diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index e19c5da37..51bc6246f 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -24,7 +24,7 @@ provide the required disclosure, your PR will not be merged. A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context. -Resolves or fixes issue: +Resolves or fixes issue: ### AI Tool Disclosure diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 423d4b3f6..e91d61095 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,8 @@ updates: schedule: interval: 'weekly' day: 'saturday' + cooldown: + default-days: 7 allow: - dependency-type: 'all' versioning-strategy: 'auto' @@ -21,6 +23,8 @@ updates: schedule: interval: 'weekly' day: 'saturday' + cooldown: + default-days: 7 labels: [ 'dependencies' ] commit-message: ## prefix maximum string length of 15 diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 40dfc86d9..ea1f00354 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -33,16 +33,18 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -57,16 +59,18 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -81,16 +85,18 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -105,16 +111,18 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -141,16 +149,18 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -191,12 +201,14 @@ jobs: git config --global core.eol lf - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Create reports directory run: mkdir ${{ env.REPORTS_DIR }} - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} architecture: 'x64' @@ -206,8 +218,8 @@ jobs: import sys print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -226,7 +238,7 @@ jobs: - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.TESTS_REPORTS_ARTIFACT }}-${{ matrix.os }}-py${{ matrix.python-version }}${{ matrix.toxenv-factors }} path: ${{ env.REPORTS_DIR }} @@ -236,11 +248,11 @@ jobs: name: Publish test coverage needs: [ "build-and-test" ] runs-on: ubuntu-latest - timeout-minutes: 5 + timeout-minutes: 10 steps: - name: fetch test artifacts # see https://github.com/actions/download-artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ env.REPORTS_DIR }} pattern: ${{ env.TESTS_REPORTS_ARTIFACT }}-* @@ -250,7 +262,7 @@ jobs: CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets # see https://github.com/codacy/codacy-coverage-reporter-action - uses: codacy/codacy-coverage-reporter-action@v1 + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1.3.0 with: project-token: ${{ env.CODACY_PROJECT_TOKEN }} coverage-reports: ${{ env.REPORTS_DIR }}/coverage/* @@ -269,10 +281,12 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '>=3.9 <=3.14' # supported version range - name: Validate Python Environment @@ -281,8 +295,8 @@ jobs: import sys print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install package and prod dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb99f16a7..4da1b27f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,16 +48,18 @@ jobs: steps: - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -70,16 +72,18 @@ jobs: steps: - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry - # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + # see https://github.com/Gr1N/setup-poetry + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -103,21 +107,40 @@ jobs: id-token: write contents: write steps: + - name: Generate GitHub App Token + id: release-bot-token + # see https://github.com/actions/create-github-app-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + # see https://github.com/organizations/CycloneDX/settings/apps/cyclonedx-releases + client-id: 3335294 + private-key: ${{ secrets.CDX_RELEASE_BOT_PRIVATE_KEY }} + # for `permission-*` see `permissions` above + permission-contents: write + - name: Get GitHub App User ID + id: release-bot-user-id + env: + APP_SLUG: ${{ steps.release-bot-token.outputs.app-slug }} + GH_TOKEN: ${{ steps.release-bot-token.outputs.token }} + run: echo "user-id=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + token: ${{ steps.release-bot-token.outputs.token }} + persist-credentials: false - name: Setup python # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install and configure Poetry - # See https://github.com/marketplace/actions/install-poetry-action - uses: snok/install-poetry@v1 + # Seehttps://github.com/snok/install-poetry + uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2 with: version: ${{ env.POETRY_VERSION }} virtualenvs-create: true @@ -132,9 +155,11 @@ jobs: id: release # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html # see https://github.com/python-semantic-release/python-semantic-release - uses: python-semantic-release/python-semantic-release@v10.0.2 + uses: python-semantic-release/python-semantic-release@1a324000f2251a9e722e77b128bf72712653813f # v10.0.2 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + git_committer_name: ${{ steps.release-bot-token.outputs.app-slug }}[bot] + git_committer_email: ${{ steps.release-bot-user-id.outputs.user-id }}+${{ steps.release-bot-token.outputs.app-slug }}[bot]@users.noreply.github.com + github_token: ${{ steps.release-bot-token.outputs.token }} force: ${{ github.event.inputs.release_force }} prerelease: ${{ github.event.inputs.prerelease }} prerelease_token: ${{ github.event.inputs.prerelease_token }} @@ -142,14 +167,14 @@ jobs: - name: Publish package distributions to PyPI if: steps.release.outputs.released == 'true' # see https://github.com/pypa/gh-action-pypi-publish - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: attestations: true - name: Publish package distributions to GitHub Releases if: steps.release.outputs.released == 'true' # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action - uses: python-semantic-release/publish-action@v10 + uses: python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10.5.3 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.release-bot-token.outputs.token }} tag: ${{ steps.release.outputs.tag }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 000000000..7439413c8 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,44 @@ +# Analyzes all GitHub Actions workflows for security issues using zizmor. +# docs: https://docs.zizmor.sh/ +name: Zizmor + +on: + push: + branches: ['master', 'main'] + pull_request: + branches: ['**'] + workflow_dispatch: + schedule: + - cron: '0 0 * * 6' + +permissions: {} + +concurrency: + group: '${{ github.workflow }}-${{ github.ref }}' + cancel-in-progress: true + +jobs: + zizmor: + name: Zizmor + runs-on: ubuntu-latest + timeout-minutes: 10 + permissions: + contents: read + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: Run zizmor 🌈 + # see https://github.com/zizmorcore/zizmor-action + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + with: + # advanced-security: false => emit findings as workflow-command annotations (::error file=…) rather than + # uploading a SARIF report to GitHub's Security tab. + # Uploading SARIF requires `security-events: write` and GitHub Advanced Security (GHAS), + # both of which are unnecessary here and would violate the least-privilege policy. + # The two modes are mutually exclusive: advanced-security must be false for + # annotations to take effect. + advanced-security: false + annotations: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 44a9bcc11..a6573d028 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -42,3 +42,7 @@ repos: entry: poetry run -- tox r -e bandit pass_filenames: false language: system + - repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.24.1 + hooks: + - id: zizmor diff --git a/CHANGELOG.md b/CHANGELOG.md index 86d6a8728..920b48401 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,33 @@ +## v11.9.0 (2026-06-08) + +### Features + +- Add support for license expression details + ([#908](https://github.com/CycloneDX/cyclonedx-python-lib/pull/908), + [`b502381`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b50238102553dc215b08796ea914072294f69489)) + + +## v11.8.0 (2026-06-04) + +### Documentation + +- Update CDX summary ([#951](https://github.com/CycloneDX/cyclonedx-python-lib/pull/951), + [`752b162`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/752b1620a23e319add81c505fe7197a2ae3cca06)) + +### Features + +- Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 + ([#985](https://github.com/CycloneDX/cyclonedx-python-lib/pull/985), + [`303889b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c)) + +- Pull SPDX license IDs v1.1-3.28.0 + ([#986](https://github.com/CycloneDX/cyclonedx-python-lib/pull/986), + [`42ff044`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df)) + + ## v11.7.0 (2026-03-17) ### Documentation diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ffa914d2f..39b65018d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,6 +9,16 @@ Find the needed basics here: * [how to fork a repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) * [how create a pull request from a fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) + +## Pullrequests + +When opening a pull request, use the repository’s pull request template and complete all required fields. +Keep each pull request focused on a single topic or problem. + +Every pull request must reference an existing issue that it aims to address. +If no issue exists for your topic, please create one first using the appropriate issue template, then link your pull request to it. + + ## Setup This project uses [poetry]. Have it installed and setup first. @@ -67,7 +77,7 @@ Please sign off your commits, to show that you agree to publish your changes und , and to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). ```shell -git commit --signoff ... +git commit -s ... ``` ## Pre-commit hooks diff --git a/README.md b/README.md index 2017b51b3..31f088eee 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ ---- -OWASP [CycloneDX][link_website] is a full-stack Bill of Materials (BOM) standard -that provides advanced supply chain capabilities for cyber risk reduction. +OWASP [CycloneDX][link_website] is a full‑stack Bill of Materials (BOM) and system‑transparency standard +that provides deep visibility into software, services, hardware, and AI components, enabling advanced supply‑chain security and cyber‑risk reduction. This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents. diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index ff9bd20b3..e23b280ae 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -22,4 +22,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "11.7.0" # noqa:Q000 +__version__ = "11.9.0" # noqa:Q000 diff --git a/cyclonedx/model/license.py b/cyclonedx/model/license.py index b6e36f571..6fed14b38 100644 --- a/cyclonedx/model/license.py +++ b/cyclonedx/model/license.py @@ -34,6 +34,7 @@ from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import MutuallyExclusivePropertiesException from ..exception.serialization import CycloneDxDeserializationException +from ..schema import SchemaVersion from ..schema.schema import SchemaVersion1Dot5, SchemaVersion1Dot6, SchemaVersion1Dot7 from . import AttachedText, Property, XsUri from .bom_ref import BomRef @@ -278,6 +279,123 @@ def __repr__(self) -> str: return f'' +@serializable.serializable_class(ignore_unknown_during_deserialization=True) +class LicenseExpressionDetails: + """ + This is our internal representation of the ``licenseExpressionDetailedType`` complex type that specifies the details + and attributes related to a software license identifier within a CycloneDX BOM document. + + .. note:: + Introduced in CycloneDX v1.7 + + + .. note:: + See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_licenseExpressionDetailedType + """ + + def __init__( + self, license_identifier: str, *, + bom_ref: Optional[Union[str, BomRef]] = None, + text: Optional[AttachedText] = None, + url: Optional[XsUri] = None, + ) -> None: + self._bom_ref = _bom_ref_from_str(bom_ref) + self.license_identifier = license_identifier + self.text = text + self.url = url + + @property + @serializable.xml_name('license-identifier') + @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) + @serializable.xml_attribute() + def license_identifier(self) -> str: + """ + A valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements. + This field serves as the primary key, which uniquely identifies each record. + + Example values: + - "Apache-2.0", + - "GPL-3.0-only WITH Classpath-exception-2.0" + - "LicenseRef-my-custom-license" + + Returns: + `str` + """ + return self._license_identifier + + @license_identifier.setter + def license_identifier(self, license_identifier: str) -> None: + self._license_identifier = license_identifier + + @property + @serializable.json_name('bom-ref') + @serializable.type_mapping(BomRef) + @serializable.xml_attribute() + @serializable.xml_name('bom-ref') + def bom_ref(self) -> BomRef: + """ + An identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be + unique within the BOM. + Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links. + + Returns: + `BomRef` + """ + return self._bom_ref + + @property + @serializable.xml_sequence(1) + def text(self) -> Optional[AttachedText]: + """ + A way to include the textual content of the license. + + Returns: + `AttachedText` else `None` + """ + return self._text + + @text.setter + def text(self, text: Optional[AttachedText]) -> None: + self._text = text + + @property + @serializable.xml_sequence(2) + def url(self) -> Optional[XsUri]: + """ + The URL to the license file. If specified, a 'license' externalReference should also be specified for + completeness. + + Returns: + `XsUri` or `None` + """ + return self._url + + @url.setter + def url(self, url: Optional[XsUri]) -> None: + self._url = url + + def __comparable_tuple(self) -> _ComparableTuple: + return _ComparableTuple(( + self.bom_ref.value, self.license_identifier, self.url, self.text, + )) + + def __eq__(self, other: object) -> bool: + if isinstance(other, LicenseExpressionDetails): + return self.__comparable_tuple() == other.__comparable_tuple() + return False + + def __lt__(self, other: object) -> bool: + if isinstance(other, LicenseExpressionDetails): + return self.__comparable_tuple() < other.__comparable_tuple() + return NotImplemented + + def __hash__(self) -> int: + return hash(self.__comparable_tuple()) + + def __repr__(self) -> str: + return f'' + + @serializable.serializable_class( name='expression', ignore_unknown_during_deserialization=True @@ -296,10 +414,12 @@ def __init__( self, value: str, *, bom_ref: Optional[Union[str, BomRef]] = None, acknowledgement: Optional[LicenseAcknowledgement] = None, + details: Optional[Iterable[LicenseExpressionDetails]] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self._value = value self._acknowledgement = acknowledgement + self.details = details or [] @property @serializable.view(SchemaVersion1Dot5) @@ -362,11 +482,30 @@ def acknowledgement(self) -> Optional[LicenseAcknowledgement]: def acknowledgement(self, acknowledgement: Optional[LicenseAcknowledgement]) -> None: self._acknowledgement = acknowledgement + @property + @serializable.json_name('expressionDetails') + @serializable.view(SchemaVersion1Dot7) + @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, child_name='details') + @serializable.xml_sequence(1) + def details(self) -> 'SortedSet[LicenseExpressionDetails]': + """ + Details for parts of the expression. + + Returns: + Set of `LicenseExpressionDetails` + """ + return self._details + + @details.setter + def details(self, details: Iterable[LicenseExpressionDetails]) -> None: + self._details = SortedSet(details) + def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self._acknowledgement, self._value, self._bom_ref.value, + _ComparableTuple(self.details), )) def __hash__(self) -> int: @@ -431,6 +570,38 @@ class LicenseRepository(SortedSet): class _LicenseRepositorySerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ + @staticmethod + def __supports_expression_details(view: Any) -> bool: + try: + return view is not None and view().schema_version_enum >= SchemaVersion.V1_7 + except Exception: # pragma: no cover + return False + + @staticmethod + def __xml_normalize_license_expression_detailed( + license_expression: LicenseExpression, + view: Optional[type[serializable.ViewType]], + xmlns: Optional[str] + ) -> Element: + elem: Element = license_expression.as_xml( # type:ignore[attr-defined] + view_=view, as_string=False, element_name='expression-detailed', xmlns=xmlns) + elem.set(f'{{{xmlns}}}expression' if xmlns else 'expression', license_expression.value) + elem.text = None + return elem + + @staticmethod + def __xml_denormalize_license_expression_detailed( + li: Element, + default_ns: Optional[str] + ) -> LicenseExpression: + expression_value = li.get('expression') + if not expression_value: + raise CycloneDxDeserializationException(f'unexpected content: {li!r}') + license_expression: LicenseExpression = LicenseExpression.from_xml( # type:ignore[attr-defined] + li, default_ns) + license_expression.value = expression_value + return license_expression + @classmethod def json_normalize(cls, o: LicenseRepository, *, view: Optional[type[serializable.ViewType]], @@ -482,8 +653,13 @@ def xml_normalize(cls, o: LicenseRepository, *, # mixed license expression and license? this is an invalid constellation according to schema! # see https://github.com/CycloneDX/specification/pull/205 # but models need to allow it for backwards compatibility with JSON CDX < 1.5 - elem.append(expression.as_xml( # type:ignore[attr-defined] - view_=view, as_string=False, element_name='expression', xmlns=xmlns)) + if expression.details and cls.__supports_expression_details(view): + elem.append(cls.__xml_normalize_license_expression_detailed(expression, view, xmlns)) + else: + if expression.details: + warn('LicenseExpression details are not supported in schema versions < 1.7; skipping serialization') + elem.append(expression.as_xml( # type:ignore[attr-defined] + view_=view, as_string=False, element_name='expression', xmlns=xmlns)) else: elem.extend( li.as_xml( # type:ignore[attr-defined] @@ -506,6 +682,8 @@ def xml_denormalize(cls, o: Element, elif tag == 'expression': repo.add(LicenseExpression.from_xml( # type:ignore[attr-defined] li, default_ns)) + elif tag == 'expression-detailed': + repo.add(cls.__xml_denormalize_license_expression_detailed(li, default_ns)) else: raise CycloneDxDeserializationException(f'unexpected: {li!r}') return repo diff --git a/cyclonedx/schema/_res/README.md b/cyclonedx/schema/_res/README.md index 207414b9e..83fc1dd95 100644 --- a/cyclonedx/schema/_res/README.md +++ b/cyclonedx/schema/_res/README.md @@ -4,7 +4,7 @@ some schema for offline use as downloaded via [script](../../../tools/schema-dow original sources: Currently using version -[4b3f59453366e27c8073fd24e98bf21ef8892c8e](https://github.com/CycloneDX/specification/commit/4b3f59453366e27c8073fd24e98bf21ef8892c8e) +[b29bae660048e0ad2fbc5f2972927b442ce951c4](https://github.com/CycloneDX/specification/commit/b29bae660048e0ad2fbc5f2972927b442ce951c4) | file | note | |------|------| diff --git a/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.xsd b/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.xsd index 022c09072..7c9577dad 100644 --- a/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.5" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.5.0"> + version="1.5.1"> @@ -2885,7 +2885,7 @@ limitations under the License. - + @@ -2897,7 +2897,7 @@ limitations under the License. - + @@ -2911,7 +2911,7 @@ limitations under the License. - + @@ -2923,7 +2923,7 @@ limitations under the License. - + @@ -3008,6 +3008,16 @@ limitations under the License. + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json index 981961dd6..1958b2245 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json @@ -536,7 +536,7 @@ "description": "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "type": "string", "minLength": 1, - "$comment": "TODO (breaking change): add a format constraint that prevents the value from staring with 'urn:cdx:'" + "$comment": "TODO (breaking change): add a format constraint that prevents the value from starting with 'urn:cdx:'" }, "refLinkType": { "description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.", @@ -1161,7 +1161,7 @@ "contentType": { "type": "string", "title": "Content-Type", - "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", + "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plain text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", "default": "text/plain", "examples": [ "text/plain", @@ -2681,7 +2681,7 @@ "ratings": { "type": "array", "title": "Ratings", - "description": "List of vulnerability ratings", + "description": "List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.", "items": { "$ref": "#/definitions/rating" } diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd index 427f3c4f0..c3a7f46f0 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.6" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.6.1"> + version="1.6.2"> @@ -973,7 +973,7 @@ limitations under the License. Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` - for JSON data and `text/plain` for plan text documents. + for JSON data and `text/plain` for plain text documents. RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the IANA media types registry at https://www.iana.org/assignments/media-types/media-types.xhtml. @@ -3256,7 +3256,7 @@ limitations under the License. - + @@ -3268,7 +3268,7 @@ limitations under the License. - + @@ -3282,7 +3282,7 @@ limitations under the License. - + @@ -3294,7 +3294,7 @@ limitations under the License. - + @@ -3386,6 +3386,16 @@ limitations under the License. + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + @@ -4218,7 +4228,7 @@ limitations under the License. - List of vulnerability ratings. + List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization. diff --git a/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.schema.json b/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.schema.json index c0ed5071d..ad7e54ac2 100644 --- a/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.schema.json @@ -555,7 +555,7 @@ "description": "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "type": "string", "minLength": 1, - "$comment": "TODO (breaking change): add a format constraint that prevents the value from staring with 'urn:cdx:'" + "$comment": "TODO (breaking change): add a format constraint that prevents the value from starting with 'urn:cdx:'" }, "refLinkType": { "title": "BOM Reference", @@ -981,7 +981,7 @@ "versionRange": { "$ref": "#/definitions/versionRange", "title": "Component Version Range", - "description": "For an external component, this specifies the accepted version range.\nThe value must adhere to the Package URL Version Range syntax (vers), as defined at A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.", + "description": "A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { @@ -1248,7 +1248,7 @@ "contentType": { "type": "string", "title": "Content-Type", - "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", + "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plain text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", "default": "text/plain", "examples": [ "text/plain", @@ -2841,7 +2841,7 @@ "ratings": { "type": "array", "title": "Ratings", - "description": "List of vulnerability ratings", + "description": "List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.", "items": { "$ref": "#/definitions/rating" } diff --git a/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.xsd b/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.xsd index 40aa7ad93..7318f6ef6 100644 --- a/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/bom-1.7.SNAPSHOT.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.7" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.7.0"> + version="1.7.1"> @@ -1204,7 +1204,7 @@ limitations under the License. Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` - for JSON data and `text/plain` for plan text documents. + for JSON data and `text/plain` for plain text documents. RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the IANA media types registry at https://www.iana.org/assignments/media-types/media-types.xhtml. @@ -3499,7 +3499,7 @@ limitations under the License. - + @@ -3511,7 +3511,7 @@ limitations under the License. - + @@ -3525,7 +3525,7 @@ limitations under the License. - + @@ -3537,7 +3537,7 @@ limitations under the License. - + @@ -3629,6 +3629,16 @@ limitations under the License. + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + @@ -4461,7 +4471,7 @@ limitations under the License. - List of vulnerability ratings. + List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization. diff --git a/cyclonedx/schema/_res/cryptography-defs.SNAPSHOT.schema.json b/cyclonedx/schema/_res/cryptography-defs.SNAPSHOT.schema.json index 1f06fdff5..e17815057 100644 --- a/cyclonedx/schema/_res/cryptography-defs.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/cryptography-defs.SNAPSHOT.schema.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/cryptography-defs.schema.json", - "$comment": "2025-09-07T11:12:52Z", + "$comment": "2026-03-05T14:27:50Z", "title": "Cryptographic Algorithm Family Definitions", "description": "Enumerates cryptographic algorithm families and their specific metadata.", "type": "object", @@ -248,6 +248,7 @@ "A5/2", "AES", "ARIA", + "Argon2", "Ascon", "BLAKE2", "BLAKE3", @@ -258,6 +259,7 @@ "CAST6", "CMAC", "CMEA", + "CTR_DRBG", "ChaCha", "ChaCha20", "DES", @@ -273,9 +275,12 @@ "HC", "HKDF", "HMAC", + "HMAC_DRBG", + "HPKE", + "Hash_DRBG", "IDEA", "IKE-PRF", - "KMAC", + "J-PAKE", "LMS", "MD2", "MD4", @@ -284,6 +289,7 @@ "ML-DSA", "ML-KEM", "MQV", + "OPAQUE", "PBES1", "PBES2", "PBKDF1", @@ -305,20 +311,30 @@ "SHA-2", "SHA-3", "SLH-DSA", + "SM2", + "SM3", + "SM4", + "SM9", "SNOW3G", "SP800-108", + "SPAKE2", + "SPAKE2PLUS", + "SRP", "Salsa20", "Serpent", "SipHash", "Skipjack", "TUAK", "Twofish", + "UMAC", "Whirlpool", "X3DH", "XMSS", "Yarrow", "ZUC", - "bcrypt" + "bcrypt", + "scrypt", + "yescrypt" ] }, "ellipticCurvesEnum": { diff --git a/cyclonedx/schema/_res/spdx.SNAPSHOT.schema.json b/cyclonedx/schema/_res/spdx.SNAPSHOT.schema.json index 1e49a6d9e..2dccc87e3 100644 --- a/cyclonedx/schema/_res/spdx.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/spdx.SNAPSHOT.schema.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", - "$comment": "v1.0-3.27.0", + "$comment": "v1.1-3.28.0", "type": "string", "enum": [ "0BSD", @@ -14,6 +14,7 @@ "Adobe-Glyph", "Adobe-Utopia", "ADSL", + "Advanced-Cryptics-Dictionary", "AFL-1.1", "AFL-1.2", "AFL-2.0", @@ -27,6 +28,7 @@ "AGPL-3.0-only", "AGPL-3.0-or-later", "Aladdin", + "ALGLIB-Documentation", "AMD-newlib", "AMDPLPA", "AML", @@ -68,6 +70,7 @@ "BlueOak-1.0.0", "Boehm-GC", "Boehm-GC-without-fee", + "BOLA-1.1", "Borceux", "Brian-Gladman-2-Clause", "Brian-Gladman-3-Clause", @@ -94,6 +97,7 @@ "BSD-3-Clause-No-Nuclear-Warranty", "BSD-3-Clause-Open-MPI", "BSD-3-Clause-Sun", + "BSD-3-Clause-Tso", "BSD-4-Clause", "BSD-4-Clause-Shortened", "BSD-4-Clause-UC", @@ -102,12 +106,14 @@ "BSD-Advertising-Acknowledgement", "BSD-Attribution-HPND-disclaimer", "BSD-Inferno-Nettverk", + "BSD-Mark-Modifications", "BSD-Protection", "BSD-Source-beginning-file", "BSD-Source-Code", "BSD-Systemics", "BSD-Systemics-W3Works", "BSL-1.0", + "Buddy", "BUSL-1.1", "bzip2-1.0.5", "bzip2-1.0.6", @@ -116,6 +122,7 @@ "CAL-1.0-Combined-Work-Exception", "Caldera", "Caldera-no-preamble", + "CAPEC-tou", "Catharon", "CATOSL-1.1", "CC-BY-1.0", @@ -245,6 +252,9 @@ "EPL-1.0", "EPL-2.0", "ErlPL-1.1", + "ESA-PL-permissive-2.4", + "ESA-PL-strong-copyleft-2.4", + "ESA-PL-weak-copyleft-2.4", "etalab-2.0", "EUDatagrid", "EUPL-1.0", @@ -350,11 +360,14 @@ "HPND-sell-MIT-disclaimer-xserver", "HPND-sell-regexpr", "HPND-sell-variant", + "HPND-sell-variant-critical-systems", "HPND-sell-variant-MIT-disclaimer", "HPND-sell-variant-MIT-disclaimer-rev", + "HPND-SMC", "HPND-UC", "HPND-UC-export-US", "HTMLTIDY", + "hyphen-bulgarian", "IBM-pibs", "ICU", "IEC-Code-Components-EULA", @@ -373,6 +386,7 @@ "IPL-1.0", "ISC", "ISC-Veillard", + "ISO-permission", "Jam", "JasPer-2.0", "jove", @@ -450,10 +464,12 @@ "MIT-Khronos-old", "MIT-Modern-Variant", "MIT-open-group", + "MIT-STK", "MIT-testregex", "MIT-Wu", "MITNFA", "MMIXware", + "MMPL-1.0.1", "Motosoto", "MPEG-SSG", "mpi-permissive", @@ -487,6 +503,7 @@ "NICTA-1.0", "NIST-PD", "NIST-PD-fallback", + "NIST-PD-TNT", "NIST-Software", "NLOD-1.0", "NLOD-2.0", @@ -540,6 +557,7 @@ "OLDAP-2.8", "OLFL-1.3", "OML", + "OpenMDW-1.0", "OpenPBS-2.3", "OpenSSL", "OpenSSL-standalone", @@ -547,13 +565,16 @@ "OPL-1.0", "OPL-UK-3.0", "OPUBL-1.0", + "OSC-1.0", "OSET-PL-2.1", "OSL-1.0", "OSL-1.1", "OSL-2.0", "OSL-2.1", "OSL-3.0", + "OSSP", "PADL", + "ParaType-Free-Font-1.3", "Parity-6.0.0", "Parity-7.0.0", "PDDL-1.0", @@ -598,6 +619,7 @@ "SGI-B-1.1", "SGI-B-2.0", "SGI-OpenGL", + "SGMLUG-PM", "SGP4", "SHL-0.5", "SHL-0.51", @@ -635,6 +657,7 @@ "TAPR-OHL-1.0", "TCL", "TCP-wrappers", + "TekHVC", "TermReadKey", "TGPPL-1.0", "ThirdEye", @@ -662,9 +685,11 @@ "Unlicense", "Unlicense-libtelnet", "Unlicense-libwhirlpool", + "UnRAR", "UPL-1.0", "URT-RLE", "Vim", + "Vixie-Cron", "VOSTROM", "VSL-1.0", "W3C", @@ -673,12 +698,15 @@ "w3m", "Watcom-1.0", "Widget-Workshop", + "WordNet", "Wsuipa", + "WTFNMFPL", "WTFPL", "wwl", "wxWindows", "X11", "X11-distribute-modifications-variant", + "X11-no-permit-persons", "X11-swapped", "Xdebug-1.03", "Xerox", @@ -716,6 +744,7 @@ "Bootloader-exception", "CGAL-linking-exception", "Classpath-exception-2.0", + "Classpath-exception-2.0-short", "CLISP-exception-2.0", "cryptsetup-OpenSSL-exception", "Digia-Qt-LGPL-exception-1.1", @@ -746,6 +775,7 @@ "i2p-gpl-java-exception", "Independent-modules-exception", "KiCad-libraries-exception", + "kvirc-openssl-exception", "LGPL-3.0-linking-exception", "libpri-OpenH323-exception", "Libtool-exception", @@ -769,9 +799,12 @@ "Qwt-exception-1.0", "romic-exception", "RRDtool-FLOSS-exception-2.0", + "rsync-linking-exception", "SANE-exception", "SHL-2.0", "SHL-2.1", + "Simple-Library-Usage-exception", + "sqlitestudio-OpenSSL-exception", "stunnel-exception", "SWI-exception", "Swift-exception", @@ -782,5 +815,818 @@ "vsftpd-openssl-exception", "WxWindows-exception-3.1", "x11vnc-openssl-exception" - ] + ], + "meta:enum": { + "0BSD": "BSD Zero Clause License", + "3D-Slicer-1.0": "3D Slicer License v1.0", + "AAL": "Attribution Assurance License", + "Abstyles": "Abstyles License", + "AdaCore-doc": "AdaCore Doc License", + "Adobe-2006": "Adobe Systems Incorporated Source Code License Agreement", + "Adobe-Display-PostScript": "Adobe Display PostScript License", + "Adobe-Glyph": "Adobe Glyph List License", + "Adobe-Utopia": "Adobe Utopia Font License", + "ADSL": "Amazon Digital Services License", + "Advanced-Cryptics-Dictionary": "Advanced Cryptics Dictionary License", + "AFL-1.1": "Academic Free License v1.1", + "AFL-1.2": "Academic Free License v1.2", + "AFL-2.0": "Academic Free License v2.0", + "AFL-2.1": "Academic Free License v2.1", + "AFL-3.0": "Academic Free License v3.0", + "Afmparse": "Afmparse License", + "AGPL-1.0": "Affero General Public License v1.0", + "AGPL-1.0-only": "Affero General Public License v1.0 only", + "AGPL-1.0-or-later": "Affero General Public License v1.0 or later", + "AGPL-3.0": "GNU Affero General Public License v3.0", + "AGPL-3.0-only": "GNU Affero General Public License v3.0 only", + "AGPL-3.0-or-later": "GNU Affero General Public License v3.0 or later", + "Aladdin": "Aladdin Free Public License", + "ALGLIB-Documentation": "ALGLIB Documentation License", + "AMD-newlib": "AMD newlib License", + "AMDPLPA": "AMD's plpa_map.c License", + "AML": "Apple MIT License", + "AML-glslang": "AML glslang variant License", + "AMPAS": "Academy of Motion Picture Arts and Sciences BSD", + "ANTLR-PD": "ANTLR Software Rights Notice", + "ANTLR-PD-fallback": "ANTLR Software Rights Notice with license fallback", + "any-OSI": "Any OSI License", + "any-OSI-perl-modules": "Any OSI License - Perl Modules", + "Apache-1.0": "Apache License 1.0", + "Apache-1.1": "Apache License 1.1", + "Apache-2.0": "Apache License 2.0", + "APAFML": "Adobe Postscript AFM License", + "APL-1.0": "Adaptive Public License 1.0", + "App-s2p": "App::s2p License", + "APSL-1.0": "Apple Public Source License 1.0", + "APSL-1.1": "Apple Public Source License 1.1", + "APSL-1.2": "Apple Public Source License 1.2", + "APSL-2.0": "Apple Public Source License 2.0", + "Arphic-1999": "Arphic Public License", + "Artistic-1.0": "Artistic License 1.0", + "Artistic-1.0-cl8": "Artistic License 1.0 w\/clause 8", + "Artistic-1.0-Perl": "Artistic License 1.0 (Perl)", + "Artistic-2.0": "Artistic License 2.0", + "Artistic-dist": "Artistic License 1.0 (dist)", + "Aspell-RU": "Aspell Russian License", + "ASWF-Digital-Assets-1.0": "ASWF Digital Assets License version 1.0", + "ASWF-Digital-Assets-1.1": "ASWF Digital Assets License 1.1", + "Baekmuk": "Baekmuk License", + "Bahyph": "Bahyph License", + "Barr": "Barr License", + "bcrypt-Solar-Designer": "bcrypt Solar Designer License", + "Beerware": "Beerware License", + "Bitstream-Charter": "Bitstream Charter Font License", + "Bitstream-Vera": "Bitstream Vera Font License", + "BitTorrent-1.0": "BitTorrent Open Source License v1.0", + "BitTorrent-1.1": "BitTorrent Open Source License v1.1", + "blessing": "SQLite Blessing", + "BlueOak-1.0.0": "Blue Oak Model License 1.0.0", + "Boehm-GC": "Boehm-Demers-Weiser GC License", + "Boehm-GC-without-fee": "Boehm-Demers-Weiser GC License (without fee)", + "BOLA-1.1": "Buena Onda License Agreement v1.1", + "Borceux": "Borceux license", + "Brian-Gladman-2-Clause": "Brian Gladman 2-Clause License", + "Brian-Gladman-3-Clause": "Brian Gladman 3-Clause License", + "BSD-1-Clause": "BSD 1-Clause License", + "BSD-2-Clause": "BSD 2-Clause \"Simplified\" License", + "BSD-2-Clause-Darwin": "BSD 2-Clause - Ian Darwin variant", + "BSD-2-Clause-first-lines": "BSD 2-Clause - first lines requirement", + "BSD-2-Clause-FreeBSD": "BSD 2-Clause FreeBSD License", + "BSD-2-Clause-NetBSD": "BSD 2-Clause NetBSD License", + "BSD-2-Clause-Patent": "BSD-2-Clause Plus Patent License", + "BSD-2-Clause-pkgconf-disclaimer": "BSD 2-Clause pkgconf disclaimer variant", + "BSD-2-Clause-Views": "BSD 2-Clause with views sentence", + "BSD-3-Clause": "BSD 3-Clause \"New\" or \"Revised\" License", + "BSD-3-Clause-acpica": "BSD 3-Clause acpica variant", + "BSD-3-Clause-Attribution": "BSD with attribution", + "BSD-3-Clause-Clear": "BSD 3-Clause Clear License", + "BSD-3-Clause-flex": "BSD 3-Clause Flex variant", + "BSD-3-Clause-HP": "Hewlett-Packard BSD variant license", + "BSD-3-Clause-LBNL": "Lawrence Berkeley National Labs BSD variant license", + "BSD-3-Clause-Modification": "BSD 3-Clause Modification", + "BSD-3-Clause-No-Military-License": "BSD 3-Clause No Military License", + "BSD-3-Clause-No-Nuclear-License": "BSD 3-Clause No Nuclear License", + "BSD-3-Clause-No-Nuclear-License-2014": "BSD 3-Clause No Nuclear License 2014", + "BSD-3-Clause-No-Nuclear-Warranty": "BSD 3-Clause No Nuclear Warranty", + "BSD-3-Clause-Open-MPI": "BSD 3-Clause Open MPI variant", + "BSD-3-Clause-Sun": "BSD 3-Clause Sun Microsystems", + "BSD-3-Clause-Tso": "BSD 3-Clause Tso variant", + "BSD-4-Clause": "BSD 4-Clause \"Original\" or \"Old\" License", + "BSD-4-Clause-Shortened": "BSD 4 Clause Shortened", + "BSD-4-Clause-UC": "BSD-4-Clause (University of California-Specific)", + "BSD-4.3RENO": "BSD 4.3 RENO License", + "BSD-4.3TAHOE": "BSD 4.3 TAHOE License", + "BSD-Advertising-Acknowledgement": "BSD Advertising Acknowledgement License", + "BSD-Attribution-HPND-disclaimer": "BSD with Attribution and HPND disclaimer", + "BSD-Inferno-Nettverk": "BSD-Inferno-Nettverk", + "BSD-Mark-Modifications": "BSD Mark Modifications License", + "BSD-Protection": "BSD Protection License", + "BSD-Source-beginning-file": "BSD Source Code Attribution - beginning of file variant", + "BSD-Source-Code": "BSD Source Code Attribution", + "BSD-Systemics": "Systemics BSD variant license", + "BSD-Systemics-W3Works": "Systemics W3Works BSD variant license", + "BSL-1.0": "Boost Software License 1.0", + "Buddy": "Buddy License", + "BUSL-1.1": "Business Source License 1.1", + "bzip2-1.0.5": "bzip2 and libbzip2 License v1.0.5", + "bzip2-1.0.6": "bzip2 and libbzip2 License v1.0.6", + "C-UDA-1.0": "Computational Use of Data Agreement v1.0", + "CAL-1.0": "Cryptographic Autonomy License 1.0", + "CAL-1.0-Combined-Work-Exception": "Cryptographic Autonomy License 1.0 (Combined Work Exception)", + "Caldera": "Caldera License", + "Caldera-no-preamble": "Caldera License (without preamble)", + "CAPEC-tou": "Common Attack Pattern Enumeration and Classification License", + "Catharon": "Catharon License", + "CATOSL-1.1": "Computer Associates Trusted Open Source License 1.1", + "CC-BY-1.0": "Creative Commons Attribution 1.0 Generic", + "CC-BY-2.0": "Creative Commons Attribution 2.0 Generic", + "CC-BY-2.5": "Creative Commons Attribution 2.5 Generic", + "CC-BY-2.5-AU": "Creative Commons Attribution 2.5 Australia", + "CC-BY-3.0": "Creative Commons Attribution 3.0 Unported", + "CC-BY-3.0-AT": "Creative Commons Attribution 3.0 Austria", + "CC-BY-3.0-AU": "Creative Commons Attribution 3.0 Australia", + "CC-BY-3.0-DE": "Creative Commons Attribution 3.0 Germany", + "CC-BY-3.0-IGO": "Creative Commons Attribution 3.0 IGO", + "CC-BY-3.0-NL": "Creative Commons Attribution 3.0 Netherlands", + "CC-BY-3.0-US": "Creative Commons Attribution 3.0 United States", + "CC-BY-4.0": "Creative Commons Attribution 4.0 International", + "CC-BY-NC-1.0": "Creative Commons Attribution Non Commercial 1.0 Generic", + "CC-BY-NC-2.0": "Creative Commons Attribution Non Commercial 2.0 Generic", + "CC-BY-NC-2.5": "Creative Commons Attribution Non Commercial 2.5 Generic", + "CC-BY-NC-3.0": "Creative Commons Attribution Non Commercial 3.0 Unported", + "CC-BY-NC-3.0-DE": "Creative Commons Attribution Non Commercial 3.0 Germany", + "CC-BY-NC-4.0": "Creative Commons Attribution Non Commercial 4.0 International", + "CC-BY-NC-ND-1.0": "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic", + "CC-BY-NC-ND-2.0": "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic", + "CC-BY-NC-ND-2.5": "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic", + "CC-BY-NC-ND-3.0": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported", + "CC-BY-NC-ND-3.0-DE": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany", + "CC-BY-NC-ND-3.0-IGO": "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO", + "CC-BY-NC-ND-4.0": "Creative Commons Attribution Non Commercial No Derivatives 4.0 International", + "CC-BY-NC-SA-1.0": "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic", + "CC-BY-NC-SA-2.0": "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic", + "CC-BY-NC-SA-2.0-DE": "Creative Commons Attribution Non Commercial Share Alike 2.0 Germany", + "CC-BY-NC-SA-2.0-FR": "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France", + "CC-BY-NC-SA-2.0-UK": "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales", + "CC-BY-NC-SA-2.5": "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic", + "CC-BY-NC-SA-3.0": "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported", + "CC-BY-NC-SA-3.0-DE": "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany", + "CC-BY-NC-SA-3.0-IGO": "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO", + "CC-BY-NC-SA-4.0": "Creative Commons Attribution Non Commercial Share Alike 4.0 International", + "CC-BY-ND-1.0": "Creative Commons Attribution No Derivatives 1.0 Generic", + "CC-BY-ND-2.0": "Creative Commons Attribution No Derivatives 2.0 Generic", + "CC-BY-ND-2.5": "Creative Commons Attribution No Derivatives 2.5 Generic", + "CC-BY-ND-3.0": "Creative Commons Attribution No Derivatives 3.0 Unported", + "CC-BY-ND-3.0-DE": "Creative Commons Attribution No Derivatives 3.0 Germany", + "CC-BY-ND-4.0": "Creative Commons Attribution No Derivatives 4.0 International", + "CC-BY-SA-1.0": "Creative Commons Attribution Share Alike 1.0 Generic", + "CC-BY-SA-2.0": "Creative Commons Attribution Share Alike 2.0 Generic", + "CC-BY-SA-2.0-UK": "Creative Commons Attribution Share Alike 2.0 England and Wales", + "CC-BY-SA-2.1-JP": "Creative Commons Attribution Share Alike 2.1 Japan", + "CC-BY-SA-2.5": "Creative Commons Attribution Share Alike 2.5 Generic", + "CC-BY-SA-3.0": "Creative Commons Attribution Share Alike 3.0 Unported", + "CC-BY-SA-3.0-AT": "Creative Commons Attribution Share Alike 3.0 Austria", + "CC-BY-SA-3.0-DE": "Creative Commons Attribution Share Alike 3.0 Germany", + "CC-BY-SA-3.0-IGO": "Creative Commons Attribution-ShareAlike 3.0 IGO", + "CC-BY-SA-4.0": "Creative Commons Attribution Share Alike 4.0 International", + "CC-PDDC": "Creative Commons Public Domain Dedication and Certification", + "CC-PDM-1.0": "Creative Commons Public Domain Mark 1.0 Universal", + "CC-SA-1.0": "Creative Commons Share Alike 1.0 Generic", + "CC0-1.0": "Creative Commons Zero v1.0 Universal", + "CDDL-1.0": "Common Development and Distribution License 1.0", + "CDDL-1.1": "Common Development and Distribution License 1.1", + "CDL-1.0": "Common Documentation License 1.0", + "CDLA-Permissive-1.0": "Community Data License Agreement Permissive 1.0", + "CDLA-Permissive-2.0": "Community Data License Agreement Permissive 2.0", + "CDLA-Sharing-1.0": "Community Data License Agreement Sharing 1.0", + "CECILL-1.0": "CeCILL Free Software License Agreement v1.0", + "CECILL-1.1": "CeCILL Free Software License Agreement v1.1", + "CECILL-2.0": "CeCILL Free Software License Agreement v2.0", + "CECILL-2.1": "CeCILL Free Software License Agreement v2.1", + "CECILL-B": "CeCILL-B Free Software License Agreement", + "CECILL-C": "CeCILL-C Free Software License Agreement", + "CERN-OHL-1.1": "CERN Open Hardware Licence v1.1", + "CERN-OHL-1.2": "CERN Open Hardware Licence v1.2", + "CERN-OHL-P-2.0": "CERN Open Hardware Licence Version 2 - Permissive", + "CERN-OHL-S-2.0": "CERN Open Hardware Licence Version 2 - Strongly Reciprocal", + "CERN-OHL-W-2.0": "CERN Open Hardware Licence Version 2 - Weakly Reciprocal", + "CFITSIO": "CFITSIO License", + "check-cvs": "check-cvs License", + "checkmk": "Checkmk License", + "ClArtistic": "Clarified Artistic License", + "Clips": "Clips License", + "CMU-Mach": "CMU Mach License", + "CMU-Mach-nodoc": "CMU Mach - no notices-in-documentation variant", + "CNRI-Jython": "CNRI Jython License", + "CNRI-Python": "CNRI Python License", + "CNRI-Python-GPL-Compatible": "CNRI Python Open Source GPL Compatible License Agreement", + "COIL-1.0": "Copyfree Open Innovation License", + "Community-Spec-1.0": "Community Specification License 1.0", + "Condor-1.1": "Condor Public License v1.1", + "copyleft-next-0.3.0": "copyleft-next 0.3.0", + "copyleft-next-0.3.1": "copyleft-next 0.3.1", + "Cornell-Lossless-JPEG": "Cornell Lossless JPEG License", + "CPAL-1.0": "Common Public Attribution License 1.0", + "CPL-1.0": "Common Public License 1.0", + "CPOL-1.02": "Code Project Open License 1.02", + "Cronyx": "Cronyx License", + "Crossword": "Crossword License", + "CryptoSwift": "CryptoSwift License", + "CrystalStacker": "CrystalStacker License", + "CUA-OPL-1.0": "CUA Office Public License v1.0", + "Cube": "Cube License", + "curl": "curl License", + "cve-tou": "Common Vulnerability Enumeration ToU License", + "D-FSL-1.0": "Deutsche Freie Software Lizenz", + "DEC-3-Clause": "DEC 3-Clause License", + "diffmark": "diffmark license", + "DL-DE-BY-2.0": "Data licence Germany \u2013 attribution \u2013 version 2.0", + "DL-DE-ZERO-2.0": "Data licence Germany \u2013 zero \u2013 version 2.0", + "DOC": "DOC License", + "DocBook-DTD": "DocBook DTD License", + "DocBook-Schema": "DocBook Schema License", + "DocBook-Stylesheet": "DocBook Stylesheet License", + "DocBook-XML": "DocBook XML License", + "Dotseqn": "Dotseqn License", + "DRL-1.0": "Detection Rule License 1.0", + "DRL-1.1": "Detection Rule License 1.1", + "DSDP": "DSDP License", + "dtoa": "David M. Gay dtoa License", + "dvipdfm": "dvipdfm License", + "ECL-1.0": "Educational Community License v1.0", + "ECL-2.0": "Educational Community License v2.0", + "eCos-2.0": "eCos license version 2.0", + "EFL-1.0": "Eiffel Forum License v1.0", + "EFL-2.0": "Eiffel Forum License v2.0", + "eGenix": "eGenix.com Public License 1.1.0", + "Elastic-2.0": "Elastic License 2.0", + "Entessa": "Entessa Public License v1.0", + "EPICS": "EPICS Open License", + "EPL-1.0": "Eclipse Public License 1.0", + "EPL-2.0": "Eclipse Public License 2.0", + "ErlPL-1.1": "Erlang Public License v1.1", + "ESA-PL-permissive-2.4": "European Space Agency Public License \u2013 v2.4 \u2013 Permissive (Type 3)", + "ESA-PL-strong-copyleft-2.4": "European Space Agency Public License (ESA-PL) - V2.4 - Strong Copyleft (Type 1)", + "ESA-PL-weak-copyleft-2.4": "European Space Agency Public License \u2013 v2.4 \u2013 Weak Copyleft (Type 2)", + "etalab-2.0": "Etalab Open License 2.0", + "EUDatagrid": "EU DataGrid Software License", + "EUPL-1.0": "European Union Public License 1.0", + "EUPL-1.1": "European Union Public License 1.1", + "EUPL-1.2": "European Union Public License 1.2", + "Eurosym": "Eurosym License", + "Fair": "Fair License", + "FBM": "Fuzzy Bitmap License", + "FDK-AAC": "Fraunhofer FDK AAC Codec Library", + "Ferguson-Twofish": "Ferguson Twofish License", + "Frameworx-1.0": "Frameworx Open License 1.0", + "FreeBSD-DOC": "FreeBSD Documentation License", + "FreeImage": "FreeImage Public License v1.0", + "FSFAP": "FSF All Permissive License", + "FSFAP-no-warranty-disclaimer": "FSF All Permissive License (without Warranty)", + "FSFUL": "FSF Unlimited License", + "FSFULLR": "FSF Unlimited License (with License Retention)", + "FSFULLRSD": "FSF Unlimited License (with License Retention and Short Disclaimer)", + "FSFULLRWD": "FSF Unlimited License (With License Retention and Warranty Disclaimer)", + "FSL-1.1-ALv2": "Functional Source License, Version 1.1, ALv2 Future License", + "FSL-1.1-MIT": "Functional Source License, Version 1.1, MIT Future License", + "FTL": "Freetype Project License", + "Furuseth": "Furuseth License", + "fwlw": "fwlw License", + "Game-Programming-Gems": "Game Programming Gems License", + "GCR-docs": "Gnome GCR Documentation License", + "GD": "GD License", + "generic-xts": "Generic XTS License", + "GFDL-1.1": "GNU Free Documentation License v1.1", + "GFDL-1.1-invariants-only": "GNU Free Documentation License v1.1 only - invariants", + "GFDL-1.1-invariants-or-later": "GNU Free Documentation License v1.1 or later - invariants", + "GFDL-1.1-no-invariants-only": "GNU Free Documentation License v1.1 only - no invariants", + "GFDL-1.1-no-invariants-or-later": "GNU Free Documentation License v1.1 or later - no invariants", + "GFDL-1.1-only": "GNU Free Documentation License v1.1 only", + "GFDL-1.1-or-later": "GNU Free Documentation License v1.1 or later", + "GFDL-1.2": "GNU Free Documentation License v1.2", + "GFDL-1.2-invariants-only": "GNU Free Documentation License v1.2 only - invariants", + "GFDL-1.2-invariants-or-later": "GNU Free Documentation License v1.2 or later - invariants", + "GFDL-1.2-no-invariants-only": "GNU Free Documentation License v1.2 only - no invariants", + "GFDL-1.2-no-invariants-or-later": "GNU Free Documentation License v1.2 or later - no invariants", + "GFDL-1.2-only": "GNU Free Documentation License v1.2 only", + "GFDL-1.2-or-later": "GNU Free Documentation License v1.2 or later", + "GFDL-1.3": "GNU Free Documentation License v1.3", + "GFDL-1.3-invariants-only": "GNU Free Documentation License v1.3 only - invariants", + "GFDL-1.3-invariants-or-later": "GNU Free Documentation License v1.3 or later - invariants", + "GFDL-1.3-no-invariants-only": "GNU Free Documentation License v1.3 only - no invariants", + "GFDL-1.3-no-invariants-or-later": "GNU Free Documentation License v1.3 or later - no invariants", + "GFDL-1.3-only": "GNU Free Documentation License v1.3 only", + "GFDL-1.3-or-later": "GNU Free Documentation License v1.3 or later", + "Giftware": "Giftware License", + "GL2PS": "GL2PS License", + "Glide": "3dfx Glide License", + "Glulxe": "Glulxe License", + "GLWTPL": "Good Luck With That Public License", + "gnuplot": "gnuplot License", + "GPL-1.0": "GNU General Public License v1.0 only", + "GPL-1.0+": "GNU General Public License v1.0 or later", + "GPL-1.0-only": "GNU General Public License v1.0 only", + "GPL-1.0-or-later": "GNU General Public License v1.0 or later", + "GPL-2.0": "GNU General Public License v2.0 only", + "GPL-2.0+": "GNU General Public License v2.0 or later", + "GPL-2.0-only": "GNU General Public License v2.0 only", + "GPL-2.0-or-later": "GNU General Public License v2.0 or later", + "GPL-2.0-with-autoconf-exception": "GNU General Public License v2.0 w\/Autoconf exception", + "GPL-2.0-with-bison-exception": "GNU General Public License v2.0 w\/Bison exception", + "GPL-2.0-with-classpath-exception": "GNU General Public License v2.0 w\/Classpath exception", + "GPL-2.0-with-font-exception": "GNU General Public License v2.0 w\/Font exception", + "GPL-2.0-with-GCC-exception": "GNU General Public License v2.0 w\/GCC Runtime Library exception", + "GPL-3.0": "GNU General Public License v3.0 only", + "GPL-3.0+": "GNU General Public License v3.0 or later", + "GPL-3.0-only": "GNU General Public License v3.0 only", + "GPL-3.0-or-later": "GNU General Public License v3.0 or later", + "GPL-3.0-with-autoconf-exception": "GNU General Public License v3.0 w\/Autoconf exception", + "GPL-3.0-with-GCC-exception": "GNU General Public License v3.0 w\/GCC Runtime Library exception", + "Graphics-Gems": "Graphics Gems License", + "gSOAP-1.3b": "gSOAP Public License v1.3b", + "gtkbook": "gtkbook License", + "Gutmann": "Gutmann License", + "HaskellReport": "Haskell Language Report License", + "HDF5": "HDF5 License", + "hdparm": "hdparm License", + "HIDAPI": "HIDAPI License", + "Hippocratic-2.1": "Hippocratic License 2.1", + "HP-1986": "Hewlett-Packard 1986 License", + "HP-1989": "Hewlett-Packard 1989 License", + "HPND": "Historical Permission Notice and Disclaimer", + "HPND-DEC": "Historical Permission Notice and Disclaimer - DEC variant", + "HPND-doc": "Historical Permission Notice and Disclaimer - documentation variant", + "HPND-doc-sell": "Historical Permission Notice and Disclaimer - documentation sell variant", + "HPND-export-US": "HPND with US Government export control warning", + "HPND-export-US-acknowledgement": "HPND with US Government export control warning and acknowledgment", + "HPND-export-US-modify": "HPND with US Government export control warning and modification rqmt", + "HPND-export2-US": "HPND with US Government export control and 2 disclaimers", + "HPND-Fenneberg-Livingston": "Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant", + "HPND-INRIA-IMAG": "Historical Permission Notice and Disclaimer - INRIA-IMAG variant", + "HPND-Intel": "Historical Permission Notice and Disclaimer - Intel variant", + "HPND-Kevlin-Henney": "Historical Permission Notice and Disclaimer - Kevlin Henney variant", + "HPND-Markus-Kuhn": "Historical Permission Notice and Disclaimer - Markus Kuhn variant", + "HPND-merchantability-variant": "Historical Permission Notice and Disclaimer - merchantability variant", + "HPND-MIT-disclaimer": "Historical Permission Notice and Disclaimer with MIT disclaimer", + "HPND-Netrek": "Historical Permission Notice and Disclaimer - Netrek variant", + "HPND-Pbmplus": "Historical Permission Notice and Disclaimer - Pbmplus variant", + "HPND-sell-MIT-disclaimer-xserver": "Historical Permission Notice and Disclaimer - sell xserver variant with MIT disclaimer", + "HPND-sell-regexpr": "Historical Permission Notice and Disclaimer - sell regexpr variant", + "HPND-sell-variant": "Historical Permission Notice and Disclaimer - sell variant", + "HPND-sell-variant-critical-systems": "HPND - sell variant with safety critical systems clause", + "HPND-sell-variant-MIT-disclaimer": "HPND sell variant with MIT disclaimer", + "HPND-sell-variant-MIT-disclaimer-rev": "HPND sell variant with MIT disclaimer - reverse", + "HPND-SMC": "Historical Permission Notice and Disclaimer - SMC variant", + "HPND-UC": "Historical Permission Notice and Disclaimer - University of California variant", + "HPND-UC-export-US": "Historical Permission Notice and Disclaimer - University of California, US export warning", + "HTMLTIDY": "HTML Tidy License", + "hyphen-bulgarian": "hyphen-bulgarian License", + "IBM-pibs": "IBM PowerPC Initialization and Boot Software", + "ICU": "ICU License", + "IEC-Code-Components-EULA": "IEC Code Components End-user licence agreement", + "IJG": "Independent JPEG Group License", + "IJG-short": "Independent JPEG Group License - short", + "ImageMagick": "ImageMagick License", + "iMatix": "iMatix Standard Function Library Agreement", + "Imlib2": "Imlib2 License", + "Info-ZIP": "Info-ZIP License", + "Inner-Net-2.0": "Inner Net License v2.0", + "InnoSetup": "Inno Setup License", + "Intel": "Intel Open Source License", + "Intel-ACPI": "Intel ACPI Software License Agreement", + "Interbase-1.0": "Interbase Public License v1.0", + "IPA": "IPA Font License", + "IPL-1.0": "IBM Public License v1.0", + "ISC": "ISC License", + "ISC-Veillard": "ISC Veillard variant", + "ISO-permission": "ISO permission notice", + "Jam": "Jam License", + "JasPer-2.0": "JasPer License", + "jove": "Jove License", + "JPL-image": "JPL Image Use Policy", + "JPNIC": "Japan Network Information Center License", + "JSON": "JSON License", + "Kastrup": "Kastrup License", + "Kazlib": "Kazlib License", + "Knuth-CTAN": "Knuth CTAN License", + "LAL-1.2": "Licence Art Libre 1.2", + "LAL-1.3": "Licence Art Libre 1.3", + "Latex2e": "Latex2e License", + "Latex2e-translated-notice": "Latex2e with translated notice permission", + "Leptonica": "Leptonica License", + "LGPL-2.0": "GNU Library General Public License v2 only", + "LGPL-2.0+": "GNU Library General Public License v2 or later", + "LGPL-2.0-only": "GNU Library General Public License v2 only", + "LGPL-2.0-or-later": "GNU Library General Public License v2 or later", + "LGPL-2.1": "GNU Lesser General Public License v2.1 only", + "LGPL-2.1+": "GNU Lesser General Public License v2.1 or later", + "LGPL-2.1-only": "GNU Lesser General Public License v2.1 only", + "LGPL-2.1-or-later": "GNU Lesser General Public License v2.1 or later", + "LGPL-3.0": "GNU Lesser General Public License v3.0 only", + "LGPL-3.0+": "GNU Lesser General Public License v3.0 or later", + "LGPL-3.0-only": "GNU Lesser General Public License v3.0 only", + "LGPL-3.0-or-later": "GNU Lesser General Public License v3.0 or later", + "LGPLLR": "Lesser General Public License For Linguistic Resources", + "Libpng": "libpng License", + "libpng-1.6.35": "PNG Reference Library License v1 (for libpng 0.5 through 1.6.35)", + "libpng-2.0": "PNG Reference Library version 2", + "libselinux-1.0": "libselinux public domain notice", + "libtiff": "libtiff License", + "libutil-David-Nugent": "libutil David Nugent License", + "LiLiQ-P-1.1": "Licence Libre du Qu\u00E9bec \u2013 Permissive version 1.1", + "LiLiQ-R-1.1": "Licence Libre du Qu\u00E9bec \u2013 R\u00E9ciprocit\u00E9 version 1.1", + "LiLiQ-Rplus-1.1": "Licence Libre du Qu\u00E9bec \u2013 R\u00E9ciprocit\u00E9 forte version 1.1", + "Linux-man-pages-1-para": "Linux man-pages - 1 paragraph", + "Linux-man-pages-copyleft": "Linux man-pages Copyleft", + "Linux-man-pages-copyleft-2-para": "Linux man-pages Copyleft - 2 paragraphs", + "Linux-man-pages-copyleft-var": "Linux man-pages Copyleft Variant", + "Linux-OpenIB": "Linux Kernel Variant of OpenIB.org license", + "LOOP": "Common Lisp LOOP License", + "LPD-document": "LPD Documentation License", + "LPL-1.0": "Lucent Public License Version 1.0", + "LPL-1.02": "Lucent Public License v1.02", + "LPPL-1.0": "LaTeX Project Public License v1.0", + "LPPL-1.1": "LaTeX Project Public License v1.1", + "LPPL-1.2": "LaTeX Project Public License v1.2", + "LPPL-1.3a": "LaTeX Project Public License v1.3a", + "LPPL-1.3c": "LaTeX Project Public License v1.3c", + "lsof": "lsof License", + "Lucida-Bitmap-Fonts": "Lucida Bitmap Fonts License", + "LZMA-SDK-9.11-to-9.20": "LZMA SDK License (versions 9.11 to 9.20)", + "LZMA-SDK-9.22": "LZMA SDK License (versions 9.22 and beyond)", + "Mackerras-3-Clause": "Mackerras 3-Clause License", + "Mackerras-3-Clause-acknowledgment": "Mackerras 3-Clause - acknowledgment variant", + "magaz": "magaz License", + "mailprio": "mailprio License", + "MakeIndex": "MakeIndex License", + "man2html": "man2html License", + "Martin-Birgmeier": "Martin Birgmeier License", + "McPhee-slideshow": "McPhee Slideshow License", + "metamail": "metamail License", + "Minpack": "Minpack License", + "MIPS": "MIPS License", + "MirOS": "The MirOS Licence", + "MIT": "MIT License", + "MIT-0": "MIT No Attribution", + "MIT-advertising": "Enlightenment License (e16)", + "MIT-Click": "MIT Click License", + "MIT-CMU": "CMU License", + "MIT-enna": "enna License", + "MIT-feh": "feh License", + "MIT-Festival": "MIT Festival Variant", + "MIT-Khronos-old": "MIT Khronos - old variant", + "MIT-Modern-Variant": "MIT License Modern Variant", + "MIT-open-group": "MIT Open Group variant", + "MIT-STK": "MIT-STK License", + "MIT-testregex": "MIT testregex Variant", + "MIT-Wu": "MIT Tom Wu Variant", + "MITNFA": "MIT +no-false-attribs license", + "MMIXware": "MMIXware License", + "MMPL-1.0.1": "Minecraft Mod Public License v1.0.1", + "Motosoto": "Motosoto License", + "MPEG-SSG": "MPEG Software Simulation", + "mpi-permissive": "mpi Permissive License", + "mpich2": "mpich2 License", + "MPL-1.0": "Mozilla Public License 1.0", + "MPL-1.1": "Mozilla Public License 1.1", + "MPL-2.0": "Mozilla Public License 2.0", + "MPL-2.0-no-copyleft-exception": "Mozilla Public License 2.0 (no copyleft exception)", + "mplus": "mplus Font License", + "MS-LPL": "Microsoft Limited Public License", + "MS-PL": "Microsoft Public License", + "MS-RL": "Microsoft Reciprocal License", + "MTLL": "Matrix Template Library License", + "MulanPSL-1.0": "Mulan Permissive Software License, Version 1", + "MulanPSL-2.0": "Mulan Permissive Software License, Version 2", + "Multics": "Multics License", + "Mup": "Mup License", + "NAIST-2003": "Nara Institute of Science and Technology License (2003)", + "NASA-1.3": "NASA Open Source Agreement 1.3", + "Naumen": "Naumen Public License", + "NBPL-1.0": "Net Boolean Public License v1", + "NCBI-PD": "NCBI Public Domain Notice", + "NCGL-UK-2.0": "Non-Commercial Government Licence", + "NCL": "NCL Source Code License", + "NCSA": "University of Illinois\/NCSA Open Source License", + "Net-SNMP": "Net-SNMP License", + "NetCDF": "NetCDF license", + "Newsletr": "Newsletr License", + "NGPL": "Nethack General Public License", + "ngrep": "ngrep License", + "NICTA-1.0": "NICTA Public Software License, Version 1.0", + "NIST-PD": "NIST Public Domain Notice", + "NIST-PD-fallback": "NIST Public Domain Notice with license fallback", + "NIST-PD-TNT": "NIST Public Domain Notice TNT variant", + "NIST-Software": "NIST Software License", + "NLOD-1.0": "Norwegian Licence for Open Government Data (NLOD) 1.0", + "NLOD-2.0": "Norwegian Licence for Open Government Data (NLOD) 2.0", + "NLPL": "No Limit Public License", + "Nokia": "Nokia Open Source License", + "NOSL": "Netizen Open Source License", + "Noweb": "Noweb License", + "NPL-1.0": "Netscape Public License v1.0", + "NPL-1.1": "Netscape Public License v1.1", + "NPOSL-3.0": "Non-Profit Open Software License 3.0", + "NRL": "NRL License", + "NTIA-PD": "NTIA Public Domain Notice", + "NTP": "NTP License", + "NTP-0": "NTP No Attribution", + "Nunit": "Nunit License", + "O-UDA-1.0": "Open Use of Data Agreement v1.0", + "OAR": "OAR License", + "OCCT-PL": "Open CASCADE Technology Public License", + "OCLC-2.0": "OCLC Research Public License 2.0", + "ODbL-1.0": "Open Data Commons Open Database License v1.0", + "ODC-By-1.0": "Open Data Commons Attribution License v1.0", + "OFFIS": "OFFIS License", + "OFL-1.0": "SIL Open Font License 1.0", + "OFL-1.0-no-RFN": "SIL Open Font License 1.0 with no Reserved Font Name", + "OFL-1.0-RFN": "SIL Open Font License 1.0 with Reserved Font Name", + "OFL-1.1": "SIL Open Font License 1.1", + "OFL-1.1-no-RFN": "SIL Open Font License 1.1 with no Reserved Font Name", + "OFL-1.1-RFN": "SIL Open Font License 1.1 with Reserved Font Name", + "OGC-1.0": "OGC Software License, Version 1.0", + "OGDL-Taiwan-1.0": "Taiwan Open Government Data License, version 1.0", + "OGL-Canada-2.0": "Open Government Licence - Canada", + "OGL-UK-1.0": "Open Government Licence v1.0", + "OGL-UK-2.0": "Open Government Licence v2.0", + "OGL-UK-3.0": "Open Government Licence v3.0", + "OGTSL": "Open Group Test Suite License", + "OLDAP-1.1": "Open LDAP Public License v1.1", + "OLDAP-1.2": "Open LDAP Public License v1.2", + "OLDAP-1.3": "Open LDAP Public License v1.3", + "OLDAP-1.4": "Open LDAP Public License v1.4", + "OLDAP-2.0": "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)", + "OLDAP-2.0.1": "Open LDAP Public License v2.0.1", + "OLDAP-2.1": "Open LDAP Public License v2.1", + "OLDAP-2.2": "Open LDAP Public License v2.2", + "OLDAP-2.2.1": "Open LDAP Public License v2.2.1", + "OLDAP-2.2.2": "Open LDAP Public License 2.2.2", + "OLDAP-2.3": "Open LDAP Public License v2.3", + "OLDAP-2.4": "Open LDAP Public License v2.4", + "OLDAP-2.5": "Open LDAP Public License v2.5", + "OLDAP-2.6": "Open LDAP Public License v2.6", + "OLDAP-2.7": "Open LDAP Public License v2.7", + "OLDAP-2.8": "Open LDAP Public License v2.8", + "OLFL-1.3": "Open Logistics Foundation License Version 1.3", + "OML": "Open Market License", + "OpenMDW-1.0": "OpenMDW License Agreement v1.0", + "OpenPBS-2.3": "OpenPBS v2.3 Software License", + "OpenSSL": "OpenSSL License", + "OpenSSL-standalone": "OpenSSL License - standalone", + "OpenVision": "OpenVision License", + "OPL-1.0": "Open Public License v1.0", + "OPL-UK-3.0": "United Kingdom Open Parliament Licence v3.0", + "OPUBL-1.0": "Open Publication License v1.0", + "OSC-1.0": "OSC License 1.0", + "OSET-PL-2.1": "OSET Public License version 2.1", + "OSL-1.0": "Open Software License 1.0", + "OSL-1.1": "Open Software License 1.1", + "OSL-2.0": "Open Software License 2.0", + "OSL-2.1": "Open Software License 2.1", + "OSL-3.0": "Open Software License 3.0", + "OSSP": "OSSP License", + "PADL": "PADL License", + "ParaType-Free-Font-1.3": "ParaType Free Font Licensing Agreement v1.3", + "Parity-6.0.0": "The Parity Public License 6.0.0", + "Parity-7.0.0": "The Parity Public License 7.0.0", + "PDDL-1.0": "Open Data Commons Public Domain Dedication & License 1.0", + "PHP-3.0": "PHP License v3.0", + "PHP-3.01": "PHP License v3.01", + "Pixar": "Pixar License", + "pkgconf": "pkgconf License", + "Plexus": "Plexus Classworlds License", + "pnmstitch": "pnmstitch License", + "PolyForm-Noncommercial-1.0.0": "PolyForm Noncommercial License 1.0.0", + "PolyForm-Small-Business-1.0.0": "PolyForm Small Business License 1.0.0", + "PostgreSQL": "PostgreSQL License", + "PPL": "Peer Production License", + "PSF-2.0": "Python Software Foundation License 2.0", + "psfrag": "psfrag License", + "psutils": "psutils License", + "Python-2.0": "Python License 2.0", + "Python-2.0.1": "Python License 2.0.1", + "python-ldap": "Python ldap License", + "Qhull": "Qhull License", + "QPL-1.0": "Q Public License 1.0", + "QPL-1.0-INRIA-2004": "Q Public License 1.0 - INRIA 2004 variant", + "radvd": "radvd License", + "Rdisc": "Rdisc License", + "RHeCos-1.1": "Red Hat eCos Public License v1.1", + "RPL-1.1": "Reciprocal Public License 1.1", + "RPL-1.5": "Reciprocal Public License 1.5", + "RPSL-1.0": "RealNetworks Public Source License v1.0", + "RSA-MD": "RSA Message-Digest License", + "RSCPL": "Ricoh Source Code Public License", + "Ruby": "Ruby License", + "Ruby-pty": "Ruby pty extension license", + "SAX-PD": "Sax Public Domain Notice", + "SAX-PD-2.0": "Sax Public Domain Notice 2.0", + "Saxpath": "Saxpath License", + "SCEA": "SCEA Shared Source License", + "SchemeReport": "Scheme Language Report License", + "Sendmail": "Sendmail License", + "Sendmail-8.23": "Sendmail License 8.23", + "Sendmail-Open-Source-1.1": "Sendmail Open Source License v1.1", + "SGI-B-1.0": "SGI Free Software License B v1.0", + "SGI-B-1.1": "SGI Free Software License B v1.1", + "SGI-B-2.0": "SGI Free Software License B v2.0", + "SGI-OpenGL": "SGI OpenGL License", + "SGMLUG-PM": "SGMLUG Parser Materials License", + "SGP4": "SGP4 Permission Notice", + "SHL-0.5": "Solderpad Hardware License v0.5", + "SHL-0.51": "Solderpad Hardware License, Version 0.51", + "SimPL-2.0": "Simple Public License 2.0", + "SISSL": "Sun Industry Standards Source License v1.1", + "SISSL-1.2": "Sun Industry Standards Source License v1.2", + "SL": "SL License", + "Sleepycat": "Sleepycat License", + "SMAIL-GPL": "SMAIL General Public License", + "SMLNJ": "Standard ML of New Jersey License", + "SMPPL": "Secure Messaging Protocol Public License", + "SNIA": "SNIA Public License 1.1", + "snprintf": "snprintf License", + "SOFA": "SOFA Software License", + "softSurfer": "softSurfer License", + "Soundex": "Soundex License", + "Spencer-86": "Spencer License 86", + "Spencer-94": "Spencer License 94", + "Spencer-99": "Spencer License 99", + "SPL-1.0": "Sun Public License v1.0", + "ssh-keyscan": "ssh-keyscan License", + "SSH-OpenSSH": "SSH OpenSSH license", + "SSH-short": "SSH short notice", + "SSLeay-standalone": "SSLeay License - standalone", + "SSPL-1.0": "Server Side Public License, v 1", + "StandardML-NJ": "Standard ML of New Jersey License", + "SugarCRM-1.1.3": "SugarCRM Public License v1.1.3", + "SUL-1.0": "Sustainable Use License v1.0", + "Sun-PPP": "Sun PPP License", + "Sun-PPP-2000": "Sun PPP License (2000)", + "SunPro": "SunPro License", + "SWL": "Scheme Widget Library (SWL) Software License Agreement", + "swrule": "swrule License", + "Symlinks": "Symlinks License", + "TAPR-OHL-1.0": "TAPR Open Hardware License v1.0", + "TCL": "TCL\/TK License", + "TCP-wrappers": "TCP Wrappers License", + "TekHVC": "TekHVC License", + "TermReadKey": "TermReadKey License", + "TGPPL-1.0": "Transitive Grace Period Public Licence 1.0", + "ThirdEye": "ThirdEye License", + "threeparttable": "threeparttable License", + "TMate": "TMate Open Source License", + "TORQUE-1.1": "TORQUE v2.5+ Software License v1.1", + "TOSL": "Trusster Open Source License", + "TPDL": "Time::ParseDate License", + "TPL-1.0": "THOR Public License 1.0", + "TrustedQSL": "TrustedQSL License", + "TTWL": "Text-Tabs+Wrap License", + "TTYP0": "TTYP0 License", + "TU-Berlin-1.0": "Technische Universitaet Berlin License 1.0", + "TU-Berlin-2.0": "Technische Universitaet Berlin License 2.0", + "Ubuntu-font-1.0": "Ubuntu Font Licence v1.0", + "UCAR": "UCAR License", + "UCL-1.0": "Upstream Compatibility License v1.0", + "ulem": "ulem License", + "UMich-Merit": "Michigan\/Merit Networks License", + "Unicode-3.0": "Unicode License v3", + "Unicode-DFS-2015": "Unicode License Agreement - Data Files and Software (2015)", + "Unicode-DFS-2016": "Unicode License Agreement - Data Files and Software (2016)", + "Unicode-TOU": "Unicode Terms of Use", + "UnixCrypt": "UnixCrypt License", + "Unlicense": "The Unlicense", + "Unlicense-libtelnet": "Unlicense - libtelnet variant", + "Unlicense-libwhirlpool": "Unlicense - libwhirlpool variant", + "UnRAR": "UnRAR License", + "UPL-1.0": "Universal Permissive License v1.0", + "URT-RLE": "Utah Raster Toolkit Run Length Encoded License", + "Vim": "Vim License", + "Vixie-Cron": "Vixie Cron License", + "VOSTROM": "VOSTROM Public License for Open Source", + "VSL-1.0": "Vovida Software License v1.0", + "W3C": "W3C Software Notice and License (2002-12-31)", + "W3C-19980720": "W3C Software Notice and License (1998-07-20)", + "W3C-20150513": "W3C Software Notice and Document License (2015-05-13)", + "w3m": "w3m License", + "Watcom-1.0": "Sybase Open Watcom Public License 1.0", + "Widget-Workshop": "Widget Workshop License", + "WordNet": "WordNet License", + "Wsuipa": "Wsuipa License", + "WTFNMFPL": "Do What The F*ck You Want To But It's Not My Fault Public License", + "WTFPL": "Do What The F*ck You Want To Public License", + "wwl": "WWL License", + "wxWindows": "wxWindows Library License", + "X11": "X11 License", + "X11-distribute-modifications-variant": "X11 License Distribution Modification Variant", + "X11-no-permit-persons": "X11 no permit persons clause", + "X11-swapped": "X11 swapped final paragraphs", + "Xdebug-1.03": "Xdebug License v 1.03", + "Xerox": "Xerox License", + "Xfig": "Xfig License", + "XFree86-1.1": "XFree86 License 1.1", + "xinetd": "xinetd License", + "xkeyboard-config-Zinoviev": "xkeyboard-config Zinoviev License", + "xlock": "xlock License", + "Xnet": "X.Net License", + "xpp": "XPP License", + "XSkat": "XSkat License", + "xzoom": "xzoom License", + "YPL-1.0": "Yahoo! Public License v1.0", + "YPL-1.1": "Yahoo! Public License v1.1", + "Zed": "Zed License", + "Zeeff": "Zeeff License", + "Zend-2.0": "Zend License v2.0", + "Zimbra-1.3": "Zimbra Public License v1.3", + "Zimbra-1.4": "Zimbra Public License v1.4", + "Zlib": "zlib License", + "zlib-acknowledgement": "zlib\/libpng License with Acknowledgement", + "ZPL-1.1": "Zope Public License 1.1", + "ZPL-2.0": "Zope Public License 2.0", + "ZPL-2.1": "Zope Public License 2.1", + "389-exception": "389 Directory Server Exception", + "Asterisk-exception": "Asterisk exception", + "Asterisk-linking-protocols-exception": "Asterisk linking protocols exception", + "Autoconf-exception-2.0": "Autoconf exception 2.0", + "Autoconf-exception-3.0": "Autoconf exception 3.0", + "Autoconf-exception-generic": "Autoconf generic exception", + "Autoconf-exception-generic-3.0": "Autoconf generic exception for GPL-3.0", + "Autoconf-exception-macro": "Autoconf macro exception", + "Bison-exception-1.24": "Bison exception 1.24", + "Bison-exception-2.2": "Bison exception 2.2", + "Bootloader-exception": "Bootloader Distribution Exception", + "CGAL-linking-exception": "CGAL Linking Exception", + "Classpath-exception-2.0": "Classpath exception 2.0", + "Classpath-exception-2.0-short": "Classpath exception 2.0 - short", + "CLISP-exception-2.0": "CLISP exception 2.0", + "cryptsetup-OpenSSL-exception": "cryptsetup OpenSSL exception", + "Digia-Qt-LGPL-exception-1.1": "Digia Qt LGPL Exception version 1.1", + "DigiRule-FOSS-exception": "DigiRule FOSS License Exception", + "eCos-exception-2.0": "eCos exception 2.0", + "erlang-otp-linking-exception": "Erlang\/OTP Linking Exception", + "Fawkes-Runtime-exception": "Fawkes Runtime Exception", + "FLTK-exception": "FLTK exception", + "fmt-exception": "fmt exception", + "Font-exception-2.0": "Font exception 2.0", + "freertos-exception-2.0": "FreeRTOS Exception 2.0", + "GCC-exception-2.0": "GCC Runtime Library exception 2.0", + "GCC-exception-2.0-note": "GCC Runtime Library exception 2.0 - note variant", + "GCC-exception-3.1": "GCC Runtime Library exception 3.1", + "Gmsh-exception": "Gmsh exception", + "GNAT-exception": "GNAT exception", + "GNOME-examples-exception": "GNOME examples exception", + "GNU-compiler-exception": "GNU Compiler Exception", + "gnu-javamail-exception": "GNU JavaMail exception", + "GPL-3.0-389-ds-base-exception": "GPL-3.0 389 DS Base Exception", + "GPL-3.0-interface-exception": "GPL-3.0 Interface Exception", + "GPL-3.0-linking-exception": "GPL-3.0 Linking Exception", + "GPL-3.0-linking-source-exception": "GPL-3.0 Linking Exception (with Corresponding Source)", + "GPL-CC-1.0": "GPL Cooperation Commitment 1.0", + "GStreamer-exception-2005": "GStreamer Exception (2005)", + "GStreamer-exception-2008": "GStreamer Exception (2008)", + "harbour-exception": "harbour exception", + "i2p-gpl-java-exception": "i2p GPL+Java Exception", + "Independent-modules-exception": "Independent Module Linking exception", + "KiCad-libraries-exception": "KiCad Libraries Exception", + "kvirc-openssl-exception": "kvirc OpenSSL Exception", + "LGPL-3.0-linking-exception": "LGPL-3.0 Linking Exception", + "libpri-OpenH323-exception": "libpri OpenH323 exception", + "Libtool-exception": "Libtool Exception", + "Linux-syscall-note": "Linux Syscall Note", + "LLGPL": "LLGPL Preamble", + "LLVM-exception": "LLVM Exception", + "LZMA-exception": "LZMA exception", + "mif-exception": "Macros and Inline Functions Exception", + "mxml-exception": "mxml Exception", + "Nokia-Qt-exception-1.1": "Nokia Qt LGPL exception 1.1", + "OCaml-LGPL-linking-exception": "OCaml LGPL Linking Exception", + "OCCT-exception-1.0": "Open CASCADE Exception 1.0", + "OpenJDK-assembly-exception-1.0": "OpenJDK Assembly exception 1.0", + "openvpn-openssl-exception": "OpenVPN OpenSSL Exception", + "PCRE2-exception": "PCRE2 exception", + "polyparse-exception": "Polyparse Exception", + "PS-or-PDF-font-exception-20170817": "PS\/PDF font exception (2017-08-17)", + "QPL-1.0-INRIA-2004-exception": "INRIA QPL 1.0 2004 variant exception", + "Qt-GPL-exception-1.0": "Qt GPL exception 1.0", + "Qt-LGPL-exception-1.1": "Qt LGPL exception 1.1", + "Qwt-exception-1.0": "Qwt exception 1.0", + "romic-exception": "Romic Exception", + "RRDtool-FLOSS-exception-2.0": "RRDtool FLOSS exception 2.0", + "rsync-linking-exception": "rsync Linking Exception", + "SANE-exception": "SANE Exception", + "SHL-2.0": "Solderpad Hardware License v2.0", + "SHL-2.1": "Solderpad Hardware License v2.1", + "Simple-Library-Usage-exception": "Simple Library Usage Exception", + "sqlitestudio-OpenSSL-exception": "sqlitestudio OpenSSL exception", + "stunnel-exception": "stunnel Exception", + "SWI-exception": "SWI exception", + "Swift-exception": "Swift Exception", + "Texinfo-exception": "Texinfo exception", + "u-boot-exception-2.0": "U-Boot exception 2.0", + "UBDL-exception": "Unmodified Binary Distribution exception", + "Universal-FOSS-exception-1.0": "Universal FOSS Exception, Version 1.0", + "vsftpd-openssl-exception": "vsftpd OpenSSL exception", + "WxWindows-exception-3.1": "WxWindows Library Exception 3.1", + "x11vnc-openssl-exception": "x11vnc OpenSSL Exception" + } } diff --git a/cyclonedx/schema/_res/spdx.SNAPSHOT.xsd b/cyclonedx/schema/_res/spdx.SNAPSHOT.xsd index 41a27b02d..e94c265bd 100644 --- a/cyclonedx/schema/_res/spdx.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/spdx.SNAPSHOT.xsd @@ -2,7 +2,7 @@ + version="1.0-3.28.0"> @@ -57,6 +57,11 @@ Amazon Digital Services License + + + Advanced Cryptics Dictionary License + + Academic Free License v1.1 @@ -122,6 +127,11 @@ Aladdin Free Public License + + + ALGLIB Documentation License + + AMD newlib License @@ -327,6 +337,11 @@ Boehm-Demers-Weiser GC License (without fee) + + + Buena Onda License Agreement v1.1 + + Borceux license @@ -457,6 +472,11 @@ BSD 3-Clause Sun Microsystems + + + BSD 3-Clause Tso variant + + BSD 4-Clause "Original" or "Old" License @@ -497,6 +517,11 @@ BSD-Inferno-Nettverk + + + BSD Mark Modifications License + + BSD Protection License @@ -527,6 +552,11 @@ Boost Software License 1.0 + + + Buddy License + + Business Source License 1.1 @@ -567,6 +597,11 @@ Caldera License (without preamble) + + + Common Attack Pattern Enumeration and Classification License + + Catharon License @@ -1212,6 +1247,21 @@ Erlang Public License v1.1 + + + European Space Agency Public License – v2.4 – Permissive (Type 3) + + + + + European Space Agency Public License (ESA-PL) - V2.4 - Strong Copyleft (Type 1) + + + + + European Space Agency Public License – v2.4 – Weak Copyleft (Type 2) + + Etalab Open License 2.0 @@ -1737,6 +1787,11 @@ Historical Permission Notice and Disclaimer - sell variant + + + HPND - sell variant with safety critical systems clause + + HPND sell variant with MIT disclaimer @@ -1747,6 +1802,11 @@ HPND sell variant with MIT disclaimer - reverse + + + Historical Permission Notice and Disclaimer - SMC variant + + Historical Permission Notice and Disclaimer - University of California variant @@ -1762,6 +1822,11 @@ HTML Tidy License + + + hyphen-bulgarian License + + IBM PowerPC Initialization and Boot Software @@ -1852,6 +1917,11 @@ ISC Veillard variant + + + ISO permission notice + + Jam License @@ -2237,6 +2307,11 @@ MIT Open Group variant + + + MIT-STK License + + MIT testregex Variant @@ -2257,6 +2332,11 @@ MMIXware License + + + Minecraft Mod Public License v1.0.1 + + Motosoto License @@ -2422,6 +2502,11 @@ NIST Public Domain Notice with license fallback + + + NIST Public Domain Notice TNT variant + + NIST Software License @@ -2687,6 +2772,11 @@ Open Market License + + + OpenMDW License Agreement v1.0 + + OpenPBS v2.3 Software License @@ -2722,6 +2812,11 @@ Open Publication License v1.0 + + + OSC License 1.0 + + OSET Public License version 2.1 @@ -2752,11 +2847,21 @@ Open Software License 3.0 + + + OSSP License + + PADL License + + + ParaType Free Font Licensing Agreement v1.3 + + The Parity Public License 6.0.0 @@ -2977,6 +3082,11 @@ SGI OpenGL License + + + SGMLUG Parser Materials License + + SGP4 Permission Notice @@ -3162,6 +3272,11 @@ TCP Wrappers License + + + TekHVC License + + TermReadKey License @@ -3297,6 +3412,11 @@ Unlicense - libwhirlpool variant + + + UnRAR License + + Universal Permissive License v1.0 @@ -3312,6 +3432,11 @@ Vim License + + + Vixie Cron License + + VOSTROM Public License for Open Source @@ -3352,11 +3477,21 @@ Widget Workshop License + + + WordNet License + + Wsuipa License + + + Do What The F*ck You Want To But It's Not My Fault Public License + + Do What The F*ck You Want To Public License @@ -3382,6 +3517,11 @@ X11 License Distribution Modification Variant + + + X11 no permit persons clause + + X11 swapped final paragraphs @@ -3568,6 +3708,11 @@ Classpath exception 2.0 + + + Classpath exception 2.0 - short + + CLISP exception 2.0 @@ -3718,6 +3863,11 @@ KiCad Libraries Exception + + + kvirc OpenSSL Exception + + LGPL-3.0 Linking Exception @@ -3833,6 +3983,11 @@ RRDtool FLOSS exception 2.0 + + + rsync Linking Exception + + SANE Exception @@ -3848,6 +4003,16 @@ Solderpad Hardware License v2.1 + + + Simple Library Usage Exception + + + + + sqlitestudio OpenSSL exception + + stunnel Exception diff --git a/docs/conf.py b/docs/conf.py index 31daedd81..ba082befa 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -23,7 +23,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '11.7.0' +release = '11.9.0' # -- General configuration --------------------------------------------------- diff --git a/docs/index.rst b/docs/index.rst index 729103101..74632d755 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -13,10 +13,10 @@ # SPDX-License-Identifier: Apache-2.0 CycloneDX’s Python Library documentation -==================================================== +======================================== -OWASP `CycloneDX`_ is a full-stack Bill of Materials (BOM) standard -that provides advanced supply chain capabilities for cyber risk reduction. +OWASP `CycloneDX`_ is a full‑stack Bill of Materials (BOM) and system‑transparency standard +that provides deep visibility into software, services, hardware, and AI components, enabling advanced supply‑chain security and cyber‑risk reduction. This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents. diff --git a/docs/requirements.txt b/docs/requirements.txt index 8cd9cd5f9..d58ad4980 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,4 @@ -m2r2>=0.3.2 +m2r2>=0.3.4 sphinx>=8,<9 sphinx-autoapi>=3,<4 sphinx-rtd-theme>=3,<4 diff --git a/pyproject.toml b/pyproject.toml index 52b5dfdc6..be66740b7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "11.7.0" +version = "11.9.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ", @@ -98,7 +98,7 @@ pep8-naming = "0.15.1" isort = "6.1.0" autopep8 = "2.3.2" mypy = "1.19.1" -tomli = { version = "2.3.0", python = "<3.11" } +tomli = { version = "2.4.1", python = "<3.11" } tox = "4.30.3" xmldiff = "2.7.0" bandit = "1.8.6" @@ -115,8 +115,7 @@ jsonschema = { version = "*", extras = ["format"], optional=true } logging_use_named_masks = true commit_parser = "conventional" commit_parser_options = { parse_squash_commits = true, ignore_merge_commits = true } -commit_author = "semantic-release " -commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release " +commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release" upload_to_vcs_release = true build_command = """ pip install poetry @@ -147,15 +146,15 @@ exclude_commit_patterns = [ match = "(main|master)" prerelease = false -[tool.semantic_release.branches."step"] -match = "(build|chore|ci|docs|feat|fix|perf|style|refactor|tests?)" -prerelease = true -prerelease_token = "alpha" - [tool.semantic_release.branches."major-dev"] match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)" prerelease = true prerelease_token = "rc" +[tool.semantic_release.branches.fallback] +match = ".*" +prerelease = true +prerelease_token = "alpha" + [tool.deptry] extend_exclude = ["docs", "examples", "package_aliases", "tools"] diff --git a/tests/_data/models.py b/tests/_data/models.py index 55a5cdb9a..8c6e89342 100644 --- a/tests/_data/models.py +++ b/tests/_data/models.py @@ -97,7 +97,13 @@ ImpactAnalysisState, ) from cyclonedx.model.issue import IssueClassification, IssueType, IssueTypeSource -from cyclonedx.model.license import DisjunctiveLicense, License, LicenseAcknowledgement, LicenseExpression +from cyclonedx.model.license import ( + DisjunctiveLicense, + License, + LicenseAcknowledgement, + LicenseExpression, + LicenseExpressionDetails, +) from cyclonedx.model.lifecycle import LifecyclePhase, NamedLifecycle, PredefinedLifecycle from cyclonedx.model.release_note import ReleaseNotes from cyclonedx.model.service import Service @@ -1061,6 +1067,15 @@ def get_vulnerability_source_owasp() -> VulnerabilitySource: def get_bom_with_licenses() -> Bom: + expression_details = [ + LicenseExpressionDetails(license_identifier='GPL-3.0-or-later', + url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.txt'), + text=AttachedText(content='specific GPL-3.0-or-later license text')), + LicenseExpressionDetails(license_identifier='GPL-2.0', + bom_ref='some-bomref-1234', + text=AttachedText(content='specific GPL-2.0 license text')), + ] + return _make_bom( metadata=BomMetaData( licenses=[DisjunctiveLicense(id='CC-BY-1.0')], @@ -1090,6 +1105,11 @@ def get_bom_with_licenses() -> Bom: DisjunctiveLicense(name='some other license', properties=[Property(name='myname', value='proprietary')]), ]), + Component(name='c-with-expression-details', type=ComponentType.LIBRARY, bom_ref='C5', + licenses=[LicenseExpression(value='GPL-3.0-or-later OR GPL-2.0', + details=expression_details, + acknowledgement=LicenseAcknowledgement.DECLARED + )]), ], services=[ Service(name='s-with-expression', bom_ref='S1', diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin index 89f5c8166..493a4f2e1 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin @@ -11,6 +11,11 @@ false + + c-with-expression-details + + false + c-with-license-properties diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin index 5519f41aa..4dad40232 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin @@ -18,6 +18,13 @@ Apache-2.0 OR MIT + + c-with-expression-details + + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin index e016afff5..395d9c7f9 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin @@ -25,6 +25,17 @@ "type": "library", "version": "" }, + { + "bom-ref": "C5", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library", + "version": "" + }, { "bom-ref": "C4", "licenses": [ @@ -83,6 +94,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin index 85a4054ed..79bb5d13a 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin @@ -30,6 +30,13 @@ Apache-2.0 OR MIT + + c-with-expression-details + + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties @@ -92,6 +99,7 @@ + diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin index 46c9b296d..29d462f47 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin @@ -25,6 +25,17 @@ "type": "library", "version": "" }, + { + "bom-ref": "C5", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library", + "version": "" + }, { "bom-ref": "C4", "licenses": [ @@ -83,6 +94,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin index 5a5ab04d0..700731256 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin @@ -35,6 +35,13 @@ Apache-2.0 OR MIT + + c-with-expression-details + + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties @@ -97,6 +104,7 @@ + diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin index c084a6934..15e7590d6 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin @@ -23,6 +23,16 @@ "name": "c-with-expression", "type": "library" }, + { + "bom-ref": "C5", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library" + }, { "bom-ref": "C4", "licenses": [ @@ -79,6 +89,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin index 7a3131097..35c8a991d 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin @@ -32,6 +32,12 @@ Apache-2.0 OR MIT + + c-with-expression-details + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties @@ -92,6 +98,7 @@ + diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin index b4d897131..c9d8f6dca 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin @@ -23,6 +23,16 @@ "name": "c-with-expression", "type": "library" }, + { + "bom-ref": "C5", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library" + }, { "bom-ref": "C4", "licenses": [ @@ -95,6 +105,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin index 4cb534ccc..56f1b96e0 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin @@ -32,6 +32,12 @@ Apache-2.0 OR MIT + + c-with-expression-details + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties @@ -99,6 +105,7 @@ + diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin index e626d7bbb..c53e33543 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin @@ -25,6 +25,17 @@ "name": "c-with-expression", "type": "library" }, + { + "bom-ref": "C5", + "licenses": [ + { + "acknowledgement": "declared", + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library" + }, { "bom-ref": "C4", "licenses": [ @@ -97,6 +108,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin index 527a1ce3a..2c513c611 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin @@ -32,6 +32,12 @@ Apache-2.0 OR MIT + + c-with-expression-details + + GPL-3.0-or-later OR GPL-2.0 + + c-with-license-properties @@ -99,6 +105,7 @@ + diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.7.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.7.json.bin index 4f5e710ab..7a24d9850 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.7.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.7.json.bin @@ -25,6 +25,35 @@ "name": "c-with-expression", "type": "library" }, + { + "bom-ref": "C5", + "licenses": [ + { + "acknowledgement": "declared", + "expressionDetails": [ + { + "bom-ref": "some-bomref-1234", + "licenseIdentifier": "GPL-2.0", + "text": { + "content": "specific GPL-2.0 license text", + "contentType": "text/plain" + } + }, + { + "licenseIdentifier": "GPL-3.0-or-later", + "text": { + "content": "specific GPL-3.0-or-later license text", + "contentType": "text/plain" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + ], + "expression": "GPL-3.0-or-later OR GPL-2.0" + } + ], + "name": "c-with-expression-details", + "type": "library" + }, { "bom-ref": "C4", "licenses": [ @@ -97,6 +126,9 @@ { "ref": "C4" }, + { + "ref": "C5" + }, { "ref": "S1" }, diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.7.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.7.xml.bin index 8b28e1972..c5687615a 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.7.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.7.xml.bin @@ -32,6 +32,20 @@ Apache-2.0 OR MIT + + c-with-expression-details + + +
+ specific GPL-2.0 license text +
+
+ specific GPL-3.0-or-later license text + https://www.apache.org/licenses/LICENSE-2.0.txt +
+ + + c-with-license-properties @@ -99,6 +113,7 @@ + diff --git a/tests/test_model_license.py b/tests/test_model_license.py index a21b8741e..3ea2b1e38 100644 --- a/tests/test_model_license.py +++ b/tests/test_model_license.py @@ -22,7 +22,7 @@ from cyclonedx.exception.model import MutuallyExclusivePropertiesException from cyclonedx.model import AttachedText, Property, XsUri -from cyclonedx.model.license import DisjunctiveLicense, LicenseExpression +from cyclonedx.model.license import DisjunctiveLicense, LicenseExpression, LicenseExpressionDetails from tests import reorder @@ -105,12 +105,29 @@ def test_create(self) -> None: license = LicenseExpression('foo') self.assertEqual('foo', license.value) + def test_create_with_expression_details(self) -> None: + details = [ + LicenseExpressionDetails('qux'), + LicenseExpressionDetails('baz') + ] + b = LicenseExpression('bar', details=details) + self.assertListEqual(sorted(details), list(b.details)) + def test_update(self) -> None: license = LicenseExpression('foo') self.assertEqual('foo', license.value) license.value = 'bar' self.assertEqual('bar', license.value) + def test_update_expression_details(self) -> None: + details = [ + LicenseExpressionDetails('qux'), + LicenseExpressionDetails('baz') + ] + b = LicenseExpression('bar', details=[details[0]]) + b.details.add(details[1]) + self.assertListEqual(sorted(details), list(b.details)) + def test_equal(self) -> None: a = LicenseExpression('foo') b = LicenseExpression('foo') @@ -119,6 +136,16 @@ def test_equal(self) -> None: self.assertNotEqual(a, c) self.assertNotEqual(a, 'foo') + def test_equal_with_expression_details(self) -> None: + a = LicenseExpression('foo') + b = LicenseExpression('foo') + c = LicenseExpression('bar') + d = LicenseExpression('bar', details=[LicenseExpressionDetails('baz')]) + self.assertEqual(a, b) + self.assertNotEqual(a, c) + self.assertNotEqual(a, 'foo') + self.assertNotEqual(c, d) + class TestModelLicense(TestCase): @@ -133,3 +160,25 @@ def test_sort_mixed(self) -> None: shuffle(licenses) sorted_licenses = sorted(licenses) self.assertListEqual(sorted_licenses, expected_licenses) + + +class TestModelLicenseExpressionDetails(TestCase): + def test_equal(self) -> None: + a = LicenseExpressionDetails(license_identifier='MIT') + b = LicenseExpressionDetails(license_identifier='MIT') + c = LicenseExpressionDetails(license_identifier='MIT', text=AttachedText(content='some text')) + self.assertEqual(a, b) + self.assertNotEqual(a, c) + + def test_sort(self) -> None: + expected_order = [0, 3, 2, 1] + details = [ + LicenseExpressionDetails(license_identifier='Apache-2.0'), + LicenseExpressionDetails(license_identifier='MIT'), + LicenseExpressionDetails(license_identifier='MIT'), + LicenseExpressionDetails(license_identifier='GPL-3.0'), + ] + expected_details = reorder(details, expected_order) + shuffle(details) + sorted_details = sorted(details) + self.assertListEqual(sorted_details, expected_details) diff --git a/tools/run_pyupgrade.py b/tools/run_pyupgrade.py new file mode 100755 index 000000000..e040c5071 --- /dev/null +++ b/tools/run_pyupgrade.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python3 + +# This file is part of CycloneDX Python Library +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. + +import subprocess # nosec - subprocess is used to run pyupgrade and not part of published library +import sys +from pathlib import Path + +HELP = f""" +Wrapper around pyupgrade to perform a lookup of all *.py/*.pyi files in passed directories +and pass them to pyupgrade in a single invocation. + +Usage: {sys.argv[0]} [pyupgrade-args ...] -- +""" + +if '--' not in sys.argv: + print(HELP, file=sys.stderr) + sys.exit(1) + +sep = sys.argv.index('--') +pyupgrade_args = sys.argv[1:sep] +directories = sys.argv[sep + 1:] + +if not directories: + print('Error: at least one directory must be specified after --', '\n', HELP, file=sys.stderr) + sys.exit(2) + +files = sorted({ + str(file) + for directory in directories + for pattern in ['*.py', '*.pyi'] + for file in Path(directory).rglob(pattern) +}) + +result = subprocess.run( # nosec - shell=False is used to prevent injection, all arg passed as a list + [sys.executable, '-m', 'pyupgrade', *pyupgrade_args, *files], + shell=False # w/o shell all args are passed directly to the process without the need for quotes or escaping +) +sys.exit(result.returncode) diff --git a/tools/schema-downloader.py b/tools/schema-downloader.py index 30b7ecd54..b852a1eb9 100755 --- a/tools/schema-downloader.py +++ b/tools/schema-downloader.py @@ -21,7 +21,7 @@ from os.path import dirname, join, realpath from urllib.request import urlretrieve -SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/tags/1.7/schema/' +SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/tags/1.7.1/schema/' SOURCE_ROOT_LATEST = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/heads/master/schema/' TARGET_ROOT = realpath(join(dirname(__file__), '..', 'cyclonedx', 'schema', '_res')) diff --git a/tox.ini b/tox.ini index af228b75a..8afcf3aa0 100644 --- a/tox.ini +++ b/tox.ini @@ -52,10 +52,8 @@ commands = poetry run deptry -v . [testenv:pyupgrade] -allowlist_externals = poetry, sh -commands = sh -c "\ - find cyclonedx typings tests tools examples -type f \( -name '*.py' -or -name '*.pyi' \) -print0 \ - | xargs -0 poetry run pyupgrade --py39-plus {posargs} " +# first -- stops command parsing by poetry run, the second -- splits pyupgrade args from args for glob patterns +commands = poetry run -- python tools/run_pyupgrade.py --py39-plus {posargs} -- cyclonedx typings tests tools examples [testenv:isort] commands = poetry run isort .