File Coverage

blib/lib/SBOM/CycloneDX/Util.pm

Criterion	Covered	Total	%
statement	27	47	57.4
branch	2	8	25.0
condition	0	2	0.0
subroutine	9	15	60.0
pod	7	7	100.0
total	45	79	56.9

line	stmt	bran	cond	sub	pod	time	code
1							package SBOM::CycloneDX::Util;
2
3	16			16		1744194	use 5.010001;
	16					66
4	16			16		99	use strict;
	16					32
	16					683
5	16			16		80	use warnings;
	16					109
	16					1078
6	16			16		6802	use utf8;
	16					4262
	16					146
7
8	16			16		607	use Carp;
	16					34
	16					1245
9	16			16		9586	use UUID::Tiny ':std';
	16					363910
	16					4562
10
11	16			16		159	use Exporter qw(import);
	16					84
	16					15123
12
13							our @EXPORT = qw(
14							urn_uuid urn_cdx
15							cpan_meta_to_spdx_license
16							cyclonedx_tool cyclonedx_component
17							file_read file_write
18							);
19
20							require SBOM::CycloneDX::Component;
21							require SBOM::CycloneDX::ExternalReference;
22							require SBOM::CycloneDX::License;
23							require SBOM::CycloneDX::Tool;
24
25
26							my %CPAN_META_SPEC_LICENSE_MAPPING = (
27
28							# CPAN::Meta::Spec licenses
29
30							# license \| SPDX \| Description
31							# -----------------\|-------------------------------------------\|--------------------------------
32
33							agpl_3 => 'AGPL-3.0', # GNU Affero General Public License, Version 3
34							apache_1_1 => 'Apache-1.1', # Apache Software License, Version 1.1
35							apache_2_0 => 'Apache-2.0', # Apache License, Version 2.0
36							artistic_1 => 'Artistic-1.0', # Artistic License, (Version 1)
37							artistic_2 => 'Artistic-2.0', # Artistic License, Version 2.0
38							bsd => 'BSD-3-Clause', # BSD License (three-clause)
39							freebsd => 'BSD-2-Clause-FreeBSD', # FreeBSD License (two-clause)
40							gfdl_1_2 => 'GFDL-1.2-or-later', # GNU Free Documentation License, Version 1.2
41							gfdl_1_3 => 'GFDL-1.3-or-later', # GNU Free Documentation License, Version 1.3
42							gpl_1 => 'GPL-1.0-only', # GNU General Public License, Version 1
43							gpl_2 => 'GPL-2.0-only', # GNU General Public License, Version 2
44							gpl_3 => 'GPL-3.0-only', # GNU General Public License, Version 3
45							lgpl_2_1 => 'LGPL-2.1', # GNU Lesser General Public License, Version 2.1
46							lgpl_3_0 => 'LGPL-3.0', # GNU Lesser General Public License, Version 3.0
47							mit => 'MIT', # MIT (aka X11) License
48							mozilla_1_0 => 'MPL-1.0', # Mozilla Public License, Version 1.0
49							mozilla_1_1 => 'MPL-1.1', # Mozilla Public License, Version 1.1
50							openssl => 'OpenSSL', # OpenSSL License
51							perl_5 => 'Artistic-1.0-Perl OR GPL-1.0-or-later', # The Perl 5 License (Artistic 1 & GPL 1 or later)
52							qpl_1_0 => 'QPL-1.0', # Q Public License, Version 1.0
53							ssleay => 'SSLeay-standalone', # Original SSLeay License
54							sun => 'SISSL', # Sun Internet Standards Source License (SISSL)
55							zlib => 'Zlib', # zlib License
56
57
58							# Additional license (from CPAN::Meta::Spec)
59							#
60							# The following license strings are also valid and indicate other licensing not described above:
61							#
62							# license \| SPDX \| Description
63							# -----------------\|-------------------------------------------\|--------------------------------
64
65							open_source => 'NOASSERTION', # Other Open Source Initiative (OSI) approved license
66							restricted => 'NOASSERTION', # Requires special permission from copyright holder
67							unrestricted => 'CC0-1.0', # Not an OSI approved license, but not restricted
68							unknown => 'NONE', # License not provided in metadata
69							);
70
71	6			6	1	38	sub urn_uuid { sprintf 'urn:uuid:%s', create_uuid_as_string(UUID_V4) }
72	0			0	1	0	sub urn_cdx { sprintf 'urn:cdx:%s', create_uuid_as_string(UUID_V4) }
73
74							sub cyclonedx_component {
75
76	0			0	1	0	my $component = SBOM::CycloneDX::Component->new(
77							type => 'library',
78							group => 'CPAN',
79							name => 'SBOM-CycloneDX',
80							version => sprintf('%s', $SBOM::CycloneDX::VERSION),
81							description => 'Perl distribution for CycloneDX',
82							licenses => [SBOM::CycloneDX::License->new(id => cpan_meta_to_spdx_license('artistic_2'))],
83							bom_ref => sprintf('%s@%s', 'SBOM-CycloneDX', $SBOM::CycloneDX::VERSION),
84							external_references => _cyclonedx_external_references()
85							);
86
87	0					0	return $component;
88
89							}
90
91							sub cyclonedx_tool {
92
93	0			0	1	0	SBOM::CycloneDX::Tool->new(
94							vendor => 'CPAN',
95							name => 'SBOM-CycloneDX',
96							version => sprintf('%s', $SBOM::CycloneDX::VERSION),
97							external_references => _cyclonedx_external_references()
98							);
99
100							}
101
102							sub _cyclonedx_external_references {
103
104	0			0		0	my @references = (
105							{type => 'website', url => 'https://metacpan.org/pod/SBOM::CycloneDX'},
106							{type => 'documentation', url => 'https://metacpan.org/dist/SBOM-CycloneDX'},
107							{type => 'vcs', url => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX'},
108							{type => 'issue-tracker', url => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues'},
109							{type => 'license', url => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX/blob/main/LICENSE'},
110							{type => 'release-notes', url => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX/blob/main/Changes'},
111							{type => 'distribution', url => 'https://metacpan.org/dist/SBOM-CycloneDX'}
112							);
113
114	0					0	return [map { SBOM::CycloneDX::ExternalReference->new(%{$_}) } @references];
	0					0
	0					0
115
116							}
117
118							sub cpan_meta_to_spdx_license {
119	0		0	0	1	0	return $CPAN_META_SPEC_LICENSE_MAPPING{$_[0]} \|\| undef;
120							}
121
122							sub file_read {
123
124	417			417	1	13325981	my $file = shift;
125
126	417	50				2727	if (ref($file) eq 'GLOB') {
127	0					0	return do { local $/; <$file> };
	0					0
	0					0
128							}
129
130	417					928	return do {
131	417	50				61047	open(my $fh, '<', $file) or Carp::croak qq{Failed to read file: $!};
132	417					4245	local $/ = undef;
133	417					183349	<$fh>;
134							};
135
136							}
137
138							sub file_write {
139
140	0			0	1		my ($file, $content) = @_;
141
142	0						my $fh = undef;
143
144	0	0					if (ref($file) eq 'GLOB') {
145	0						$fh = $file;
146							}
147							else {
148	0	0					open($fh, '>', $file) or Carp::croak "Can't open file: $!";
149							}
150
151	0						$fh->autoflush(1);
152
153	0						print $fh $content;
154	0						close($fh);
155
156							}
157
158
159							1;
160
161							=encoding utf-8
162
163							=head1 NAME
164
165							SBOM::CycloneDX::Util - Utility for CycloneDX
166
167							=head1 SYNOPSIS
168
169							use SBOM::CycloneDX::Util qw(cpan_meta_to_spdx_license);
170
171							say cpan_meta_to_spdx_license('artistic_2'); # Artistic-2.0
172
173
174							=head1 DESCRIPTION
175
176							L provides a set of utility for L.
177
178							=head2 FUNCTIONS
179
180							=over
181
182							=item urn_uuid
183
184							Return a random URN UUID
185
186							=item urn_cdx
187
188							Return a random CDX UUID
189
190							=item cyclonedx_component
191
192							Return the representation of L component using
193							L object.
194
195							=item cyclonedx_tool
196
197							Return the representation of L tool using
198							L object.
199
200							=item cpan_meta_to_spdx_license
201
202							Convert the L license to SPDX license identifier.
203
204							=item file_read
205
206							Read a file.
207
208							=item file_write
209
210							Write a content to file.
211
212							=back
213
214
215							=head1 SUPPORT
216
217							=head2 Bugs / Feature Requests
218
219							Please report any bugs or feature requests through the issue tracker
220							at L.
221							You will be notified automatically of any progress on your issue.
222
223							=head2 Source Code
224
225							This is open source software. The code repository is available for
226							public review and contribution under the terms of the license.
227
228							L
229
230							git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
231
232
233							=head1 AUTHOR
234
235							=over 4
236
237							=item * Giuseppe Di Terlizzi
238
239							=back
240
241
242							=head1 LICENSE AND COPYRIGHT
243
244							This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
245
246							This is free software; you can redistribute it and/or modify it under
247							the same terms as the Perl 5 programming language system itself.
248
249							=cut