/src/CMake/Source/cmSpdx.h

Source
/* Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
   file LICENSE.rst or https://cmake.org/licensing for details.  */
#pragma once
#include <string>
#include <vector>

#include <cm/optional>

#include "cmSbomObject.h"

class cmSbomSerializer;

using Datetime = std::string;
using MediaType = std::string;
using SemVer = std::string;

struct cmSpdxExternalIdentifier
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalIdentifierType;
  cm::optional<std::string> Identifier;
  cm::optional<std::string> Comment;
  cm::optional<std::string> IdentifierLocation;
  cm::optional<std::string> IssuingAuthority;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxExternalRef
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalRefType;
  cm::optional<std::string> Locator;
  cm::optional<std::string> ContentType;
  cm::optional<std::string> Comment;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxCreationInfo
{
  cm::optional<std::string> Id;
  cm::optional<std::string> SpdxId;
  cm::optional<SemVer> SpecVersion;
  cm::optional<std::string> Comment;
  cm::optional<Datetime> Created;
  std::vector<std::string> CreatedBy;
  std::vector<cmSbomObject> CreatedUsing;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxIntegrityMethod
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Comment;

  enum HashAlgorithmId
  {
    ADLER32,
    BLAKE2B256,
    BLAKE2B384,
    BLAKE2B512,
    BLAKE3,
    MD2,
    MD4,
    MD5,
    MD6,
    SHA1,
    SHA224,
    SHA256,
    SHA384,
    SHA512,
    SHA3_256,
    SHA3_384,
    SHA3_512,
  };

  cmSpdxIntegrityMethod() = default;
  cmSpdxIntegrityMethod(cmSpdxIntegrityMethod const&) = default;
  cmSpdxIntegrityMethod(cmSpdxIntegrityMethod&&) = default;
  cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod const&) = default;
  cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod&&) = default;

  virtual void Serialize(cmSbomSerializer&) const;
  virtual ~cmSpdxIntegrityMethod() = default;
};

struct cmSpdxChecksum
{
  cm::optional<std::string> SpdxId;
  cmSpdxIntegrityMethod::HashAlgorithmId Algorithm;
  std::string ChecksumValue;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxElement
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Name;
  cm::optional<std::string> Summary;
  cm::optional<std::string> Description;
  cm::optional<std::string> Comment;
  cm::optional<cmSbomObject> CreationInfo;
  cm::optional<cmSbomObject> VerifiedUsing;
  std::vector<cmSbomObject> ExternalRef;
  std::vector<cmSbomObject> ExternalIdentifier;
  cm::optional<cmSbomObject> Extension;

  cmSpdxElement() = default;
  cmSpdxElement(cmSpdxElement const&) = default;
  cmSpdxElement(cmSpdxElement&&) = default;
  cmSpdxElement& operator=(cmSpdxElement const&) = default;
  cmSpdxElement& operator=(cmSpdxElement&&) = default;

  virtual ~cmSpdxElement() = default;
  virtual void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxTool final : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxAgent : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxOrganization final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPerson final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSoftwareAgent final : cmSpdxAgent
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPositiveIntegerRange
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> BeginIntegerRange;
  cm::optional<std::string> EndIntegerRange;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxRelationship : cmSpdxElement
{
  enum RelationshipTypeId
  {
    DESCRIBES,
    CONTAINS,
    DEPENDS_ON,
    OTHER
  };

  cm::optional<cmSbomObject> From;
  std::vector<cmSbomObject> To;
  cm::optional<RelationshipTypeId> RelationshipType;
  cm::optional<Datetime> StartTime;
  cm::optional<Datetime> EndTime;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxLifecycleScopedRelationship final : cmSpdxRelationship
{
  enum ScopeId
  {
    BUILD,
    DESIGN,
    RUNTIME,
    TEST
  };

  cm::optional<ScopeId> Scope;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxArtifact : cmSpdxElement
{
  enum SupportTypeId
  {
    COMMUNITY,
    COMMERCIAL,
    NONE
  };

  std::vector<cmSbomObject> OriginatedBy;
  cm::optional<cmSbomObject> SuppliedBy;
  cm::optional<Datetime> BuiltTime;
  cm::optional<Datetime> ReleaseTime;
  cm::optional<Datetime> ValidUntilTime;
  cm::optional<std::string> StandardName;
  cm::optional<SupportTypeId> Support;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxIndividualElement final : cmSpdxElement
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxAnnotation final : cmSpdxElement
{
  enum AnnotationTypeId
  {
    REVIEW,
    OTHER
  };

  cm::optional<AnnotationTypeId> AnnotationType;
  cm::optional<MediaType> ContentType;
  cm::optional<std::string> Statement;
  cm::optional<cmSbomObject> Element;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxExternalMap
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> ExternalSpdxId;
  cm::optional<cmSbomObject> VerifiedUsing;
  cm::optional<std::string> LocationHistory;
  cm::optional<cmSbomObject> DefiningArtifact;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxNamespaceMap
{
  cm::optional<std::string> SpdxId;
  cm::optional<std::string> Prefix;
  cm::optional<std::string> Namespace;

  void Serialize(cmSbomSerializer&) const;
};

struct cmSpdxElementCollection : cmSpdxElement
{
  std::vector<cmSbomObject> Elements;
  std::vector<cmSbomObject> RootElements;
  std::vector<std::string> ProfileConformance;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPackageVerificationCode final : cmSpdxIntegrityMethod
{
  cm::optional<HashAlgorithmId> Algorithm;
  cm::optional<std::string> HashValue;
  cm::optional<std::string> PackageVerificationCodeExcludedFile;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxHash final : cmSpdxIntegrityMethod
{
  HashAlgorithmId HashAlgorithm;
  std::string HashValue;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxBundle : cmSpdxElementCollection
{
  cm::optional<std::string> Context;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxBom : cmSpdxBundle
{
  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSbom final : cmSpdxBom
{
  enum TypeId
  {
    ANALYZED,
    BUILD,
    DEPLOYED,
    DESIGN,
    RUNTIME,
    SOURCE,
    TEST
  };

  cm::optional<std::vector<TypeId>> Types;
  cm::optional<TypeId> LifecycleScope;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSoftwareArtifact : cmSpdxArtifact
{
  enum PurposeId
  {
    APPLICATION,
    ARCHIVE,
    CONTAINER,
    DATA,
    DEVICE,
    FIRMWARE,
    FILE,
    INSTALL,
    LIBRARY,
    MODULE,
    OPERATING_SYSTEM,
    SOURCE
  };

  cm::optional<PurposeId> PrimaryPurpose;
  cm::optional<std::vector<PurposeId>> AdditionalPurpose;
  cm::optional<std::string> CopyrightText;
  cm::optional<std::string> AttributionText;
  cm::optional<cmSbomObject> ContentIdentifier;
  cm::optional<std::string> ArtifactSize;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxPackage final : cmSpdxSoftwareArtifact
{
  cm::optional<std::string> DownloadLocation;
  cm::optional<std::string> Homepage;
  cm::optional<std::string> PackageVersion;
  cm::optional<std::string> PackageUrl;
  cm::optional<std::string> SourceInfo;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxDocument final : cmSpdxElementCollection
{
  cm::optional<cmSbomObject> ExternalMap;
  cm::optional<cmSbomObject> NamespaceMap;
  std::string DataLicense;

  void Serialize(cmSbomSerializer& serializer) const override;
};

struct cmSpdxContentIdentifier final : cmSpdxIntegrityMethod
{
  cm::optional<std::string> ContentIdentifierType;
  cm::optional<std::string> ContentValue;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxFile final : cmSpdxArtifact
{
  enum FileKindId
  {
    DIRECTORY,
    FILE
  };
  cm::optional<MediaType> ContentType;
  cm::optional<FileKindId> FileType;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSpdxSnippet final : cmSpdxSoftwareArtifact
{
  cm::optional<std::string> ByteRange;
  cm::optional<std::string> LineRange;
  cm::optional<cmSbomObject> SnippetFromFile;

  void Serialize(cmSbomSerializer&) const override;
};

struct cmSbomDocument
{
  cm::optional<std::string> Context;
  std::vector<cmSbomObject> Graph;

  void Serialize(cmSbomSerializer&) const;
};

Coverage Report

Created: 2026-03-12 06:35

Line	Count	Source
1		/* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
2		file LICENSE.rst or https://cmake.org/licensing for details. */
3		#pragma once
4		#include <string>
5		#include <vector>
6
7		#include <cm/optional>
8
9		#include "cmSbomObject.h"
10
11		class cmSbomSerializer;
12
13		using Datetime = std::string;
14		using MediaType = std::string;
15		using SemVer = std::string;
16
17		struct cmSpdxExternalIdentifier
18		{
19		cm::optional<std::string> SpdxId;
20		cm::optional<std::string> ExternalIdentifierType;
21		cm::optional<std::string> Identifier;
22		cm::optional<std::string> Comment;
23		cm::optional<std::string> IdentifierLocation;
24		cm::optional<std::string> IssuingAuthority;
25
26		void Serialize(cmSbomSerializer&) const;
27		};
28
29		struct cmSpdxExternalRef
30		{
31		cm::optional<std::string> SpdxId;
32		cm::optional<std::string> ExternalRefType;
33		cm::optional<std::string> Locator;
34		cm::optional<std::string> ContentType;
35		cm::optional<std::string> Comment;
36
37		void Serialize(cmSbomSerializer&) const;
38		};
39
40		struct cmSpdxCreationInfo
41		{
42		cm::optional<std::string> Id;
43		cm::optional<std::string> SpdxId;
44		cm::optional<SemVer> SpecVersion;
45		cm::optional<std::string> Comment;
46		cm::optional<Datetime> Created;
47		std::vector<std::string> CreatedBy;
48		std::vector<cmSbomObject> CreatedUsing;
49
50		void Serialize(cmSbomSerializer&) const;
51		};
52
53		struct cmSpdxIntegrityMethod
54		{
55		cm::optional<std::string> SpdxId;
56		cm::optional<std::string> Comment;
57
58		enum HashAlgorithmId
59		{
60		ADLER32,
61		BLAKE2B256,
62		BLAKE2B384,
63		BLAKE2B512,
64		BLAKE3,
65		MD2,
66		MD4,
67		MD5,
68		MD6,
69		SHA1,
70		SHA224,
71		SHA256,
72		SHA384,
73		SHA512,
74		SHA3_256,
75		SHA3_384,
76		SHA3_512,
77		};
78
79		cmSpdxIntegrityMethod() = default;
80		cmSpdxIntegrityMethod(cmSpdxIntegrityMethod const&) = default;
81		cmSpdxIntegrityMethod(cmSpdxIntegrityMethod&&) = default;
82		cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod const&) = default;
83		cmSpdxIntegrityMethod& operator=(cmSpdxIntegrityMethod&&) = default;
84
85		virtual void Serialize(cmSbomSerializer&) const;
86	0	virtual ~cmSpdxIntegrityMethod() = default;
87		};
88
89		struct cmSpdxChecksum
90		{
91		cm::optional<std::string> SpdxId;
92		cmSpdxIntegrityMethod::HashAlgorithmId Algorithm;
93		std::string ChecksumValue;
94
95		void Serialize(cmSbomSerializer&) const;
96		};
97
98		struct cmSpdxElement
99		{
100		cm::optional<std::string> SpdxId;
101		cm::optional<std::string> Name;
102		cm::optional<std::string> Summary;
103		cm::optional<std::string> Description;
104		cm::optional<std::string> Comment;
105		cm::optional<cmSbomObject> CreationInfo;
106		cm::optional<cmSbomObject> VerifiedUsing;
107		std::vector<cmSbomObject> ExternalRef;
108		std::vector<cmSbomObject> ExternalIdentifier;
109		cm::optional<cmSbomObject> Extension;
110
111	0	cmSpdxElement() = default;
112	0	cmSpdxElement(cmSpdxElement const&) = default;
113	0	cmSpdxElement(cmSpdxElement&&) = default;
114		cmSpdxElement& operator=(cmSpdxElement const&) = default;
115		cmSpdxElement& operator=(cmSpdxElement&&) = default;
116
117	0	virtual ~cmSpdxElement() = default;
118		virtual void Serialize(cmSbomSerializer&) const;
119		};
120
121		struct cmSpdxTool final : cmSpdxElement
122		{
123		void Serialize(cmSbomSerializer&) const override;
124		};
125
126		struct cmSpdxAgent : cmSpdxElement
127		{
128		void Serialize(cmSbomSerializer&) const override;
129		};
130
131		struct cmSpdxOrganization final : cmSpdxAgent
132		{
133		void Serialize(cmSbomSerializer&) const override;
134		};
135
136		struct cmSpdxPerson final : cmSpdxAgent
137		{
138		void Serialize(cmSbomSerializer&) const override;
139		};
140
141		struct cmSpdxSoftwareAgent final : cmSpdxAgent
142		{
143		void Serialize(cmSbomSerializer&) const override;
144		};
145
146		struct cmSpdxPositiveIntegerRange
147		{
148		cm::optional<std::string> SpdxId;
149		cm::optional<std::string> BeginIntegerRange;
150		cm::optional<std::string> EndIntegerRange;
151
152		void Serialize(cmSbomSerializer&) const;
153		};
154
155		struct cmSpdxRelationship : cmSpdxElement
156		{
157		enum RelationshipTypeId
158		{
159		DESCRIBES,
160		CONTAINS,
161		DEPENDS_ON,
162		OTHER
163		};
164
165		cm::optional<cmSbomObject> From;
166		std::vector<cmSbomObject> To;
167		cm::optional<RelationshipTypeId> RelationshipType;
168		cm::optional<Datetime> StartTime;
169		cm::optional<Datetime> EndTime;
170
171		void Serialize(cmSbomSerializer&) const override;
172		};
173
174		struct cmSpdxLifecycleScopedRelationship final : cmSpdxRelationship
175		{
176		enum ScopeId
177		{
178		BUILD,
179		DESIGN,
180		RUNTIME,
181		TEST
182		};
183
184		cm::optional<ScopeId> Scope;
185
186		void Serialize(cmSbomSerializer&) const override;
187		};
188
189		struct cmSpdxArtifact : cmSpdxElement
190		{
191		enum SupportTypeId
192		{
193		COMMUNITY,
194		COMMERCIAL,
195		NONE
196		};
197
198		std::vector<cmSbomObject> OriginatedBy;
199		cm::optional<cmSbomObject> SuppliedBy;
200		cm::optional<Datetime> BuiltTime;
201		cm::optional<Datetime> ReleaseTime;
202		cm::optional<Datetime> ValidUntilTime;
203		cm::optional<std::string> StandardName;
204		cm::optional<SupportTypeId> Support;
205
206		void Serialize(cmSbomSerializer&) const override;
207		};
208
209		struct cmSpdxIndividualElement final : cmSpdxElement
210		{
211		void Serialize(cmSbomSerializer&) const override;
212		};
213
214		struct cmSpdxAnnotation final : cmSpdxElement
215		{
216		enum AnnotationTypeId
217		{
218		REVIEW,
219		OTHER
220		};
221
222		cm::optional<AnnotationTypeId> AnnotationType;
223		cm::optional<MediaType> ContentType;
224		cm::optional<std::string> Statement;
225		cm::optional<cmSbomObject> Element;
226
227		void Serialize(cmSbomSerializer&) const override;
228		};
229
230		struct cmSpdxExternalMap
231		{
232		cm::optional<std::string> SpdxId;
233		cm::optional<std::string> ExternalSpdxId;
234		cm::optional<cmSbomObject> VerifiedUsing;
235		cm::optional<std::string> LocationHistory;
236		cm::optional<cmSbomObject> DefiningArtifact;
237
238		void Serialize(cmSbomSerializer&) const;
239		};
240
241		struct cmSpdxNamespaceMap
242		{
243		cm::optional<std::string> SpdxId;
244		cm::optional<std::string> Prefix;
245		cm::optional<std::string> Namespace;
246
247		void Serialize(cmSbomSerializer&) const;
248		};
249
250		struct cmSpdxElementCollection : cmSpdxElement
251		{
252		std::vector<cmSbomObject> Elements;
253		std::vector<cmSbomObject> RootElements;
254		std::vector<std::string> ProfileConformance;
255
256		void Serialize(cmSbomSerializer&) const override;
257		};
258
259		struct cmSpdxPackageVerificationCode final : cmSpdxIntegrityMethod
260		{
261		cm::optional<HashAlgorithmId> Algorithm;
262		cm::optional<std::string> HashValue;
263		cm::optional<std::string> PackageVerificationCodeExcludedFile;
264
265		void Serialize(cmSbomSerializer&) const override;
266		};
267
268		struct cmSpdxHash final : cmSpdxIntegrityMethod
269		{
270		HashAlgorithmId HashAlgorithm;
271		std::string HashValue;
272
273		void Serialize(cmSbomSerializer&) const override;
274		};
275
276		struct cmSpdxBundle : cmSpdxElementCollection
277		{
278		cm::optional<std::string> Context;
279
280		void Serialize(cmSbomSerializer&) const override;
281		};
282
283		struct cmSpdxBom : cmSpdxBundle
284		{
285		void Serialize(cmSbomSerializer&) const override;
286		};
287
288		struct cmSpdxSbom final : cmSpdxBom
289		{
290		enum TypeId
291		{
292		ANALYZED,
293		BUILD,
294		DEPLOYED,
295		DESIGN,
296		RUNTIME,
297		SOURCE,
298		TEST
299		};
300
301		cm::optional<std::vector<TypeId>> Types;
302		cm::optional<TypeId> LifecycleScope;
303
304		void Serialize(cmSbomSerializer&) const override;
305		};
306
307		struct cmSpdxSoftwareArtifact : cmSpdxArtifact
308		{
309		enum PurposeId
310		{
311		APPLICATION,
312		ARCHIVE,
313		CONTAINER,
314		DATA,
315		DEVICE,
316		FIRMWARE,
317		FILE,
318		INSTALL,
319		LIBRARY,
320		MODULE,
321		OPERATING_SYSTEM,
322		SOURCE
323		};
324
325		cm::optional<PurposeId> PrimaryPurpose;
326		cm::optional<std::vector<PurposeId>> AdditionalPurpose;
327		cm::optional<std::string> CopyrightText;
328		cm::optional<std::string> AttributionText;
329		cm::optional<cmSbomObject> ContentIdentifier;
330		cm::optional<std::string> ArtifactSize;
331
332		void Serialize(cmSbomSerializer&) const override;
333		};
334
335		struct cmSpdxPackage final : cmSpdxSoftwareArtifact
336		{
337		cm::optional<std::string> DownloadLocation;
338		cm::optional<std::string> Homepage;
339		cm::optional<std::string> PackageVersion;
340		cm::optional<std::string> PackageUrl;
341		cm::optional<std::string> SourceInfo;
342
343		void Serialize(cmSbomSerializer&) const override;
344		};
345
346		struct cmSpdxDocument final : cmSpdxElementCollection
347		{
348		cm::optional<cmSbomObject> ExternalMap;
349		cm::optional<cmSbomObject> NamespaceMap;
350		std::string DataLicense;
351
352		void Serialize(cmSbomSerializer& serializer) const override;
353		};
354
355		struct cmSpdxContentIdentifier final : cmSpdxIntegrityMethod
356		{
357		cm::optional<std::string> ContentIdentifierType;
358		cm::optional<std::string> ContentValue;
359
360		void Serialize(cmSbomSerializer&) const override;
361		};
362
363		struct cmSpdxFile final : cmSpdxArtifact
364		{
365		enum FileKindId
366		{
367		DIRECTORY,
368		FILE
369		};
370		cm::optional<MediaType> ContentType;
371		cm::optional<FileKindId> FileType;
372
373		void Serialize(cmSbomSerializer&) const override;
374		};
375
376		struct cmSpdxSnippet final : cmSpdxSoftwareArtifact
377		{
378		cm::optional<std::string> ByteRange;
379		cm::optional<std::string> LineRange;
380		cm::optional<cmSbomObject> SnippetFromFile;
381
382		void Serialize(cmSbomSerializer&) const override;
383		};
384
385		struct cmSbomDocument
386		{
387		cm::optional<std::string> Context;
388		std::vector<cmSbomObject> Graph;
389
390		void Serialize(cmSbomSerializer&) const;
391		};