feat: license expression text attachment

jkowalleck · jkowalleck · commit 39524a26a97c · 2025-02-20T14:09:07.000+01:00
- tests: examples for licenses with text
- tests: draft for expressiosn with text

Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json b/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json
@@ -0,0 +1,56 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "type": "application",
+      "publisher": "Acme Inc",
+      "group": "com.acme",
+      "name": "tomcat-catalina",
+      "version": "9.0.14",
+      "description": "Modified version of Apache Catalina",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "MD5",
+          "content": "3942447fac867ae5cdb3229b658f4d48"
+        },
+        {
+          "alg": "SHA-1",
+          "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+        },
+        {
+          "alg": "SHA-256",
+          "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+        },
+        {
+          "alg": "SHA-512",
+          "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+        }
+      ],
+      "licenses": [
+        {
+          "bom-ref": "my-license",
+          "acknowledgement": "declared",
+          "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0",
+          "expression-texts": [
+            "license-identifier": "EPL-2.0",
+            "text": {
+              "content": "Eclipse Public License - v 2.0\n\n    THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE\n    PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION OR DISTRIBUTION\n    OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT..."
+            },
+            {
+              "license-identifier": "GPL-2.0 WITH Classpath-exception-2.0",
+              "text": {
+                "content": "                    GNU GENERAL PUBLIC LICENSE\n                       Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n <https://fsf.org/>\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed...\n\n...\n\nLinking this library statically or dynamically with other modules is making a combined work based on this library..."
+              }
+            }
+          ]
+        }
+      ],
+      "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+    }
+  ]
+}
diff --git a/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.textproto b/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.textproto
@@ -0,0 +1,49 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+  type: CLASSIFICATION_APPLICATION
+  publisher: "Acme Inc"
+  group: "com.acme"
+  name: "tomcat-catalina"
+  version: "9.0.14"
+  description: "Modified version of Apache Catalina"
+  scope: SCOPE_REQUIRED
+  hashes {
+    alg: HASH_ALG_MD_5
+    value: "3942447fac867ae5cdb3229b658f4d48"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_1
+    value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_256
+    value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_512
+    value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+  }
+  licenses {
+    bom_ref: "my-license"
+    acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED
+    expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0"
+    expression_texts {
+      license_identifier: "EPL-2.0"
+      text {
+        content: "Eclipse Public License - v 2.0\n\n    THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE\n    PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION OR DISTRIBUTION\n    OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT..."
+      }
+    }
+    expression_texts {
+      license_identifier: "GPL-2.0 WITH Classpath-exception-2.0",
+      text: {
+        content: "                    GNU GENERAL PUBLIC LICENSE\n                       Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n <https://fsf.org/>\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed...\n\n...\n\nLinking this library statically or dynamically with other modules is making a combined work based on this library..."
+      }
+    }
+  }
+  purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+}
diff --git a/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.xml b/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.7">
+    <components>
+        <component type="application">
+            <publisher>Acme Inc</publisher>
+            <group>com.acme</group>
+            <name>tomcat-catalina</name>
+            <version>9.0.14</version>
+            <description>Modified version of Apache Catalina</description>
+            <scope>required</scope>
+            <hashes>
+                <hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
+                <hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
+                <hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
+                <hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
+            </hashes>
+            <licenses>
+                <expression bom-ref="my-license" acknowledgement="declared">
+                    <value>EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0</value>
+                    <text license-identifier="EPL-2.0"><![CDATA[Eclipse Public License - v 2.0
+
+    THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
+    PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
+    OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT...]]]></text>
+                    <text license-identifier="GPL-2.0 WITH Classpath-exception-2.0"><![CDATA[                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed...
+
+...
+
+Linking this library statically or dynamically with other modules is making a combined work based on this library...]]></text>
+                </expression>
+            </licenses>
+            <purl>pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar</purl>
+        </component>
+    </components>
+</bom>
diff --git a/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.json b/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.json
@@ -0,0 +1,49 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "type": "application",
+      "publisher": "Acme Inc",
+      "group": "com.acme",
+      "name": "tomcat-catalina",
+      "version": "9.0.14",
+      "description": "Modified version of Apache Catalina",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "MD5",
+          "content": "3942447fac867ae5cdb3229b658f4d48"
+        },
+        {
+          "alg": "SHA-1",
+          "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+        },
+        {
+          "alg": "SHA-256",
+          "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+        },
+        {
+          "alg": "SHA-512",
+          "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "acknowledgement": "declared",
+            "bom-ref": "my-license",
+            "text": {
+              "content": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..."
+            }
+          }
+        }
+      ],
+      "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+    }
+  ]
+}
diff --git a/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.textproto b/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.textproto
@@ -0,0 +1,47 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+  type: CLASSIFICATION_APPLICATION
+  publisher: "Acme Inc"
+  group: "com.acme"
+  name: "tomcat-catalina"
+  version: "9.0.14"
+  description: "Modified version of Apache Catalina"
+  scope: SCOPE_REQUIRED
+  hashes {
+    alg: HASH_ALG_MD_5
+    value: "3942447fac867ae5cdb3229b658f4d48"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_1
+    value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_256
+    value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_512
+    value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+  }
+  licenses {
+    license {
+      id: "Apache-2.0"
+      acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED
+      bom_ref: "my-license"
+      text {
+        value: """
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+        TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..."""
+      }
+    }
+  }
+  purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+}
diff --git a/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.xml b/tools/src/test/resources/1.7/valid-license-id-with-text-1.7.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.7">
+    <components>
+        <component type="application">
+            <publisher>Acme Inc</publisher>
+            <group>com.acme</group>
+            <name>tomcat-catalina</name>
+            <version>9.0.14</version>
+            <description>Modified version of Apache Catalina</description>
+            <scope>required</scope>
+            <hashes>
+                <hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
+                <hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
+                <hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
+                <hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
+            </hashes>
+            <licenses>
+                <license bom-ref="my-license" acknowledgement="declared">
+                    <id>Apache-2.0</id>
+                    <text><![CDATA[
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION...]]></text>
+                </license>
+            </licenses>
+            <purl>pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar</purl>
+        </component>
+    </components>
+</bom>
diff --git a/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.json b/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.json
@@ -0,0 +1,49 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "type": "application",
+      "publisher": "Acme Inc",
+      "group": "com.acme",
+      "name": "tomcat-catalina",
+      "version": "9.0.14",
+      "description": "Modified version of Apache Catalina",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "MD5",
+          "content": "3942447fac867ae5cdb3229b658f4d48"
+        },
+        {
+          "alg": "SHA-1",
+          "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+        },
+        {
+          "alg": "SHA-256",
+          "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+        },
+        {
+          "alg": "SHA-512",
+          "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "name": "My License",
+            "bom-ref": "my-license",
+            "acknowledgement": "declared",
+            "text": {
+              "content": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus nec turpis efficitur, ullamcorper lorem ac, fermentum nulla. Mauris a enim nunc. Aliquam diam tellus, porttitor venenatis leo in, mollis ultricies lacus. Sed sagittis hendrerit nulla, eget pulvinar diam..."
+            }
+          }
+        }
+      ],
+      "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+    }
+  ]
+}
diff --git a/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.textproto b/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.textproto
@@ -0,0 +1,42 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+  type: CLASSIFICATION_APPLICATION
+  publisher: "Acme Inc"
+  group: "com.acme"
+  name: "tomcat-catalina"
+  version: "9.0.14"
+  description: "Modified version of Apache Catalina"
+  scope: SCOPE_REQUIRED
+  hashes {
+    alg: HASH_ALG_MD_5
+    value: "3942447fac867ae5cdb3229b658f4d48"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_1
+    value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_256
+    value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_512
+    value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+  }
+  licenses {
+    license {
+      name: "My License"
+      bom_ref: "my-license"
+      acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED
+      text {
+        value: "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus nec turpis efficitur, ullamcorper lorem ac, fermentum nulla. Mauris a enim nunc. Aliquam diam tellus, porttitor venenatis leo in, mollis ultricies lacus. Sed sagittis hendrerit nulla, eget pulvinar diam..."
+      }
+    }
+  }
+  purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
+}
diff --git a/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.xml b/tools/src/test/resources/1.7/valid-license-name-with-text-1.7.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.7">
+    <components>
+        <component type="application">
+            <publisher>Acme Inc</publisher>
+            <group>com.acme</group>
+            <name>tomcat-catalina</name>
+            <version>9.0.14</version>
+            <description>Modified version of Apache Catalina</description>
+            <scope>required</scope>
+            <hashes>
+                <hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
+                <hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
+                <hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
+                <hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
+            </hashes>
+            <licenses>
+                <license bom-ref="my-license" acknowledgement="declared">
+                    <name>My License</name>
+                    <text><![CDATA[Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus nec turpis efficitur, ullamcorper lorem ac, fermentum nulla. Mauris a enim nunc. Aliquam diam tellus, porttitor venenatis leo in, mollis ultricies lacus. Sed sagittis hendrerit nulla, eget pulvinar diam...]]></text>
+                </license>
+            </licenses>
+            <purl>pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar</purl>
+        </component>
+    </components>
+</bom>
