diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql index 14fa709330..bb2da854b4 100644 --- a/demo/graphql/queries-trustification.gql +++ b/demo/graphql/queries-trustification.gql @@ -380,3 +380,27 @@ query TC_1609_HasMetadata { } } } + +query TC_1757_Package_x86_64 { + packages (pkgSpec:{ + name:"openssl", + qualifiers: [ + {key:"arch", value:"src"}, + {key:"repository_id", value:"rhel-9-for-x86_64-baseos-eus-source-rpms"} + ] + }) { + ...allPkgTree + } +} + +query TC_1757_Package_aarch64 { + packages (pkgSpec:{ + name:"openssl", + qualifiers: [ + {key:"arch", value:"src"}, + {key:"repository_id", value:"rhel-9-for-aarch64-baseos-eus-source-rpms"} + ] + }) { + ...allPkgTree + } +} diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e index cddaa42872..e05bbeb34f 100755 --- a/internal/testing/e2e-trustification/e2e +++ b/internal/testing/e2e-trustification/e2e @@ -107,4 +107,15 @@ echo @@@@ Running TC_1609 queries and validating output cat "$queries" | gql-cli http://localhost:8080/query -o TC_1609_HasMetadata | jq 'del(.. | .id?) | .HasMetadata | sort ' > "${GUAC_DIR}/gotTC_1609_HasMetadata.json" diff -u "${SCRIPT_DIR}/expectTC_1609_HasMetadata.json" "${GUAC_DIR}/gotTC_1609_HasMetadata.json" +echo @@@@ Ingesting TC_1757_openssl-3.0.7-18.el9_2.spdx.json into server +time go run ./cmd/guacone collect files ${GUAC_DIR}/internal/testing/testdata/exampledata/TC_1757_openssl-3.0.7-18.el9_2.spdx.json; + +echo @@@@ Running TC_1757 queries and validating output + +cat "$queries" | gql-cli http://localhost:8080/query -o TC_1757_Package_x86_64 | jq 'del(.. | .id?) | .packages[].namespaces[]?.names[]?.versions[]?.qualifiers? |= sort | .packages ' > "${GUAC_DIR}/gotTC_1757_Package_x86_64.json" +diff -u "${SCRIPT_DIR}/expectTC_1757_Package_x86_64.json" "${GUAC_DIR}/gotTC_1757_Package_x86_64.json" + +cat "$queries" | gql-cli http://localhost:8080/query -o TC_1757_Package_aarch64 | jq 'del(.. | .id?) | .packages[].namespaces[]?.names[]?.versions[]?.qualifiers? |= sort | .packages ' > "${GUAC_DIR}/gotTC_1757_Package_aarch64.json" +diff -u "${SCRIPT_DIR}/expectTC_1757_Package_aarch64.json" "${GUAC_DIR}/gotTC_1757_Package_aarch64.json" + # Note: graphql_playground is left running, CI will clean it up diff --git a/internal/testing/e2e-trustification/expectTC_1757_Package_aarch64.json b/internal/testing/e2e-trustification/expectTC_1757_Package_aarch64.json new file mode 100644 index 0000000000..4b204cfbb8 --- /dev/null +++ b/internal/testing/e2e-trustification/expectTC_1757_Package_aarch64.json @@ -0,0 +1,31 @@ +[ + { + "type": "rpm", + "namespaces": [ + { + "namespace": "redhat", + "names": [ + { + "name": "openssl", + "versions": [ + { + "version": "3.0.7-18.el9_2", + "qualifiers": [ + { + "key": "arch", + "value": "src" + }, + { + "key": "repository_id", + "value": "rhel-9-for-aarch64-baseos-eus-source-rpms" + } + ], + "subpath": "" + } + ] + } + ] + } + ] + } +] diff --git a/internal/testing/e2e-trustification/expectTC_1757_Package_x86_64.json b/internal/testing/e2e-trustification/expectTC_1757_Package_x86_64.json new file mode 100644 index 0000000000..2bd63c3e1e --- /dev/null +++ b/internal/testing/e2e-trustification/expectTC_1757_Package_x86_64.json @@ -0,0 +1,31 @@ +[ + { + "type": "rpm", + "namespaces": [ + { + "namespace": "redhat", + "names": [ + { + "name": "openssl", + "versions": [ + { + "version": "3.0.7-18.el9_2", + "qualifiers": [ + { + "key": "arch", + "value": "src" + }, + { + "key": "repository_id", + "value": "rhel-9-for-x86_64-baseos-eus-source-rpms" + } + ], + "subpath": "" + } + ] + } + ] + } + ] + } +] diff --git a/internal/testing/testdata/exampledata/TC_1757_openssl-3.0.7-18.el9_2.spdx.json b/internal/testing/testdata/exampledata/TC_1757_openssl-3.0.7-18.el9_2.spdx.json new file mode 100644 index 0000000000..7cb67f53c2 --- /dev/null +++ b/internal/testing/testdata/exampledata/TC_1757_openssl-3.0.7-18.el9_2.spdx.json @@ -0,0 +1,1460 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2006-08-14T02:34:56-06:00", + "creators": [ + "Tool: example SPDX document only" + ] + }, + "name": "openssl-3.0.7-18.el9_2", + "documentNamespace": "https://www.redhat.com/openssl-3.0.7-18.el9_2.spdx.json", + "packages": [ + { + "SPDXID": "SPDXRef-SRPM", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.src.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-x86_64-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-ppc64le-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-s390x-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-aarch64-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-i686-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-x86_64-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-ppc64le-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-s390x-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-aarch64-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-i686-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-x86_64-baseos-e4s-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-ppc64le-baseos-e4s-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-s390x-baseos-e4s-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-aarch64-baseos-e4s-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src&repository_id=rhel-9-for-i686-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "31b5079268339cff7ba65a0aee77930560c5adef4b1b3f8f5927a43ee46a56d9" + } + ] + }, + { + "SPDXID": "SPDXRef-Source0-origin", + "name": "openssl", + "versionInfo": "3.0.7", + "downloadLocation": "https://openssl.org/source/openssl-3.0.7.tar.gz", + "packageFileName": "openssl-3.0.7.tar.gz", + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e" + } + ], + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:generic/openssl@3.0.7?download_url=https://openssl.org/source/openssl-3.0.7.tar.gz&checksum=sha256:83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e" + } + ] + }, + { + "SPDXID": "SPDXRef-Source0", + "name": "openssl", + "versionInfo": "3.0.7", + "downloadLocation": "https://github.com/(RH openssl midstream repo)/archive/refs/tags/3.0.7.tar.gz", + "packageFileName": "openssl-3.0.7-hobbled.tar.gz", + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "4105046836812ed422922f851a57500118a99cc0f009b7eff2b3436110393377" + } + ], + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:generic/openssl@3.0.7?download_url=https://github.com/(RH openssl midstream repo)/archive/refs/tags/3.0.7.tar.gz" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-perl", + "name": "openssl-perl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-perl-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "96e53b2da90ce5ad109ba659ce3ed1b5a819b108c95fc493f84847429898b2ed" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-debuginfo", + "name": "openssl-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debuginfo-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8721bc9673ccc43f729485aba48fd75a927305980f48ee9d0b79d06937b68d16" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-libs", + "name": "openssl-libs", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "cae5941219fd64e75c2b29509c6fe712bef77181a586702275a46a5e812d4dd4" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-libs-debuginfo", + "name": "openssl-libs-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-debuginfo-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "036985b5bd34712963e4a9009dd196e4f583479283d88b6e908a231aa5bddfae" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "aaafa61c115ec37bb3895e124216ce46774069e49f6178248df085708ecb3878" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-debugsource", + "name": "openssl-debugsource", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debugsource-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "036bd68632078d2b12e87f4541047823b5675d7e1141e56639cbc1e2e42c9f65" + } + ] + }, + { + "SPDXID": "SPDXRef-aarch64-openssl-devel", + "name": "openssl-devel", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-devel-3.0.7-18.el9_2.aarch64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=aarch64&repository_id=rhel-9-for-aarch64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "deff41d222f613c3292d1bd0256c793c7fc7d5a4d61a24fa81f23990123bd79d" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-perl", + "name": "openssl-perl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-perl-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "7ae23594204f2688d5b16be98782d5456080f55e6baf76172d8cb4e100c2507e" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-libs", + "name": "openssl-libs", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "6c35abfc44cc24048921fd519bbcdba0bc43cf45cdece57df99ede720600a686" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-devel", + "name": "openssl-devel", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-devel-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "b2e00a6e064e8efd9fac7b4633221ef5b3f49fb16e6eb2752cffae6965007cb7" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "10135a468b85a35b0373609ad48c50e71499d034c6f7e7455691b63f87105f12" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-debuginfo", + "name": "openssl-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debuginfo-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8e14cfaf5ae8bf1858b8d262b6d891dfdcc31378b6805345b8c1e08e4f0ce442" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-debugsource", + "name": "openssl-debugsource", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debugsource-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "d7de194a98e577ebaa0344c55002f83c2d22b52bf62cac22920759f2679e8124" + } + ] + }, + { + "SPDXID": "SPDXRef-ppc64le-openssl-libs-debuginfo", + "name": "openssl-libs-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-debuginfo-3.0.7-18.el9_2.ppc64le.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=ppc64le&repository_id=rhel-9-for-ppc64le-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "d6c29685fcd8a62504e223fcd4b520819118456cc65273e43c5fed19dd1d1a11" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-libs-debuginfo", + "name": "openssl-libs-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-debuginfo-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8897777ff03ce9308b8e7dd890e3c22c3b9f0da29d641d3844a52635ed926649" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-libs", + "name": "openssl-libs", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "ed85dfebb27dadf0d786da2aa15ce0dfbcb442ed38846360a82ab6abf7b71334" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-debugsource", + "name": "openssl-debugsource", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debugsource-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "d13f9f85d90d4d0e4f39bdc743f42dc064a6ca16e2cb85fe1695e8a08b9163b4" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-devel", + "name": "openssl-devel", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-devel-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "03d6054aafea54f4496f8c35550eec87f2ceb06566e3fd5eea0446bd91e3242e" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-debuginfo", + "name": "openssl-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debuginfo-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "02867d6b799b5ebc56f1f945a474f59c6b1a8430da4acf3fa35dae9cf992ea58" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "b7b39d8d7a960d75da6347206927e5a9bf33642148a0d291b0205f70eac8bf42" + } + ] + }, + { + "SPDXID": "SPDXRef-i686-openssl-perl", + "name": "openssl-perl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-perl-3.0.7-18.el9_2.i686.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=i686&repository_id=rhel-9-for-i686-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "d4732a4e60c831e1e8e4ddb89419a029accf2ee6dc1c2efe62e8bf20e97e2577" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-libs-debuginfo", + "name": "openssl-libs-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-debuginfo-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "596206f99a50ede734b1f989977b210289debcfdd972666bd0d5ba03e7afbf19" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-debuginfo", + "name": "openssl-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debuginfo-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "7fbdc911663e437e7be7e30f5bd87450f4ff38551ecbb3de27e362bb9f2ac2aa" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-debugsource", + "name": "openssl-debugsource", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debugsource-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "96e137f9561e7669417fe5998ec2aa6ba55a67aef0c2c205eede5a5a5941e8ac" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-perl", + "name": "openssl-perl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-perl-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "403624aed89502e17352b50f00c413104c9be31307477d02c3a7ae78cfcb1ca4" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-libs", + "name": "openssl-libs", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "73e869a62715910bdec02ee3f0275a81ca96f539a07aced314182b6f4dc8c828" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "96045880ef4a2167abe9ea14f2b325402996a7671df8f594924dc24b6c2263e4" + } + ] + }, + { + "SPDXID": "SPDXRef-x86_64-openssl-devel", + "name": "openssl-devel", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-devel-3.0.7-18.el9_2.x86_64.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=x86_64&repository_id=rhel-9-for-x86_64-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "72f42e7c9ade55a24d3c53f4370d5d6d3b2fe99a4735d564825556ccd4cc1df3" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-libs-debuginfo", + "name": "openssl-libs-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-debuginfo-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "bc5de92a3830cd99f7d291ccaafb5fd640127c8c1c925231e1e37d060a69563f" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-libs", + "name": "openssl-libs", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-libs-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "0543b42f6491762fab8defbc6ec68a30d8e17e2f55e50b29095c382a6ad5baf1" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-debugsource", + "name": "openssl-debugsource", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debugsource-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-source-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-source-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "90ca984f844882a5c0678887851cc58be90a187c65ef010b866791c40116f7fc" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-devel", + "name": "openssl-devel", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-devel-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "4a8588e587337d65cd2da98b0ba813a1e178a9b515c82bbc7fe96f1ba749b8fc" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-debuginfo", + "name": "openssl-debuginfo", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-debuginfo-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-debug-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-debug-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "0a2a6b1409b045894d15c1b05ff5be2c1feba0b2b5f2d3bbac9d2e44c93f0583" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl", + "name": "openssl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "11c42421e6d07bca92122575ac023016471383f58575b2dd478a19e0ba7ce4db" + } + ] + }, + { + "SPDXID": "SPDXRef-s390x-openssl-perl", + "name": "openssl-perl", + "versionInfo": "3.0.7-18.el9_2", + "supplier": "Organization: Red Hat", + "downloadLocation": "NOASSERTION", + "packageFileName": "openssl-perl-3.0.7-18.el9_2.s390x.rpm", + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-eus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-aus-rpms" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2?arch=s390x&repository_id=rhel-9-for-s390x-baseos-e4s-rpms" + } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "6f885dd8acf32d367528f47f0289a04035fddc1eb83b720bc6889293b94892fc" + } + ] + } + ], + "files": [], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-Source0", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-Source0-origin" + }, + { + "spdxElementId": "SPDXRef-SRPM", + "relationshipType": "CONTAINS", + "relatedSpdxElement": "SPDXRef-Source0" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-perl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-libs", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-libs-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-debugsource", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-aarch64-openssl-devel", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-perl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-libs", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-devel", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-debugsource", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-ppc64le-openssl-libs-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-libs-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-libs", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-debugsource", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-devel", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-i686-openssl-perl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-libs-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-debugsource", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-perl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-libs", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-x86_64-openssl-devel", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-libs-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-libs", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-debugsource", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-devel", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-debuginfo", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + }, + { + "spdxElementId": "SPDXRef-s390x-openssl-perl", + "relationshipType": "GENERATED_FROM", + "relatedSpdxElement": "SPDXRef-SRPM" + } + ] +} \ No newline at end of file diff --git a/pkg/ingestor/parser/spdx/parse_spdx.go b/pkg/ingestor/parser/spdx/parse_spdx.go index 0748fc8d65..79b2f58e1f 100644 --- a/pkg/ingestor/parser/spdx/parse_spdx.go +++ b/pkg/ingestor/parser/spdx/parse_spdx.go @@ -117,27 +117,29 @@ func (s *spdxParser) getPackages() error { for _, pac := range s.spdxDoc.Packages { // for each package create a package for each of them - purl := "" + purls := make([]string, 0) for _, ext := range pac.PackageExternalReferences { if ext.RefType == spdx_common.TypePackageManagerPURL { - purl = ext.Locator + purls = append(purls, ext.Locator) } } - if purl == "" { - purl = asmhelpers.GuacPkgPurl(pac.PackageName, &pac.PackageVersion) + if len(purls) == 0 { + purls = append(purls, asmhelpers.GuacPkgPurl(pac.PackageName, &pac.PackageVersion)) } - s.identifierStrings.PurlStrings = append(s.identifierStrings.PurlStrings, purl) + s.identifierStrings.PurlStrings = append(s.identifierStrings.PurlStrings, purls...) - pkg, err := asmhelpers.PurlToPkg(purl) - if err != nil { - return err - } + for _, purl := range purls { + pkg, err := asmhelpers.PurlToPkg(purl) + if err != nil { + return err + } - if slices.Contains(topLevelSpdxIds, string(pac.PackageSPDXIdentifier)) { - s.topLevelPackages[string(s.spdxDoc.SPDXIdentifier)] = append(s.topLevelPackages[string(s.spdxDoc.SPDXIdentifier)], pkg) + if slices.Contains(topLevelSpdxIds, string(pac.PackageSPDXIdentifier)) { + s.topLevelPackages[string(s.spdxDoc.SPDXIdentifier)] = append(s.topLevelPackages[string(s.spdxDoc.SPDXIdentifier)], pkg) + } + s.packagePackages[string(pac.PackageSPDXIdentifier)] = append(s.packagePackages[string(pac.PackageSPDXIdentifier)], pkg) } - s.packagePackages[string(pac.PackageSPDXIdentifier)] = append(s.packagePackages[string(pac.PackageSPDXIdentifier)], pkg) // if checksums exists create an artifact for each of them for _, checksum := range pac.PackageChecksums { diff --git a/pkg/ingestor/parser/spdx/parse_spdx_test.go b/pkg/ingestor/parser/spdx/parse_spdx_test.go index 7ede32f30a..401772b15c 100644 --- a/pkg/ingestor/parser/spdx/parse_spdx_test.go +++ b/pkg/ingestor/parser/spdx/parse_spdx_test.go @@ -1198,6 +1198,125 @@ func Test_spdxParser(t *testing.T) { }, wantErr: false, }, + { + name: "SPDX with multiple referenceType=purl for a single package", + additionalOpts: []cmp.Option{ + cmpopts.IgnoreFields(assembler.HasSBOMIngest{}, + "HasSBOM"), + }, + doc: &processor.Document{ + Blob: []byte(` + { + "spdxVersion": "SPDX-2.3", + "SPDXID":"SPDXRef-DOCUMENT", + "name":"openssl-3.0.7-18.el9_2", + "creationInfo": { "created": "2023-01-01T01:01:01.00Z" }, + "packages":[ + { + "SPDXID":"SPDXRef-SRPM", + "name":"openssl", + "versionInfo": "3.0.7-18.el9_2", + "packageFileName": "openssl-3.0.7-18.el9_2.src.rpm", + "externalRefs":[ + { + "referenceCategory":"PACKAGE_MANAGER", + "referenceLocator":"pkg:rpm/redhat/openssl@3.0.7-18.el9_2?repository_id=rhel-9-baseos-eus", + "referenceType":"purl" + }, + { + "referenceCategory":"PACKAGE_MANAGER", + "referenceLocator":"pkg:rpm/redhat/openssl@3.0.7-18.el9_2?repository_id=rhel-9-baseos-tus", + "referenceType":"purl" + } + ] + } + ], + "relationships":[ + { + "spdxElementId":"SPDXRef-DOCUMENT", + "relationshipType":"PACKAGE_OF", + "relatedSpdxElement":"SPDXRef-SRPM" + } + ] + } + `), + Format: processor.FormatJSON, + Type: processor.DocumentSPDX, + SourceInformation: processor.SourceInformation{ + Collector: "TestCollector", + Source: "TestSource", + }, + }, + wantPredicates: &assembler.IngestPredicates{ + IsDependency: []assembler.IsDependencyIngest{ + { + Pkg: &generated.PkgInputSpec{ + Type: "guac", + Namespace: &packageOfns, + Name: "openssl-3.0.7-18.el9_2", + Version: &packageOfEmptyString, + Subpath: &packageOfEmptyString, + }, + DepPkg: &generated.PkgInputSpec{ + Type: "rpm", + Namespace: ptrfrom.String("redhat"), + Name: "openssl", + Version: ptrfrom.String("3.0.7-18.el9_2"), + Qualifiers: []generated.PackageQualifierInputSpec{ + {Key: "repository_id", Value: "rhel-9-baseos-eus"}, + }, + Subpath: &packageOfEmptyString, + }, + IsDependency: &generated.IsDependencyInputSpec{ + DependencyType: "UNKNOWN", + Justification: "top-level package GUAC heuristic connecting to each file/package", + }, + }, + { + Pkg: &generated.PkgInputSpec{ + Type: "guac", + Namespace: &packageOfns, + Name: "openssl-3.0.7-18.el9_2", + Version: &packageOfEmptyString, + Subpath: &packageOfEmptyString, + }, + DepPkg: &generated.PkgInputSpec{ + Type: "rpm", + Namespace: ptrfrom.String("redhat"), + Name: "openssl", + Version: ptrfrom.String("3.0.7-18.el9_2"), + Qualifiers: []generated.PackageQualifierInputSpec{ + {Key: "repository_id", Value: "rhel-9-baseos-tus"}, + }, + Subpath: &packageOfEmptyString, + }, + IsDependency: &generated.IsDependencyInputSpec{ + DependencyType: "UNKNOWN", + Justification: "top-level package GUAC heuristic connecting to each file/package", + }, + }, + }, + + HasSBOM: []assembler.HasSBOMIngest{ + { + Pkg: &generated.PkgInputSpec{ + Type: "guac", + Namespace: &packageOfns, + Name: "openssl-3.0.7-18.el9_2", + Version: &packageOfEmptyString, + Subpath: &packageOfEmptyString, + }, + HasSBOM: &generated.HasSBOMInputSpec{ + Uri: "https://anchore.com/syft/image/alpine-latest-e78eca08-d9f4-49c7-97e0-6d4b9bfa99c2", + Algorithm: "sha256", + Digest: "ba096464061993bbbdfc30a26b42cd8beb1bfff301726fe6c58cb45d468c7648", + DownloadLocation: "TestSource", + }, + }, + }, + }, + wantErr: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {