Rel) MarshalJSON() ([]byte, error)
- func (r Rel) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (r Rel) String() string
- func (r *Rel) UnmarshalCBOR(data []byte) error
- func (r *Rel) UnmarshalJSON(data []byte) error
- func (r *Rel) UnmarshalXMLAttr(attr xml.Attr) error
- type Resource
- type ResourceCollection
- type ResourceCollectionExtension
- type ResourceExtension
- type Resources
- type Roles
- func (r Roles) Check() error
- func (r Roles) MarshalCBOR() ([]byte, error)
- func (r Roles) MarshalJSON() ([]byte, error)
- func (r Roles) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (r *Roles) Set(roles ...interface{}) error
- func (r Roles) String() string
- func (r *Roles) UnmarshalCBOR(data []byte) error
- func (r *Roles) UnmarshalJSON(data []byte) error
- func (r *Roles) UnmarshalXMLAttr(attr xml.Attr) error
- type SoftwareIdentity
- func (t *SoftwareIdentity) AddEntity(e Entity) error
- func (t *SoftwareIdentity) AddLink(l Link) error
- func (t *SoftwareIdentity) AddSoftwareMeta(m SoftwareMeta) error
- func (t *SoftwareIdentity) FromCBOR(data []byte) error
- func (t *SoftwareIdentity) FromJSON(data []byte) error
- func (t *SoftwareIdentity) FromXML(data []byte) error
- func (t SoftwareIdentity) ToCBOR() ([]byte, error)
- func (t SoftwareIdentity) ToJSON() ([]byte, error)
- func (t SoftwareIdentity) ToXML() ([]byte, error)
- type SoftwareMeta
- type SoftwareMetaExtension
- type SoftwareMetas
- type TagID
- func (t TagID) MarshalCBOR() ([]byte, error)
- func (t TagID) MarshalJSON() ([]byte, error)
- func (t TagID) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (t TagID) String() string
- func (t TagID) URI() string
- func (t *TagID) UnmarshalCBOR(data []byte) error
- func (t *TagID) UnmarshalJSON(data []byte) error
- func (t *TagID) UnmarshalXMLAttr(attr xml.Attr) error
- type Use
- func (u Use) Check() error
- func (u Use) MarshalCBOR() ([]byte, error)
- func (u Use) MarshalJSON() ([]byte, error)
- func (u Use) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (u Use) String() string
- func (u *Use) UnmarshalCBOR(data []byte) error
- func (u *Use) UnmarshalJSON(data []byte) error
- func (u *Use) UnmarshalXMLAttr(attr xml.Attr) error
- type VersionScheme
- func (vs VersionScheme) Check() error
- func (vs VersionScheme) MarshalCBOR() ([]byte, error)
- func (vs VersionScheme) MarshalJSON() ([]byte, error)
- func (vs VersionScheme) MarshalXMLAttr(name xml.Name) (xml.Attr, error)
- func (vs *VersionScheme) SetCode(v int64) error
- func (vs VersionScheme) String() string
- func (vs *VersionScheme) UnmarshalCBOR(data []byte) error
- func (vs *VersionScheme) UnmarshalJSON(data []byte) error
- func (vs *VersionScheme) UnmarshalXMLAttr(attr xml.Attr) error
Examples ¶
Constants ¶
const ( Sha256 uint64 = (iota + 1) Sha256_128 Sha256_120 Sha256_96 Sha256_64 Sha256_32 Sha384 Sha512 Sha3_224 Sha3_256 Sha3_384 Sha3_512 )
Named Information Hash Algorithm Registry https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg
const ( OwnershipAbandon = int64(iota + 1) OwnershipPrivate OwnershipUnknown = ^int64(0) )
Ownership constants
const ( RelAncestor = int64(iota + 1) RelComponent RelFeature RelInstallationMedia RelPackageInstaller RelParent RelPatches RelRequires RelSeeAlso RelSupersedes RelSupplemental RelUnknown = ^int64(0) )
Rel constants
const ( RoleTagCreator = int64(iota + 1) RoleSoftwareCreator RoleAggregator RoleDistributor RoleLicensor RoleMaintainer RoleUnknown = ^int64(0) )
Role constants
const ( UseOptional = int64(iota + 1) UseRequired UseRecommended UseUnknown = ^int64(0) )
Use constants
const ( VersionSchemeMultipartNumeric = int64(iota + 1) VersionSchemeMultipartNumericSuffix VersionSchemeAlphaNumeric VersionSchemeDecimal VersionSchemeSemVer = 16384 VersionSchemeUnknown = ^int64(0) )
VersionScheme constants
Variables ¶
This section is empty.
Functions ¶
func ValidHashEntry ¶
ValidHashEntry checks whether the supplied algorithm identifier and hash value are a coherent pair
Types ¶
type CoSWIDExtension ¶
type CoSWIDExtension struct {
}
CoSWIDExtension is a placeholder for $$coswid-extension
type Directories ¶
type Directories []Directory
Directories models directory-entry / [ 2* directory-entry ],
func (Directories) MarshalCBOR ¶
func (da Directories) MarshalCBOR() ([]byte, error)
MarshalCBOR provides the custom CBOR marshaler for directory entries
func (*Directories) UnmarshalCBOR ¶
func (da *Directories) UnmarshalCBOR(data []byte) error
UnmarshalCBOR provides the custom CBOR unmarshaler for directory entries
type Directory ¶
type Directory struct {
DirectoryExtension
FileSystemItem
*PathElements `cbor:"26,keyasint" json:"path-elements"`
}
Directory models CoSWID directory-entry
type DirectoryExtension ¶
type DirectoryExtension struct {
}
DirectoryExtension is a placeholder for $$directory-extension
type Entities ¶
type Entities []Entity
Entities models entity-entry / [ 2* entity-entry ]
func (Entities) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for entity entries
func (*Entities) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR unmarshaler for entity entries
type Entity ¶
type Entity struct {
// EntityExtension corresponds to the $$entity-extension CDDL socket which
// is used to extend the entity-entry group model.
EntityExtension
GlobalAttributes
// The textual name of the organizational entity claiming the roles
// specified by the role item for the CoSWID tag.
EntityName string `cbor:"31,keyasint" json:"entity-name" xml:"name,attr"`
// The registration id value is intended to uniquely identify a naming
// authority in a given scope (e.g. global, organization, vendor, customer,
// administrative domain, etc.) for the referenced entity. The value of a
// registration ID MUST be a RFC 3986 URI; it is not intended to be
// dereferenced The scope SHOULD be the scope of an organization.
// In a given scope, the registration id MUST be used
// consistently for CoSWID tag production.
RegID string `cbor:"32,keyasint,omitempty" json:"reg-id,omitempty" xml:"regid,attr"`
// An integer or textual value representing the relationship(s) between the
// entity, and this tag or the referenced software component. If an integer
// value is used it MUST be an index value in the range -256 to 255. Integer
// values in the range -256 to -1 are reserved for testing and use in closed
// environments (see Section 6.2.2 of I-D.ietf-sacm-coswid). Integer values
// in the range 0 to 255 correspond to registered entries in the IANA
// "SWID/CoSWID Entity Role Value" registry (see Section 6.2.5 of
// I-D.ietf-sacm-coswid).
// The following additional requirements exist for the use of the "role"
// item:
// * An entity item MUST be provided with the role of "tag-creator" for
// every CoSWID tag. This indicates the organization that created the
// CoSWID tag.
// * An entity item SHOULD be provided with the role of "software-creator"
// for every CoSWID tag, if this information is known to the tag creator.
// This indicates the organization that created the referenced software
// component.
Roles Roles `cbor:"33,keyasint" json:"role" xml:"role,attr"`
// The value of the Thumbprint field provides a hash value
// (i.e. the thumbprint) of the signing entity's public key certificate.
// This provides an indicator of which entity signed the CoSWID tag,
// which will typically be the tag creator. See Section 2.9.1 of
// I-D.ietf-sacm-coswid for more details on the use of the
// hash-entry data structure.
Thumbprint *HashEntry `cbor:"34,keyasint,omitempty" json:"thumbprint,omitempty" xml:"thumbprint,omitempty"`
}
Entity models CoSWID's entity-entry map.
func NewEntity ¶
NewEntity instantiates a new Entity object initialized with the given entityName and roles
func (Entity) GetLang ¶
GetLang gets the language from the embedded GlobalAttributes of the Entity receiver
func (*Entity) SetEntityName ¶
SetEntityName sets the name on the Entity receiver
func (*Entity) SetLang ¶
SetLang sets the language in the embedded GlobalAttributes of the Entity receiver
type EntityExtension ¶
type EntityExtension struct {
}
EntityExtension is a placeholder for $$entity-extension
type Evidence ¶
type Evidence struct {
EvidenceExtension
GlobalAttributes
ResourceCollection
// The date and time the information was collected pertaining to the
// evidence item.
Date time.Time `cbor:"35,keyasint,omitempty" json:"date,omitempty" xml:"date,attr,omitempty"`
// The endpoint's string identifier from which the evidence was
// collected.
DeviceID string `cbor:"36,keyasint,omitempty" json:"device-id,omitempty" xml:"deviceId,attr,omitempty"`
}
Evidence models a evidence-entry
func NewEvidence ¶
NewEvidence instantiates a new Evidence object initialized with the given deviceID
func (*Evidence) AddFile ¶
AddFile adds the supplied File to the embedded ResourceCollection of the Evidence receiver
func (*Evidence) AddProcess ¶
AddProcess adds the supplied Process to the embedded ResourceCollection of the Evidence receiver
type EvidenceExtension ¶
type EvidenceExtension struct {
}
EvidenceExtension is a placeholder for $$evidence-extension
type File ¶
type File struct {
GlobalAttributes
FileExtension
FileSystemItem
// The file's size in bytes.
Size *int64 `cbor:"20,keyasint,omitempty" json:"size,omitempty" xml:"size,attr,omitempty"`
// The file's version as reported by querying information on the file from
// the operating system.
FileVersion string `cbor:"21,keyasint,omitempty" json:"file-version,omitempty" xml:"version,attr,omitempty"`
// Files are expected to include a hash value that provides different level
// of confidence that if the filename, file size and file hash code all
// match, the the file has not been modified in any fashion.
Hash *HashEntry `cbor:"7,keyasint,omitempty" json:"hash,omitempty" xml:"hash,attr,omitempty"`
}
File models CoSWID file-entry
type FileExtension ¶
type FileExtension struct {
}
FileExtension is a placeholder for $$file-extension
type FileSystemItem ¶
type FileSystemItem struct {
// A boolean value indicating if a file or directory is significant or
// required for the software component to execute or function properly.
// These are files or directories that can be used to affirmatively
// determine if the software component is installed on an endpoint.
Key *bool `cbor:"22,keyasint,omitempty" json:"key,omitempty" xml:"key,attr,omitempty"`
// The filesystem path where a file is expected to be located when installed
// or copied. The location MUST be either relative to the location of the
// parent directory item (preferred) or relative to the location of the
// CoSWID tag if no parent is defined. The location MUST NOT include a
// file's name, which is provided by the fs-name item.
Location string `cbor:"23,keyasint,omitempty" json:"location,omitempty" xml:"location,attr,omitempty"`
// The name of the directory or file without any path information.
FsName string `cbor:"24,keyasint" json:"fs-name" xml:"name,attr,omitempty"`
// A filesystem-specific name for the root of the filesystem. The location
// item is considered relative to this location if specified. If not
// provided, the value provided by the location item is expected to be
// relative to its parent or the location of the CoSWID tag if no parent is
// provided.
Root string `cbor:"25,keyasint,omitempty" json:"root,omitempty" xml:"root,attr,omitempty"`
}
FileSystemItem models CoSWID filesystem-item
type Files ¶
type Files []File
Files models file => file-entry / [ 2* file-entry ]
func (Files) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for file entries
func (*Files) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR marshaler for file entries
type GlobalAttributes ¶
type GlobalAttributes struct {
Lang string `cbor:"15,keyasint,omitempty" json:"lang,omitempty" xml:"http://www.w3.org/XML/1998/namespace lang,attr,omitempty"`
}
GlobalAttributes models CoSWID global-attributes
type HashEntry ¶
type HashEntry struct {
// The number used as a value for hash-alg-id is an integer-based
// hash algorithm identifier who's value MUST refer to an ID in the
// IANA "Named Information Hash Algorithm Registry" [IANA.named-information]
// with a Status of "current" (at the time the generator software was built
// or later); other hash algorithms MUST NOT be used. If the hash-alg-id is
// not known, then the integer value "0" MUST be used. This allows for
// conversion from ISO SWID tags [SWID], which do not allow an algorithm to
// be identified for this field.
HashAlgID uint64
// The hash-value MUST represent the raw hash value as a byte string
// (as opposed to, e.g., base64 encoded) generated from the representation
// of the resource using the hash algorithm indicated by hash-alg-id.
HashValue []byte
// contains filtered or unexported fields
}
HashEntry models
func (*HashEntry) AlgIDToString ¶ added in v1.1.0
AlgIDToString provides a conversion from the algorithm ID to the string representation of the algorithm
func (HashEntry) MarshalJSON ¶
MarshalJSON provides the custom JSON marshaler for the HashEntry type
func (HashEntry) MarshalXMLAttr ¶
MarshalXMLAttr provides the custom XML attribute marshaler for the HashEntry type
func (*HashEntry) UnmarshalJSON ¶
UnmarshalJSON provides the custom JSON unmarshaler for the HashEntry type
type Link ¶
type Link struct {
LinkExtension
GlobalAttributes
// To be used with rel="installation-media", this item's value provides the
// path to the installer executable or script that can be run to launch the
// referenced installation. Links with the same artifact name MUST be
// considered mirrors of each other, allowing the installation media to be
// acquired from any of the described sources.
Artifact string `cbor:"37,keyasint,omitempty" json:"artifact,omitempty" xml:"artifact,attr,omitempty"`
// A URI for the referenced resource. The "href" item's value can be, but is
// not limited to, the following (which is a slightly modified excerpt from
// [SWID]):
// * If no URI scheme is provided, then the URI is to be interpreted as
// being relative to the base URI of the CoSWID tag, i.e., the URI
// under which the CoSWID tag was provided. For example,
// "folder/supplemental.coswid"
// * a physical resource location with any acceptable URI scheme (e.g., file://
// http:// https:// ftp://)
// * a URI with "swid:" as the scheme refers to another SWID or CoSWID by
// the referenced tag's tag-id. This URI needs to be resolved in the context
// of the endpoint by software that can lookup other SWID or CoSWID tags.
// For example, "swid:2df9de35-0aff-4a86-ace6-f7dddd1ade4c" references the
// tag with the tag-id value "2df9de35-0aff-4a86-ace6-f7dddd1ade4c".
// * a URI with "swidpath:" as the scheme, which refers to another CoSIWD
// via an XPATH query [W3C.REC-xpath20-20101214] that matches items in that
// tag (Section 5.2). This URI would need to be resolved in the context of
// the system entity via software components that can lookup other CoSWID
// tags and select the appropriate tag based on an XPATH query
// [W3C.REC-xpath20-20101214].
// Examples include:
// * swidpath://SoftwareIdentity[Entity/@regid='http://contoso.com'] would
// retrieve all SWID or CoSWID tags that include an entity where the regid
// is "Contoso"
// * swidpath://SoftwareIdentity[Meta/@persistentId='b0c55172-38e9-4e36-be86-92206ad8eddb']
// would match all SWID or CoSWID tags with the persistent-id value
// "b0c55172-38e9-4e36-be86-92206ad8eddb"
Href string `cbor:"38,keyasint" json:"href" xml:"href,attr"`
// A hint to the consumer of the link to what target platform the link is
// applicable to. This item represents a query as defined by the W3C Media
// Queries Recommendation (see [W3C.REC-css3-mediaqueries-20120619]).
Media string `cbor:"10,keyasint,omitempty" json:"media,omitempty" xml:"media,attr,omitempty"`
// An integer or textual value (integer label with text escape,
// see Section 2, for the "Software Tag Link Ownership Values"
// registry Section 4.3) used when the "href" item references another
// software component to indicate the degree of ownership between the
// software component referenced by the CoSWID tag and the software
// component referenced by the link. If an integer value is used it MUST
// be an index value in the range -256 to 255. Integer values in the range
// -256 to -1 are reserved for testing and use in closed environments
// (see Section 6.2.2). Integer values in the range 0 to 255 correspond
// to registered entries in the "Software Tag Link Ownership Values" registry.
Ownership *Ownership `cbor:"39,keyasint,omitempty" json:"ownership,omitempty" xml:"ownership,attr,omitempty"`
// An integer or textual value that (integer label with text escape,
// see Section 2, for the "Software Tag Link Link Relationship Values"
// registry Section 4.3) identifies the relationship between this CoSWID
// and the target resource identified by the "href" item. If an integer
// value is used it MUST be an index value in the range -256 to 65535.
// Integer values in the range -256 to -1 are reserved for testing and
// use in closed environments (see Section 6.2.2). Integer values in the
// range 0 to 65535 correspond to registered entries in the IANA
// "Software Tag Link Relationship Values" registry (see Section 6.2.7.
// If a string value is used it MUST be either a private use name as defined
// in Section 6.2.2 or a "Relation Name" from the IANA "Link Relation Types"
// registry: https://www.iana.org/assignments/link-relations/link-relations.xhtml
// as defined by [RFC8288]. When a string value defined in the IANA
// "Software Tag Link Relationship Values" registry matches a Relation
// Name defined in the IANA "Link Relation Types" registry, the index
// value in the IANA "Software Tag Link Relationship Values" registry
// MUST be used instead, as this relationship has a specialized meaning
// in the context of a CoSWID tag. String values correspond to registered
// entries in the "Software Tag Link Relationship Values" registry.
Rel Rel `cbor:"40,keyasint" json:"rel" xml:"rel,attr"`
// A link can point to arbitrary resources on the endpoint, local network,
// or Internet using the href item. Use of this item supplies the resource
// consumer with a hint of what type of resource to expect. (This is a hint:
// There is no obligation for the server hosting the target of the URI to
// use the indicated media type when the URI is dereferenced.) Media types
// are identified by referencing a "Name" from the IANA "Media Types"
// registry: http://www.iana.org/assignments/media-types/media-types.xhtml.
// This item maps to '/SoftwareIdentity/Link/@type' in [SWID].
MediaType string `cbor:"41,keyasint,omitempty" json:"media-type,omitempty" xml:"type,attr,omitempty"`
// An integer or textual value (integer label with text escape, see
// Section 2, for the "Software Tag Link Link Relationship Values"
// registry Section 4.3) used to determine if the referenced software
// component has to be installed before installing the software component
// identified by the COSWID tag. If an integer value is used it MUST be an
// index value in the range -256 to 255. Integer values in the range -256
// to -1 are reserved for testing and use in closed environments
// (see Section 6.2.2). Integer values in the range 0 to 255 correspond to
// registered entries in the IANA "Link Use Values" registry (see
// Section 6.2.8. If a string value is used it MUST be a private use name
// as defined in Section 6.2.2. String values correspond to registered
// entries in the "Software Tag Link Use Values" registry
Use *Use `cbor:"42,keyasint,omitempty" json:"use,omitempty" xml:"use,attr,omitempty"`
}
Link models CoSWID's link-entry map
func NewLink ¶
NewLink instantiates a new Link object initialized with the supplied href and link relation
func (Link) GetOwnershipAsString ¶
GetOwnershipAsString returns the ownership attribute of a Link object as a string
func (Link) GetRelAsString ¶
GetRelAsString returns the relation of a Link object as a string
func (Link) GetUseAsString ¶
GetUseAsString returns the use attribute of a Link object as a string
type LinkExtension ¶
type LinkExtension struct {
}
LinkExtension is a placeholder for $$link-extension
type Links ¶
type Links []Link
Links models link-entry / [ 2* link-entry ]
func (Links) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for link entries
func (*Links) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR unmarshaler for link entries
type Ownership ¶
type Ownership struct {
// contains filtered or unexported fields
}
Ownership models the ownership type
func (Ownership) Check ¶
Check returns nil if the Ownership receiver is of type string or code-point (i.e., uint)
func (Ownership) MarshalCBOR ¶
MarshalCBOR encodes the Ownership receiver as code-point if possible, otherwise as string
func (Ownership) MarshalJSON ¶
MarshalJSON encodes the Ownership receiver as string
func (Ownership) MarshalXMLAttr ¶
MarshalXMLAttr encodes the Ownership receiver as XML attribute
func (*Ownership) UnmarshalCBOR ¶
UnmarshalCBOR decodes the supplied data into an Ownership code-point if possible, otherwise as string
func (*Ownership) UnmarshalJSON ¶
UnmarshalJSON decodes the supplied data into an Ownership code-point if possible, otherwise as string
type PathElements ¶
type PathElements struct {
Directories *Directories `cbor:"16,keyasint,omitempty" json:"directory,omitempty" xml:"Directory,omitempty"`
Files *Files `cbor:"17,keyasint,omitempty" json:"file,omitempty" xml:"File,omitempty"`
}
PathElements models CoSWID path-elements-group
type Payload ¶
type Payload struct {
PayloadExtension
GlobalAttributes
ResourceCollection
}
Payload models a payload-entry
func (*Payload) AddDirectory ¶
AddDirectory adds the supplied Directory to the ResourceCollection of the Payload receiver
func (*Payload) AddResource ¶
AddResource adds the supplied Directory to the ResourceCollection of the Payload receiver
type PayloadExtension ¶
type PayloadExtension struct {
}
PayloadExtension is a placeholder for $$payload-extension
type Process ¶
type Process struct {
ProcessExtension
GlobalAttributes
// The software component's process name as it will appear in an endpoint's
// process list.
ProcessName string `cbor:"27,keyasint" json:"process-name" xml:"name,attr"`
// The process ID identified for a running instance of the software
// component in the endpoint's process list. This is used as part of the
// evidence item.
Pid *int `cbor:"28,keyasint,omitempty" json:"pid,omitempty" xml:"pid,attr,omitempty"`
}
Process models a process-entry
type ProcessExtension ¶
type ProcessExtension struct {
}
ProcessExtension is a placeholder for $$process-extension
type Processes ¶
type Processes []Process
Processes models CoSWID process-entry / [ 2* process-entry ]
func (Processes) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for process entries
func (*Processes) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR unmarshaler for process entries
type Rel ¶
type Rel struct {
// contains filtered or unexported fields
}
Rel models the rel type.
func NewRel ¶
func NewRel(v interface{}) *Rel
NewRel returns a Rel initialized with the supplied value v
func (Rel) Check ¶
Check returns nil if the Rel receiver is of type string or code-point (i.e., uint)
func (Rel) MarshalCBOR ¶
MarshalCBOR encodes the Rel receiver as code-point if possible, otherwise as string
func (Rel) MarshalJSON ¶
MarshalJSON encodes the Rel receiver as string
func (Rel) MarshalXMLAttr ¶
MarshalXMLAttr encodes the Rel receiver as XML attribute
func (*Rel) UnmarshalCBOR ¶
UnmarshalCBOR decodes the supplied data into a Rel code-point if possible, otherwise as string
func (*Rel) UnmarshalJSON ¶
UnmarshalJSON decodes the supplied data into a Rel code-point if possible, otherwise as string
type Resource ¶
type Resource struct {
ResourceExtension
GlobalAttributes
Type string `cbor:"29,keyasint" json:"type" xml:"type,attr"`
}
Resource models a resource-entry
type ResourceCollection ¶
type ResourceCollection struct {
ResourceCollectionExtension
PathElements
// A process item allows details to be provided about the runtime behavior
// of the software component, such as information that will appear in a
// process listing on an endpoint
Processes *Processes `cbor:"18,keyasint,omitempty" json:"process,omitempty" xml:"Process,omitempty"`
// A resource item can be used to provide details about an artifact or
// capability expected to be found on an endpoint or evidence collected
// related to the software component. This can be used to represent concepts
// not addressed directly by the directory, file, or process items. Examples
// include: registry keys, bound ports, etc. The equivalent construct in
// [SWID] is currently under specified. As a result, this item might be
// further defined through extension in the future.
Resources *Resources `cbor:"19,keyasint,omitempty" json:"resource,omitempty" xml:"Resource,omitempty"`
}
ResourceCollection models a resource-collection
type ResourceCollectionExtension ¶
type ResourceCollectionExtension struct {
}
ResourceCollectionExtension is a placeholder for $$resource-collection-extension
type ResourceExtension ¶
type ResourceExtension struct {
}
ResourceExtension is a placeholder for $$resource-extension
type Resources ¶
type Resources []Resource
Resources models CoSWID resource-entry / [ 2* resource-entry ]
func (Resources) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for resource entries
func (*Resources) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR unmarshaler for resource entries
type Roles ¶
type Roles struct {
// contains filtered or unexported fields
}
Roles models the role type
func (Roles) Check ¶
Check returns nil if all the roles stored in the Roles receiver are of type string or code-point (i.e., uint).
func (Roles) MarshalCBOR ¶
MarshalCBOR provides the custom CBOR marshaler for the Roles type that takes care of the $role / [ 2* $role ] variants
func (Roles) MarshalJSON ¶
MarshalJSON provides the custom JSON marshaler for the Roles type that takes care of the $role / [ 2* $role ] variants
func (Roles) MarshalXMLAttr ¶
MarshalXMLAttr provides a custom XML attribute marshaler for the Roles type
func (*Roles) Set ¶
Set the supplied roles in the Roles receiver. The set operation fails if any of the supplied roles does not validate (see Check)
func (Roles) String ¶
String returns the value of the Roles receiver as a string Unknown roles are returned as "role(" + code-point + ")"
func (*Roles) UnmarshalCBOR ¶
UnmarshalCBOR provides the custom CBOR unmarshaler for the Roles type that takes care of the $role / [ 2* $role ] variants. (Note that we accept [ 1* $role ] as valid too.
func (*Roles) UnmarshalJSON ¶
UnmarshalJSON provides the custom JSON unmarshaler for the Roles type that takes care of the $role / [ 2* $role ] variants. (Note that we accept [ 1* $role ] as valid too.
type SoftwareIdentity ¶
type SoftwareIdentity struct {
XMLName xml.Name `cbor:"-" json:"-"`
CoSWIDExtension
GlobalAttributes
// A 16 byte binary string or textual identifier uniquely referencing a
// software component. The tag identifier MUST be globally unique. If
// represented as a 16 byte binary string, the identifier MUST be a valid
// universally unique identifier as defined by [RFC4122]. There are no
// strict guidelines on how this identifier is structured, but examples
// include a 16 byte GUID (e.g. class 4 UUID) [RFC4122], or a text string
// appended to a DNS domain name to ensure uniqueness across organizations.
TagID TagID `cbor:"0,keyasint" json:"tag-id" xml:"tagId,attr"`
// An integer value that indicate the specific release revision of the tag.
// Typically, the initial value of this field is set to 0 and the value is
// monotonically increased for subsequent tags produced for the same
// software component release. This value allows a CoSWID tag producer to
// correct an incorrect tag previously released without indicating a change
// to the underlying software component the tag represents. For example, the
// tag version could be changed to add new metadata, to correct a broken
// link, to add a missing payload entry, etc. When producing a revised tag,
// the new tag-version value MUST be greater than the old tag-version value.
TagVersion int `cbor:"12,keyasint" json:"tag-version" xml:"tagVersion,attr,omitempty"`
// A boolean value that indicates if the tag identifies and describes an
// installable software component in its pre-installation state. Installable
// software includes a installation package or installer for a software
// component, a software update, or a patch. If the CoSWID tag represents
// installable software, the corpus item MUST be set to "true". If not
// provided, the default value MUST be considered "false"
Corpus bool `cbor:"8,keyasint,omitempty" json:"corpus,omitempty" xml:"corpus,attr,omitempty"`
// A boolean value that indicates if the tag identifies and describes an
// installed patch that has made incremental changes to a software component
// installed on an endpoint. Typically, an installed patch has made a set of
// file modifications to pre-installed software and does not alter the
// version number or the descriptive metadata of an installed software
// component. If a CoSWID tag is for a patch, the patch item MUST be set to
// "true". If not provided, the default value MUST be considered "false".
//
// Note: If the software component's version number is modified, then the
// correct course of action would be to replace the previous primary tag for
// the component with a new primary tag that reflected this new version. In
// such a case, the new tag would have a patch item value of "false" or
// would omit this item completely.
Patch bool `cbor:"9,keyasint,omitempty" json:"patch,omitempty" xml:"patch,attr,omitempty"`
// A boolean value that indicates if the tag is providing additional
// information to be associated with another referenced SWID or CoSWID tag.
// This allows tools and users to record their own metadata about a software
// component without modifying SWID primary or patch tags created by a
// software provider. If a CoSWID tag is a supplemental tag, the
// supplemental item MUST be set to "true". If not provided, the default
// value MUST be considered "false".
Supplemental bool `cbor:"11,keyasint,omitempty" json:"supplemental,omitempty" xml:"supplemental,attr,omitempty"`
// This textual item provides the software component's name. This name is
// likely the same name that would appear in a package management tool.
SoftwareName string `cbor:"1,keyasint" json:"software-name" xml:"name,attr"`
// A textual value representing the specific release or development version
// of the software component.
SoftwareVersion string `cbor:"13,keyasint,omitempty" json:"software-version,omitempty" xml:"version,attr"`
// An integer or textual value representing the versioning scheme used for
// the software-version item. If an integer value is used it MUST be an
// index value in the range -256 to 65535. Integer values in the range -256
// to -1 are reserved for testing and use in closed environments (see
// section Section 5.2.2). Integer values in the range 0 to 65535 correspond
// to registered entries in the IANA "SWID/CoSWID Version Scheme Value"
// registry (see section Section 5.2.4. If a string value is used it MUST be
// a private use name as defined in section Section 5.2.2. String values
// based on a Version Scheme Name from the IANA "SWID/CoSWID Version Scheme
// Value" registry MUST NOT be used, as these values are less concise than
// their index value equivalent.
VersionScheme *VersionScheme `cbor:"14,keyasint,omitempty" json:"version-scheme,omitempty" xml:"versionScheme,attr,omitempty"`
// This text value is a hint to the tag consumer to understand what target
// platform this tag applies to. This item represents a query as defined by
// the W3C Media Queries Recommendation (see
// http://www.w3.org/TR/2012/REC-css3-mediaqueries-20120619)
Media string `cbor:"10,keyasint,omitempty" json:"media,omitempty" xml:"media,attr,omitempty"`
// An open-ended map of key/value data pairs. A number of predefined keys
// can be used within this item providing for common usage and semantics
// across the industry. Use of this map allows any additional attribute to
// be included in the tag. It is expected that industry groups will use a
// common set of attribute names to allow for interoperability within their
// communities.
SoftwareMetas *SoftwareMetas `cbor:"5,keyasint,omitempty" json:"software-meta,omitempty" xml:"Meta,omitempty"`
// Provides information about one or more organizations responsible for
// producing the CoSWID tag, and producing or releasing the software
// component referenced by this CoSWID tag.
Entities Entities `cbor:"2,keyasint" json:"entity" xml:"Entity"`
// Provides a means to establish relationship arcs between the tag and
// another items. A given link can be used to establish the relationship
// between tags or to reference another resource that is related to the
// CoSWID tag, e.g. vulnerability database association, ROLIE feed
// [RFC8322], MUD resource [RFC8520], software download location, etc). This
// is modeled after the HTML "link" element.
Links *Links `cbor:"4,keyasint,omitempty" json:"link,omitempty" xml:"Link,omitempty"`
// This item represents a collection of software artifacts (described by
// child items) that compose the target software. For example, these
// artifacts could be the files included with an installer for a corpus tag
// or installed on an endpoint when the software component is installed for
// a primary or patch tag. The artifacts listed in a payload may be a
// superset of the software artifacts that are actually installed. Based on
// user selections at install time, an installation might not include every
// artifact that could be created or executed on the endpoint when the
// software component is installed or run.
Payload *Payload `cbor:"6,keyasint,omitempty" json:"payload,omitempty" xml:"Payload,omitempty"`
// This item can be used to record the results of a software discovery
// process used to identify untagged software on an endpoint or to represent
// indicators for why software is believed to be installed on the endpoint.
// In either case, a CoSWID tag can be created by the tool performing an
// analysis of the software components installed on the endpoint.
Evidence *Evidence `cbor:"3,keyasint,omitempty" json:"evidence,omitempty" xml:"Evidence,omitempty"`
}
SoftwareIdentity represents the top-level SWID
func NewTag ¶
func NewTag(tagID interface{}, softwareName, softwareVersion string) (*SoftwareIdentity, error)
NewTag instantiates a new SWID tag with the supplied tag identifier and software name and version
func (*SoftwareIdentity) AddEntity ¶
func (t *SoftwareIdentity) AddEntity(e Entity) error
AddEntity adds the supplied Entity to the receiver SoftwareIdentity
func (*SoftwareIdentity) AddLink ¶
func (t *SoftwareIdentity) AddLink(l Link) error
AddLink adds the supplied Link to the receiver SoftwareIdentity
func (*SoftwareIdentity) AddSoftwareMeta ¶
func (t *SoftwareIdentity) AddSoftwareMeta(m SoftwareMeta) error
AddSoftwareMeta adds the supplied SoftwareMeta to the receiver SoftwareIdentity
func (*SoftwareIdentity) FromCBOR ¶
func (t *SoftwareIdentity) FromCBOR(data []byte) error
FromCBOR deserializes the supplied CBOR encoded CoSWID into the receiver SoftwareIdentity
func (*SoftwareIdentity) FromJSON ¶
func (t *SoftwareIdentity) FromJSON(data []byte) error
FromJSON deserializes the supplied JSON encoded CoSWID into the receiver SoftwareIdentity
func (*SoftwareIdentity) FromXML ¶
func (t *SoftwareIdentity) FromXML(data []byte) error
FromXML deserializes the supplied XML encoded SWID into the receiver SoftwareIdentity
func (SoftwareIdentity) ToCBOR ¶
func (t SoftwareIdentity) ToCBOR() ([]byte, error)
ToCBOR serializes the receiver SoftwareIdentity to CoSWID
func (SoftwareIdentity) ToJSON ¶
func (t SoftwareIdentity) ToJSON() ([]byte, error)
ToJSON serializes the receiver SoftwareIdentity to CoSWID using the JSON formatter
func (SoftwareIdentity) ToXML ¶
func (t SoftwareIdentity) ToXML() ([]byte, error)
ToXML serializes the receiver SoftwareIdentity to SWID
type SoftwareMeta ¶
type SoftwareMeta struct {
SoftwareMetaExtension
GlobalAttributes
// A textual value that identifies how the software component has been
// activated, which might relate to specific terms and conditions for its
// use (e.g. Trial, Serialized, Licensed, Unlicensed, etc) and relate to an
// entitlement. This attribute is typically used in supplemental tags as it
// contains information that might be selected during a specific install.
ActivationStatus string `cbor:"43,keyasint,omitempty" json:"activation-status,omitempty" xml:"activationStatus,attr,omitempty"`
// A textual value that identfies which sales, licensing, or marketing
// channel the software component has been targeted for (e.g. Volume,
// Retail, OEM, Academic, etc). This attribute is typically used in
// supplemental tags as it contains information that might be selected
// during a specific install.
ChannelType string `cbor:"44,keyasint,omitempty" json:"channel-type,omitempty" xml:"channelType,attr,omitempty"`
// A textual value for the software component's informal or colloquial
// version. Examples may include a year value, a major version number, or
// similar value that are used to identify a group of specific software
// component releases that are part of the same release/support cycle. This
// version can be the same through multiple releases of a software
// component, while the software-version specified in the concise-swid-tag
// group is much more specific and will change for each software component
// release. This version is intended to be used for string comparison
// (byte-by-byte) only and is not intended to be used to determine if a
// specific value is earlier or later in a sequence.
ColloquialVersion string `cbor:"45,keyasint,omitempty" json:"colloquial-version,omitempty" xml:"colloquialVersion,attr,omitempty"`
// A textual value that provides a detailed description of the software
// component. This value MAY be multiple paragraphs separated by CR LF
// characters as described by [RFC5198].
Description string `cbor:"46,keyasint,omitempty" json:"description,omitempty" xml:"description,attr,omitempty"`
// A textual value indicating that the software component represents a
// functional variation of the code base used to support multiple software
// components. For example, this item can be used to differentiate
// enterprise, standard, or professional variants of a software component.
Edition string `cbor:"47,keyasint,omitempty" json:"edition,omitempty" xml:"edition,attr,omitempty"`
// A boolean value that can be used to determine if accompanying proof of
// entitlement is needed when a software license reconciliation process is
// performed.
EntitlementDataRequired *bool `cbor:"48,keyasint,omitempty" json:"entitlement-data-required,omitempty" xml:"entitlementDataRequired,attr,omitempty"`
// A vendor-specific textual key that can be used to identify and establish
// a relationship to an entitlement. Examples of an entitlement-key might
// include a serial number, product key, or license key. For values that
// relate to a given software component install (i.e., license key), a
// supplemental tag will typically contain this information. In other cases,
// where a general-purpose key can be provided that applies to all possible
// installs of the software component on different endpoints, a primary tag
// will typically contain this information. Since CoSWID tags are not
// intended to contain confidential information, tag authors are advised
// not to record unprotected, private software license keys in this field.
EntitlementKey string `cbor:"49,keyasint,omitempty" json:"entitlement-key,omitempty" xml:"entitlementKey,attr,omitempty"`
// The name (or tag-id) of the software component that created the CoSWID
// tag. If the generating software component has a SWID or CoSWID tag, then
// the tag-id for the generating software component SHOULD be provided.
Generator *TagID `cbor:"50,keyasint,omitempty" json:"generator,omitempty" xml:"generator,attr,omitempty"`
// A globally unique identifier used to identify a set of software
// components that are related. Software components sharing the same
// persistent-id can be different versions. This item can be used to relate
// software components, released at different points in time or through
// different release channels, that may not be able to be related through
// use of the link item.
PersistentID string `cbor:"51,keyasint,omitempty" json:"persistent-id,omitempty" xml:"persistentId,attr,omitempty"`
// A basic name for the software component that can be common across
// multiple tagged software components (e.g., Apache HTTPD).
Product string `cbor:"52,keyasint,omitempty" json:"product,omitempty" xml:"product,attr,omitempty"`
// A textual value indicating the software components overall product
// family. This should be used when multiple related software components
// form a larger capability that is installed on multiple different
// endpoints. For example, some software families may consist of server,
// client, and shared service components that are part of a larger
// capability. Email systems, enterprise applications, backup services, web
// conferencing, and similar capabilities are examples of families. Use of
// this item is not intended to represent groups of software that are
// bundled or installed together. The persistent-id or link items SHOULD be
// used to relate bundled software components.
ProductFamily string `cbor:"53,keyasint,omitempty" json:"product-family,omitempty" xml:"productFamily,attr,omitempty"`
// A string value indicating an informal or colloquial release version of
// the software. This value can provide a different version value as
// compared to the software-version specified in the concise-swid-tag group.
// This is useful when one or more releases need to have an informal version
// label that differs from the specific exact version value specified by
// software-version. Examples can include SP1, RC1, Beta, etc.
Revision string `cbor:"54,keyasint,omitempty" json:"revision,omitempty" xml:"revision,attr,omitempty"`
// A short description of the software component. This MUST be a single
// sentence suitable for display in a user interface.
Summary string `cbor:"55,keyasint,omitempty" json:"summary,omitempty" xml:"summary,attr,omitempty"`
// An 8 digit UNSPSC classification code for the software component. For
// more information see https://www.unspsc.org/
UnspscCode string `cbor:"56,keyasint,omitempty" json:"unspsc-code,omitempty" xml:"unspscCode,attr,omitempty"`
// The version of UNSPSC used to define the unspsc-code value.
UnspscVersion string `cbor:"57,keyasint,omitempty" json:"unspsc-version,omitempty" xml:"unspscVersion,attr,omitempty"`
}
SoftwareMeta models CoSWID's software-meta-entry map
type SoftwareMetaExtension ¶
type SoftwareMetaExtension struct {
}
SoftwareMetaExtension is a placeholder for $$software-meta-extension
type SoftwareMetas ¶
type SoftwareMetas []SoftwareMeta
SoftwareMetas models CoSWID software-meta-entry / [ 2* software-meta-entry ]
func (SoftwareMetas) MarshalCBOR ¶
func (sma SoftwareMetas) MarshalCBOR() ([]byte, error)
MarshalCBOR provides the custom CBOR marshaler for software-meta entries
func (*SoftwareMetas) UnmarshalCBOR ¶
func (sma *SoftwareMetas) UnmarshalCBOR(data []byte) error
UnmarshalCBOR provides the custom CBOR unmarshaler for software-meta entries
type TagID ¶
type TagID struct {
// contains filtered or unexported fields
}
TagID is the type of a tag identifier. Allowed formats are string or a valid universally unique identifier (UUID) as defined by RFC4122.
func NewTagID ¶
func NewTagID(v interface{}) *TagID
NewTagID takes a UUID as either a string, byte array or google.uuid.UUID and returns a TagID
func NewTagIDFromString ¶
NewTagIDFromString takes an untyped string and returns a TagID
func NewTagIDFromUUIDBytes ¶
NewTagIDFromUUIDBytes takes an UUID as byte array and returns a TagID
func NewTagIDFromUUIDString ¶
NewTagIDFromUUIDString takes an UUID in string form and returns a TagID
func (TagID) MarshalCBOR ¶
MarshalCBOR encodes the TagID receiver to CBOR
func (TagID) MarshalJSON ¶
MarshalJSON encodes the TagID receiver as JSON string
func (TagID) MarshalXMLAttr ¶
MarshalXMLAttr encodes the TagID receiver as XML attribute
func (TagID) String ¶
String returns the value of the TagID as string. If the TagID has type UUID, the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, is returned
func (TagID) URI ¶
Returns TagID in URI representation according to CoSWID Spec useful for URI fields like link->href
func (*TagID) UnmarshalCBOR ¶
UnmarshalCBOR decodes the supplied data into a TagID
func (*TagID) UnmarshalJSON ¶
UnmarshalJSON decodes the supplied JSON data into a TagID. If TagID is of type UUID, the string form, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, is expected.
type Use ¶
type Use struct {
// contains filtered or unexported fields
}
Use models the use type.
func (Use) Check ¶
Check returns nil if the Use receiver is of type string or code-point (i.e., uint)
func (Use) MarshalCBOR ¶
MarshalCBOR encodes the Use receiver as code-point if possible, otherwise as string
func (Use) MarshalJSON ¶
MarshalJSON encodes the Use receiver as string
func (Use) MarshalXMLAttr ¶
MarshalXMLAttr encodes the Use receiver as XML attribute
func (*Use) UnmarshalCBOR ¶
UnmarshalCBOR decodes the supplied data into a Use code-point if possible, otherwise as string
func (*Use) UnmarshalJSON ¶
UnmarshalJSON decodes the supplied data into a Use code-point if possible, otherwise as string
type VersionScheme ¶
type VersionScheme struct {
// contains filtered or unexported fields
}
VersionScheme models the version-scheme type.
func (VersionScheme) Check ¶
func (vs VersionScheme) Check() error
Check returns nil if the VersionScheme receiver is of type string or code-point (i.e., int)
func (VersionScheme) MarshalCBOR ¶
func (vs VersionScheme) MarshalCBOR() ([]byte, error)
MarshalCBOR encodes the VersionScheme receiver as code-point if possible, otherwise as string
func (VersionScheme) MarshalJSON ¶
func (vs VersionScheme) MarshalJSON() ([]byte, error)
MarshalJSON encodes the VersionScheme receiver as string
func (VersionScheme) MarshalXMLAttr ¶
MarshalXMLAttr encodes the VersionScheme receiver as XML attribute
func (*VersionScheme) SetCode ¶
func (vs *VersionScheme) SetCode(v int64) error
func (VersionScheme) String ¶
func (vs VersionScheme) String() string
String returns the value of the VersionScheme receiver as a string
func (*VersionScheme) UnmarshalCBOR ¶
func (vs *VersionScheme) UnmarshalCBOR(data []byte) error
UnmarshalCBOR decodes the supplied data into a VersionScheme code-point if possible, otherwise as string
func (*VersionScheme) UnmarshalJSON ¶
func (vs *VersionScheme) UnmarshalJSON(data []byte) error
UnmarshalJSON decodes the supplied data into an VersionScheme code-point if possible, otherwise as string
func (*VersionScheme) UnmarshalXMLAttr ¶
func (vs *VersionScheme) UnmarshalXMLAttr(attr xml.Attr) error
UnmarshalXMLAttr decodes the supplied XML attribute into a VersionScheme code-point if possible, otherwise as string
Source Files
¶
- cbor.go
- common.go
- coswid_extension.go
- directories.go
- directory.go
- directory_extension.go
- doc.go
- entities.go
- entity.go
- entity_extension.go
- evidence.go
- evidence_extension.go
- file.go
- file_extension.go
- files.go
- filesystemitem.go
- globalattributes.go
- hashentry.go
- link.go
- link_extension.go
- links.go
- ownership.go
- payload.go
- payload_extension.go
- process.go
- process_extension.go
- processes.go
- rel.go
- resource.go
- resource_extension.go
- resourcecollection.go
- resourcecollection_extension.go
- resources.go
- roles.go
- roundtripper.go
- softwareidentity.go
- softwaremeta.go
- softwaremeta_extension.go
- softwaremetas.go
- tagid.go
- test_utils.go
- use.go
- versionscheme.go