/src/CMake/Source/cmSpdx.h

Source
/* Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
   file LICENSE.rst or https://cmake.org/licensing for details.  */
#pragma once
#include <string>
#include <vector>

#include <cm/optional>

#include "cmSbomObject.h"

class cmSbomSerializer;

using Datetime = std::string;
using MediaType = std::string;
using SemVer = std::string;

struct cmSpdxExternalIdentifier
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalIdentifierType;
  cm::optional<std::string> Identifier;
  cm::optional<std::string> Comment;
  cm::optional<std::string> IdentifierLocation;
  cm::optional<std::string> IssuingAuthority;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxExternalRef
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalRefType;
  cm::optional<std::string> Locator;
  cm::optional<std::string> ContentType;
  cm::optional<std::string> Comment;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxCreationInfo
{
  cm::optional<std::string> SpdxId;
  cm::optional<SemVer> SpecVersion;
  cm::optional<std::string> Comment;
  cm::optional<Datetime> Created;
  std::vector<cmSbomObject> CreatedBy;
  std::vector<cmSbomObject> CreatedUsing;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxIntegrityMethod
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Comment;

  enum HashAlgorithmId
  {
    ADLER32,
    BLAKE2B256,
    BLAKE2B384,
    BLAKE2B512,
    BLAKE3,
    MD2,
    MD4,
    MD5,
    MD6,
    SHA1,
    SHA224,
    SHA256,
    SHA384,
    SHA512,
    SHA3_256,
    SHA3_384,
    SHA3_512,
  };

  cmSpdxIntegrityMethod() = default;
  cmSpdxIntegrityMethod(cmSpdxIntegrityMethod const&) = default;
  cmSpdxIntegrityMethod(cmSpdxIntegrityMethod&&) = default;
  cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod const&) = default;
  cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod&&) = default;

  virtual void Serialize(cmSbomSerializer&) const;
  virtual ~cmSpdxIntegrityMethod() = default;
};

struct cmSpdxChecksum
{
  cm::optional<std::string> SpdxId;
  cmSpdxIntegrityMethod::HashAlgorithmId Algorithm;
  std::string ChecksumValue;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxElement
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Name;
  cm::optional<std::string> Summary;
  cm::optional<std::string> Description;
  cm::optional<std::string> Comment;
  cm::optional<cmSbomObject> CreationInfo;
  cm::optional<cmSbomObject> VerifiedUsing;
  std::vector<cmSbomObject> ExternalRef;
  std::vector<cmSbomObject> ExternalIdentifier;
  cm::optional<cmSbomObject> Extension;

  cmSpdxElement() = default;
  cmSpdxElement(cmSpdxElement const&) = default;
  cmSpdxElement(cmSpdxElement&&) = default;
  cmSpdxElement& operator=(cmSpdxElement const&) = default;
  cmSpdxElement& operator=(cmSpdxElement&&) = default;

  virtual ~cmSpdxElement() = default;
  virtual void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxTool final : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxAgent : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxOrganization final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPerson final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSoftwareAgent final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPositiveIntegerRange
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> BeginIntegerRange;
  cm::optional<std::string> EndIntegerRange;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxRelationship : cmSpdxElement
{
  enum RelationshipTypeId
  {
    DESCRIBES,
    CONTAINS,
    DEPENDS_ON,
    OTHER
  };

  cm::optional<cmSbomObject> From;
  std::vector<cmSbomObject> To;
  cm::optional<RelationshipTypeId> RelationshipType;
  cm::optional<Datetime> StartTime;
  cm::optional<Datetime> EndTime;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxLifecycleScopedRelationship final : cmSpdxRelationship
{
  enum ScopeId
  {
    BUILD,
    DESIGN,
    RUNTIME,
    TEST
  };

  cm::optional<ScopeId> Scope;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxArtifact : cmSpdxElement
{
  enum SupportTypeId
  {
    COMMUNITY,
    COMMERCIAL,
    NONE
  };

  std::vector<cmSbomObject> OriginatedBy;
  cm::optional<cmSbomObject> SuppliedBy;
  cm::optional<Datetime> BuiltTime;
  cm::optional<Datetime> ReleaseTime;
  cm::optional<Datetime> ValidUntilTime;
  cm::optional<std::string> StandardName;
  cm::optional<SupportTypeId> Support;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxIndividualElement final : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxAnnotation final : cmSpdxElement
{
  enum AnnotationTypeId
  {
    REVIEW,
    OTHER
  };

  cm::optional<AnnotationTypeId> AnnotationType;
  cm::optional<MediaType> ContentType;
  cm::optional<std::string> Statement;
  cm::optional<cmSbomObject> Element;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxExternalMap
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalSpdxId;
  cm::optional<cmSbomObject> VerifiedUsing;
  cm::optional<std::string> LocationHistory;
  cm::optional<cmSbomObject> DefiningArtifact;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxNamespaceMap
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Prefix;
  cm::optional<std::string> Namespace;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxElementCollection : cmSpdxElement
{
  std::vector<cmSbomObject> Elements;
  std::vector<cmSbomObject> RootElements;
  std::vector<std::string> ProfileConformance;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPackageVerificationCode final : cmSpdxIntegrityMethod
{
  cm::optional<HashAlgorithmId> Algorithm;
  cm::optional<std::string> HashValue;
  cm::optional<std::string> PackageVerificationCodeExcludedFile;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxHash final : cmSpdxIntegrityMethod
{
  HashAlgorithmId HashAlgorithm;
  std::string HashValue;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxBundle : cmSpdxElementCollection
{
  cm::optional<std::string> Context;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxBom : cmSpdxBundle
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSbom final : cmSpdxBom
{
  enum TypeId
  {
    ANALYZED,
    BUILD,
    DEPLOYED,
    DESIGN,
    RUNTIME,
    SOURCE,
    TEST
  };

  cm::optional<std::vector<TypeId>> Types;
  cm::optional<TypeId> LifecycleScope;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSoftwareArtifact : cmSpdxArtifact
{
  enum PurposeId
  {
    APPLICATION,
    ARCHIVE,
    CONTAINER,
    DATA,
    DEVICE,
    FIRMWARE,
    FILE,
    INSTALL,
    LIBRARY,
    MODULE,
    OPERATING_SYSTEM,
    SOURCE
  };

  cm::optional<PurposeId> PrimaryPurpose;
  cm::optional<std::vector<PurposeId>> AdditionalPurpose;
  cm::optional<std::string> CopyrightText;
  cm::optional<std::string> AttributionText;
  cm::optional<cmSbomObject> ContentIdentifier;
  cm::optional<std::string> ArtifactSize;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPackage final : cmSpdxSoftwareArtifact
{
  cm::optional<std::string> DownloadLocation;
  cm::optional<std::string> Homepage;
  cm::optional<std::string> PackageVersion;
  cm::optional<std::string> PackageUrl;
  cm::optional<std::string> SourceInfo;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxDocument final : cmSpdxElementCollection
{
  cm::optional<cmSbomObject> ExternalMap;
  cm::optional<cmSbomObject> NamespaceMap;
  std::string DataLicense;

  void Serialize(cmSbomSerializer& serializer) const override;
};

struct cmSpdxContentIdentifier final : cmSpdxIntegrityMethod
{
  cm::optional<std::string> ContentIdentifierType;
  cm::optional<std::string> ContentValue;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxFile final : cmSpdxArtifact
{
  enum FileKindId
  {
    DIRECTORY,
    FILE
  };
  cm::optional<MediaType> ContentType;
  cm::optional<FileKindId> FileType;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSnippet final : cmSpdxSoftwareArtifact
{
  cm::optional<std::string> ByteRange;
  cm::optional<std::string> LineRange;
  cm::optional<cmSbomObject> SnippetFromFile;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSbomDocument
{
  cm::optional<std::string> Context;
  std::vector<cmSbomObject> Graph;

  void Serialize(cmSbomSerializer&) const;
};

Coverage Report

Created: 2026-02-09 06:05

Line	Count	Source
1		/* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
2		file LICENSE.rst or https://cmake.org/licensing for details. */
3		#pragma once
4		#include <string>
5		#include <vector>
6
7		#include <cm/optional>
8
9		#include "cmSbomObject.h"
10
11		class cmSbomSerializer;
12
13		using Datetime = std::string;
14		using MediaType = std::string;
15		using SemVer = std::string;
16
17		struct cmSpdxExternalIdentifier
18		{
19		cm::optional<std::string> SpdxId;
20		cm::optional<std::string> ExternalIdentifierType;
21		cm::optional<std::string> Identifier;
22		cm::optional<std::string> Comment;
23		cm::optional<std::string> IdentifierLocation;
24		cm::optional<std::string> IssuingAuthority;
25
26		void Serialize(cmSbomSerializer&) const;
27		};
28
29		struct cmSpdxExternalRef
30		{
31		cm::optional<std::string> SpdxId;
32		cm::optional<std::string> ExternalRefType;
33		cm::optional<std::string> Locator;
34		cm::optional<std::string> ContentType;
35		cm::optional<std::string> Comment;
36
37		void Serialize(cmSbomSerializer&) const;
38		};
39
40		struct cmSpdxCreationInfo
41		{
42		cm::optional<std::string> SpdxId;
43		cm::optional<SemVer> SpecVersion;
44		cm::optional<std::string> Comment;
45		cm::optional<Datetime> Created;
46		std::vector<cmSbomObject> CreatedBy;
47		std::vector<cmSbomObject> CreatedUsing;
48
49		void Serialize(cmSbomSerializer&) const;
50		};
51
52		struct cmSpdxIntegrityMethod
53		{
54		cm::optional<std::string> SpdxId;
55		cm::optional<std::string> Comment;
56
57		enum HashAlgorithmId
58		{
59		ADLER32,
60		BLAKE2B256,
61		BLAKE2B384,
62		BLAKE2B512,
63		BLAKE3,
64		MD2,
65		MD4,
66		MD5,
67		MD6,
68		SHA1,
69		SHA224,
70		SHA256,
71		SHA384,
72		SHA512,
73		SHA3_256,
74		SHA3_384,
75		SHA3_512,
76		};
77
78		cmSpdxIntegrityMethod() = default;
79		cmSpdxIntegrityMethod(cmSpdxIntegrityMethod const&) = default;
80		cmSpdxIntegrityMethod(cmSpdxIntegrityMethod&&) = default;
81		cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod const&) = default;
82		cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod&&) = default;
83
84		virtual void Serialize(cmSbomSerializer&) const;
85	0	virtual ~cmSpdxIntegrityMethod() = default;
86		};
87
88		struct cmSpdxChecksum
89		{
90		cm::optional<std::string> SpdxId;
91		cmSpdxIntegrityMethod::HashAlgorithmId Algorithm;
92		std::string ChecksumValue;
93
94		void Serialize(cmSbomSerializer&) const;
95		};
96
97		struct cmSpdxElement
98		{
99		cm::optional<std::string> SpdxId;
100		cm::optional<std::string> Name;
101		cm::optional<std::string> Summary;
102		cm::optional<std::string> Description;
103		cm::optional<std::string> Comment;
104		cm::optional<cmSbomObject> CreationInfo;
105		cm::optional<cmSbomObject> VerifiedUsing;
106		std::vector<cmSbomObject> ExternalRef;
107		std::vector<cmSbomObject> ExternalIdentifier;
108		cm::optional<cmSbomObject> Extension;
109
110	0	cmSpdxElement() = default;
111	0	cmSpdxElement(cmSpdxElement const&) = default;
112	0	cmSpdxElement(cmSpdxElement&&) = default;
113		cmSpdxElement& operator=(cmSpdxElement const&) = default;
114		cmSpdxElement& operator=(cmSpdxElement&&) = default;
115
116	0	virtual ~cmSpdxElement() = default;
117		virtual void Serialize(cmSbomSerializer&) const;
118		};
119
120		struct cmSpdxTool final : cmSpdxElement
121		{
122		void Serialize(cmSbomSerializer&) const override;
123		};
124
125		struct cmSpdxAgent : cmSpdxElement
126		{
127		void Serialize(cmSbomSerializer&) const override;
128		};
129
130		struct cmSpdxOrganization final : cmSpdxAgent
131		{
132		void Serialize(cmSbomSerializer&) const override;
133		};
134
135		struct cmSpdxPerson final : cmSpdxAgent
136		{
137		void Serialize(cmSbomSerializer&) const override;
138		};
139
140		struct cmSpdxSoftwareAgent final : cmSpdxAgent
141		{
142		void Serialize(cmSbomSerializer&) const override;
143		};
144
145		struct cmSpdxPositiveIntegerRange
146		{
147		cm::optional<std::string> SpdxId;
148		cm::optional<std::string> BeginIntegerRange;
149		cm::optional<std::string> EndIntegerRange;
150
151		void Serialize(cmSbomSerializer&) const;
152		};
153
154		struct cmSpdxRelationship : cmSpdxElement
155		{
156		enum RelationshipTypeId
157		{
158		DESCRIBES,
159		CONTAINS,
160		DEPENDS_ON,
161		OTHER
162		};
163
164		cm::optional<cmSbomObject> From;
165		std::vector<cmSbomObject> To;
166		cm::optional<RelationshipTypeId> RelationshipType;
167		cm::optional<Datetime> StartTime;
168		cm::optional<Datetime> EndTime;
169
170		void Serialize(cmSbomSerializer&) const override;
171		};
172
173		struct cmSpdxLifecycleScopedRelationship final : cmSpdxRelationship
174		{
175		enum ScopeId
176		{
177		BUILD,
178		DESIGN,
179		RUNTIME,
180		TEST
181		};
182
183		cm::optional<ScopeId> Scope;
184
185		void Serialize(cmSbomSerializer&) const override;
186		};
187
188		struct cmSpdxArtifact : cmSpdxElement
189		{
190		enum SupportTypeId
191		{
192		COMMUNITY,
193		COMMERCIAL,
194		NONE
195		};
196
197		std::vector<cmSbomObject> OriginatedBy;
198		cm::optional<cmSbomObject> SuppliedBy;
199		cm::optional<Datetime> BuiltTime;
200		cm::optional<Datetime> ReleaseTime;
201		cm::optional<Datetime> ValidUntilTime;
202		cm::optional<std::string> StandardName;
203		cm::optional<SupportTypeId> Support;
204
205		void Serialize(cmSbomSerializer&) const override;
206		};
207
208		struct cmSpdxIndividualElement final : cmSpdxElement
209		{
210		void Serialize(cmSbomSerializer&) const override;
211		};
212
213		struct cmSpdxAnnotation final : cmSpdxElement
214		{
215		enum AnnotationTypeId
216		{
217		REVIEW,
218		OTHER
219		};
220
221		cm::optional<AnnotationTypeId> AnnotationType;
222		cm::optional<MediaType> ContentType;
223		cm::optional<std::string> Statement;
224		cm::optional<cmSbomObject> Element;
225
226		void Serialize(cmSbomSerializer&) const override;
227		};
228
229		struct cmSpdxExternalMap
230		{
231		cm::optional<std::string> SpdxId;
232		cm::optional<std::string> ExternalSpdxId;
233		cm::optional<cmSbomObject> VerifiedUsing;
234		cm::optional<std::string> LocationHistory;
235		cm::optional<cmSbomObject> DefiningArtifact;
236
237		void Serialize(cmSbomSerializer&) const;
238		};
239
240		struct cmSpdxNamespaceMap
241		{
242		cm::optional<std::string> SpdxId;
243		cm::optional<std::string> Prefix;
244		cm::optional<std::string> Namespace;
245
246		void Serialize(cmSbomSerializer&) const;
247		};
248
249		struct cmSpdxElementCollection : cmSpdxElement
250		{
251		std::vector<cmSbomObject> Elements;
252		std::vector<cmSbomObject> RootElements;
253		std::vector<std::string> ProfileConformance;
254
255		void Serialize(cmSbomSerializer&) const override;
256		};
257
258		struct cmSpdxPackageVerificationCode final : cmSpdxIntegrityMethod
259		{
260		cm::optional<HashAlgorithmId> Algorithm;
261		cm::optional<std::string> HashValue;
262		cm::optional<std::string> PackageVerificationCodeExcludedFile;
263
264		void Serialize(cmSbomSerializer&) const override;
265		};
266
267		struct cmSpdxHash final : cmSpdxIntegrityMethod
268		{
269		HashAlgorithmId HashAlgorithm;
270		std::string HashValue;
271
272		void Serialize(cmSbomSerializer&) const override;
273		};
274
275		struct cmSpdxBundle : cmSpdxElementCollection
276		{
277		cm::optional<std::string> Context;
278
279		void Serialize(cmSbomSerializer&) const override;
280		};
281
282		struct cmSpdxBom : cmSpdxBundle
283		{
284		void Serialize(cmSbomSerializer&) const override;
285		};
286
287		struct cmSpdxSbom final : cmSpdxBom
288		{
289		enum TypeId
290		{
291		ANALYZED,
292		BUILD,
293		DEPLOYED,
294		DESIGN,
295		RUNTIME,
296		SOURCE,
297		TEST
298		};
299
300		cm::optional<std::vector<TypeId>> Types;
301		cm::optional<TypeId> LifecycleScope;
302
303		void Serialize(cmSbomSerializer&) const override;
304		};
305
306		struct cmSpdxSoftwareArtifact : cmSpdxArtifact
307		{
308		enum PurposeId
309		{
310		APPLICATION,
311		ARCHIVE,
312		CONTAINER,
313		DATA,
314		DEVICE,
315		FIRMWARE,
316		FILE,
317		INSTALL,
318		LIBRARY,
319		MODULE,
320		OPERATING_SYSTEM,
321		SOURCE
322		};
323
324		cm::optional<PurposeId> PrimaryPurpose;
325		cm::optional<std::vector<PurposeId>> AdditionalPurpose;
326		cm::optional<std::string> CopyrightText;
327		cm::optional<std::string> AttributionText;
328		cm::optional<cmSbomObject> ContentIdentifier;
329		cm::optional<std::string> ArtifactSize;
330
331		void Serialize(cmSbomSerializer&) const override;
332		};
333
334		struct cmSpdxPackage final : cmSpdxSoftwareArtifact
335		{
336		cm::optional<std::string> DownloadLocation;
337		cm::optional<std::string> Homepage;
338		cm::optional<std::string> PackageVersion;
339		cm::optional<std::string> PackageUrl;
340		cm::optional<std::string> SourceInfo;
341
342		void Serialize(cmSbomSerializer&) const override;
343		};
344
345		struct cmSpdxDocument final : cmSpdxElementCollection
346		{
347		cm::optional<cmSbomObject> ExternalMap;
348		cm::optional<cmSbomObject> NamespaceMap;
349		std::string DataLicense;
350
351		void Serialize(cmSbomSerializer& serializer) const override;
352		};
353
354		struct cmSpdxContentIdentifier final : cmSpdxIntegrityMethod
355		{
356		cm::optional<std::string> ContentIdentifierType;
357		cm::optional<std::string> ContentValue;
358
359		void Serialize(cmSbomSerializer&) const override;
360		};
361
362		struct cmSpdxFile final : cmSpdxArtifact
363		{
364		enum FileKindId
365		{
366		DIRECTORY,
367		FILE
368		};
369		cm::optional<MediaType> ContentType;
370		cm::optional<FileKindId> FileType;
371
372		void Serialize(cmSbomSerializer&) const override;
373		};
374
375		struct cmSpdxSnippet final : cmSpdxSoftwareArtifact
376		{
377		cm::optional<std::string> ByteRange;
378		cm::optional<std::string> LineRange;
379		cm::optional<cmSbomObject> SnippetFromFile;
380
381		void Serialize(cmSbomSerializer&) const override;
382		};
383
384		struct cmSbomDocument
385		{
386		cm::optional<std::string> Context;
387		std::vector<cmSbomObject> Graph;
388
389		void Serialize(cmSbomSerializer&) const;
390		};