diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py index e44f32c8..2947c745 100644 --- a/cyclonedx/model/vulnerability.py +++ b/cyclonedx/model/vulnerability.py @@ -27,7 +27,7 @@ from sortedcontainers import SortedSet from ..exception.model import MutuallyExclusivePropertiesException, NoPropertiesProvidedException -from . import ComparableTuple, OrganizationalContact, OrganizationalEntity, Tool, XsUri +from . import ComparableTuple, OrganizationalContact, OrganizationalEntity, Property, Tool, XsUri from .bom_ref import BomRef from .impact_analysis import ( ImpactAnalysisAffectedStatus, @@ -788,6 +788,7 @@ def __init__(self, *, bom_ref: Optional[str] = None, id: Optional[str] = None, credits: Optional[VulnerabilityCredits] = None, tools: Optional[Iterable[Tool]] = None, analysis: Optional[VulnerabilityAnalysis] = None, affects_targets: Optional[Iterable[BomTarget]] = None, + properties: Optional[Iterable[Property]] = None, # Deprecated Parameters kept for backwards compatibility source_name: Optional[str] = None, source_url: Optional[str] = None, recommendations: Optional[Iterable[str]] = None) -> None: @@ -808,6 +809,7 @@ def __init__(self, *, bom_ref: Optional[str] = None, id: Optional[str] = None, self.tools = tools or [] # type: ignore self.analysis = analysis self.affects = affects_targets or [] # type: ignore + self.properties = properties or [] # type: ignore if source_name or source_url: warnings.warn('`source_name` and `source_url` are deprecated - use `source`', DeprecationWarning) @@ -1062,6 +1064,21 @@ def affects(self) -> "SortedSet[BomTarget]": def affects(self, affects_targets: Iterable[BomTarget]) -> None: self._affects = SortedSet(affects_targets) + @property + def properties(self) -> "SortedSet[Property]": + """ + Provides the ability to document properties in a key/value store. This provides flexibility to include data not + officially supported in the standard without having to use additional namespaces or create extensions. + + Return: + Set of `Property` + """ + return self._properties + + @properties.setter + def properties(self, properties: Iterable[Property]) -> None: + self._properties = SortedSet(properties) + def __eq__(self, other: object) -> bool: if isinstance(other, Vulnerability): return hash(other) == hash(self) @@ -1079,7 +1096,7 @@ def __hash__(self) -> int: return hash(( self.id, self.source, tuple(self.references), tuple(self.ratings), tuple(self.cwes), self.description, self.detail, self.recommendation, tuple(self.advisories), self.created, self.published, self.updated, - self.credits, tuple(self.tools), self.analysis, tuple(self.affects) + self.credits, tuple(self.tools), self.analysis, tuple(self.affects), tuple(self.properties) )) def __repr__(self) -> str: diff --git a/cyclonedx/output/xml.py b/cyclonedx/output/xml.py index 8253d7d3..d297b143 100644 --- a/cyclonedx/output/xml.py +++ b/cyclonedx/output/xml.py @@ -688,6 +688,10 @@ def _get_vulnerability_as_xml_element_post_1_4(self, vulnerability: Vulnerabilit for version in target.versions: Xml._add_bom_target_version_range(parent_element=v_target_versions_element, version=version) + # properties + if vulnerability.properties: + Xml._add_properties_element(properties=vulnerability.properties, parent_element=vulnerability_element) + return vulnerability_element @staticmethod diff --git a/cyclonedx/schema/bom-1.4.xsd b/cyclonedx/schema/bom-1.4.xsd index 592ceb1e..9cf8af24 100644 --- a/cyclonedx/schema/bom-1.4.xsd +++ b/cyclonedx/schema/bom-1.4.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.4" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.4.1"> + version="1.4.2"> @@ -2014,6 +2014,16 @@ limitations under the License. + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + diff --git a/cyclonedx/schema/spdx.schema.json b/cyclonedx/schema/spdx.schema.json index 049708a4..26013fa6 100644 --- a/cyclonedx/schema/spdx.schema.json +++ b/cyclonedx/schema/spdx.schema.json @@ -1,491 +1,538 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", - "$comment": "v1.0-3.10", + "$comment": "v1.0-3.17", "type": "string", "enum": [ - "0BSD", - "AAL", + "CC-BY-NC-ND-2.0", + "SGI-B-2.0", + "LPPL-1.3c", + "NIST-PD-fallback", + "libtiff", + "XSkat", + "PDDL-1.0", + "KiCad-libraries-exception", + "CC-BY-NC-SA-1.0", + "GFDL-1.1-no-invariants-only", + "Xerox", + "LPPL-1.1", + "VOSTROM", + "UCL-1.0", "ADSL", + "OSL-2.0", + "AAL", + "FDK-AAC", + "W3C-20150513", "AFL-1.1", - "AFL-1.2", - "AFL-2.0", - "AFL-2.1", - "AFL-3.0", - "AGPL-1.0", - "AGPL-1.0-only", + "W3C", + "Sleepycat", + "CECILL-1.1", + "mpich2", + "SISSL", + "NLOD-1.0", + "ANTLR-PD", + "GPL-3.0-only", + "gnuplot", + "NLOD-2.0", + "BSD-3-Clause-Open-MPI", + "LiLiQ-P-1.1", + "BSD-3-Clause-Clear", + "FSFUL", + "CC-BY-NC-SA-2.0-UK", + "CERN-OHL-S-2.0", + "Spencer-94", + "CERN-OHL-1.2", + "GFDL-1.1-or-later", "AGPL-1.0-or-later", - "AGPL-3.0", - "AGPL-3.0-only", - "AGPL-3.0-or-later", - "AMDPLPA", + "Wsuipa", "AML", - "AMPAS", - "ANTLR-PD", - "APAFML", - "APL-1.0", - "APSL-1.0", - "APSL-1.1", - "APSL-1.2", - "APSL-2.0", - "Abstyles", - "Adobe-2006", - "Adobe-Glyph", - "Afmparse", - "Aladdin", - "Apache-1.0", - "Apache-1.1", - "Apache-2.0", - "Artistic-1.0", - "Artistic-1.0-Perl", - "Artistic-1.0-cl8", - "Artistic-2.0", - "BSD-1-Clause", "BSD-2-Clause", - "BSD-2-Clause-FreeBSD", - "BSD-2-Clause-NetBSD", - "BSD-2-Clause-Patent", - "BSD-2-Clause-Views", - "BSD-3-Clause", - "BSD-3-Clause-Attribution", - "BSD-3-Clause-Clear", - "BSD-3-Clause-LBNL", - "BSD-3-Clause-No-Nuclear-License", - "BSD-3-Clause-No-Nuclear-License-2014", - "BSD-3-Clause-No-Nuclear-Warranty", - "BSD-3-Clause-Open-MPI", - "BSD-4-Clause", - "BSD-4-Clause-UC", - "BSD-Protection", - "BSD-Source-Code", - "BSL-1.0", - "Bahyph", - "Barr", - "Beerware", - "BitTorrent-1.0", - "BitTorrent-1.1", - "BlueOak-1.0.0", - "Borceux", - "CAL-1.0", - "CAL-1.0-Combined-Work-Exception", - "CATOSL-1.1", - "CC-BY-1.0", - "CC-BY-2.0", + "DSDP", "CC-BY-2.5", - "CC-BY-3.0", - "CC-BY-3.0-AT", - "CC-BY-4.0", - "CC-BY-NC-1.0", - "CC-BY-NC-2.0", - "CC-BY-NC-2.5", - "CC-BY-NC-3.0", - "CC-BY-NC-4.0", - "CC-BY-NC-ND-1.0", - "CC-BY-NC-ND-2.0", - "CC-BY-NC-ND-2.5", - "CC-BY-NC-ND-3.0", - "CC-BY-NC-ND-3.0-IGO", - "CC-BY-NC-ND-4.0", - "CC-BY-NC-SA-1.0", - "CC-BY-NC-SA-2.0", - "CC-BY-NC-SA-2.5", - "CC-BY-NC-SA-3.0", - "CC-BY-NC-SA-4.0", - "CC-BY-ND-1.0", - "CC-BY-ND-2.0", - "CC-BY-ND-2.5", - "CC-BY-ND-3.0", - "CC-BY-ND-4.0", - "CC-BY-SA-1.0", - "CC-BY-SA-2.0", - "CC-BY-SA-2.5", - "CC-BY-SA-3.0", - "CC-BY-SA-3.0-AT", - "CC-BY-SA-4.0", - "CC-PDDC", - "CC0-1.0", - "CDDL-1.0", - "CDDL-1.1", - "CDLA-Permissive-1.0", - "CDLA-Sharing-1.0", - "CECILL-1.0", - "CECILL-1.1", - "CECILL-2.0", - "CECILL-2.1", - "CECILL-B", - "CECILL-C", - "CERN-OHL-1.1", - "CERN-OHL-1.2", - "CERN-OHL-P-2.0", - "CERN-OHL-S-2.0", - "CERN-OHL-W-2.0", + "MIT-CMU", + "Beerware", + "Sendmail", + "TU-Berlin-1.0", "CNRI-Jython", - "CNRI-Python", - "CNRI-Python-GPL-Compatible", - "CPAL-1.0", - "CPL-1.0", + "mplus", "CPOL-1.02", - "CUA-OPL-1.0", - "Caldera", - "ClArtistic", - "Condor-1.1", - "Crossword", - "CrystalStacker", - "Cube", - "D-FSL-1.0", - "DOC", - "DSDP", - "Dotseqn", - "ECL-1.0", - "ECL-2.0", - "EFL-1.0", - "EFL-2.0", - "EPICS", - "EPL-1.0", - "EPL-2.0", - "EUDatagrid", - "EUPL-1.0", - "EUPL-1.1", - "EUPL-1.2", - "Entessa", - "ErlPL-1.1", + "BSD-3-Clause-No-Nuclear-License-2014", + "ISC", + "CC-BY-SA-4.0", "Eurosym", - "FSFAP", - "FSFUL", - "FSFULLR", - "FTL", - "Fair", - "Frameworx-1.0", - "FreeImage", - "GFDL-1.1", - "GFDL-1.1-invariants-only", + "LGPL-3.0-only", + "OLDAP-1.3", "GFDL-1.1-invariants-or-later", - "GFDL-1.1-no-invariants-only", - "GFDL-1.1-no-invariants-or-later", - "GFDL-1.1-only", - "GFDL-1.1-or-later", - "GFDL-1.2", - "GFDL-1.2-invariants-only", - "GFDL-1.2-invariants-or-later", - "GFDL-1.2-no-invariants-only", + "Glulxe", + "SimPL-2.0", + "CDLA-Permissive-2.0", + "GPL-2.0-with-font-exception", + "OGL-UK-2.0", + "CC-BY-SA-3.0-DE", + "CC-BY-ND-1.0", + "GFDL-1.1", + "CC-BY-4.0", + "OpenSSL", + "TU-Berlin-2.0", + "DOC", "GFDL-1.2-no-invariants-or-later", - "GFDL-1.2-only", + "QPL-1.0", + "OLDAP-2.8", + "OML", + "OLDAP-2.7", + "NIST-PD", + "Bitstream-Vera", "GFDL-1.2-or-later", + "OFL-1.1-RFN", + "Bahyph", + "Barr", + "COIL-1.0", "GFDL-1.3", - "GFDL-1.3-invariants-only", - "GFDL-1.3-invariants-or-later", - "GFDL-1.3-no-invariants-only", - "GFDL-1.3-no-invariants-or-later", - "GFDL-1.3-only", - "GFDL-1.3-or-later", - "GL2PS", - "GLWTPL", - "GPL-1.0", - "GPL-1.0+", - "GPL-1.0-only", - "GPL-1.0-or-later", - "GPL-2.0", - "GPL-2.0+", - "GPL-2.0-only", - "GPL-2.0-or-later", - "GPL-2.0-with-GCC-exception", - "GPL-2.0-with-autoconf-exception", - "GPL-2.0-with-bison-exception", - "GPL-2.0-with-classpath-exception", - "GPL-2.0-with-font-exception", - "GPL-3.0", - "GPL-3.0+", - "GPL-3.0-only", - "GPL-3.0-or-later", - "GPL-3.0-with-GCC-exception", - "GPL-3.0-with-autoconf-exception", - "Giftware", - "Glide", - "Glulxe", - "HPND", - "HPND-sell-variant", - "HaskellReport", - "Hippocratic-2.1", - "IBM-pibs", + "CECILL-B", + "JPNIC", + "Zed", "ICU", - "IJG", - "IPA", - "IPL-1.0", - "ISC", + "CC-BY-NC-SA-2.5", + "CC-BY-ND-3.0-DE", + "bzip2-1.0.5", + "SPL-1.0", + "YPL-1.0", + "OSET-PL-2.1", + "Noweb", + "RPSL-1.0", + "BSD-3-Clause-LBNL", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "AMPAS", + "APAFML", + "CC-BY-ND-3.0", + "D-FSL-1.0", + "CC-BY-NC-3.0", + "libpng-2.0", + "PolyForm-Noncommercial-1.0.0", + "dvipdfm", + "GFDL-1.3-or-later", + "OGTSL", + "NPL-1.1", + "GPL-3.0", + "CERN-OHL-P-2.0", + "BlueOak-1.0.0", + "AGPL-3.0-or-later", + "blessing", "ImageMagick", - "Imlib2", - "Info-ZIP", - "Intel", - "Intel-ACPI", - "Interbase-1.0", - "JPNIC", - "JSON", - "JasPer-2.0", - "LAL-1.2", - "LAL-1.3", + "APSL-2.0", + "MIT-advertising", + "curl", + "CC0-1.0", + "Zimbra-1.4", + "SSPL-1.0", + "psutils", + "CC-BY-SA-2.0-UK", + "PSF-2.0", + "Net-SNMP", + "NAIST-2003", + "GFDL-1.2-invariants-or-later", + "SGI-B-1.0", + "NBPL-1.0", + "GFDL-1.2-invariants-only", + "W3C-19980720", + "OFL-1.0-no-RFN", + "NetCDF", + "TMate", + "NOSL", + "CNRI-Python-GPL-Compatible", + "BSD-1-Clause", + "CC-BY-NC-SA-3.0-DE", + "BSD-3-Clause-Modification", + "GLWTPL", + "GFDL-1.3-only", + "OLDAP-2.2", + "CC-BY-ND-4.0", + "CC-BY-NC-ND-3.0-DE", + "EUPL-1.0", + "Linux-OpenIB", + "LGPL-2.0-or-later", + "OSL-1.1", + "Spencer-86", "LGPL-2.0", + "CC-PDDC", + "CC-BY-NC-ND-3.0", + "CDL-1.0", + "Elastic-2.0", + "CC-BY-2.0", + "BSD-3-Clause-No-Military-License", + "IJG", + "LPPL-1.3a", + "SAX-PD", + "BitTorrent-1.0", + "OLDAP-2.0", + "Giftware", + "C-UDA-1.0", "LGPL-2.0+", - "LGPL-2.0-only", - "LGPL-2.0-or-later", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1-only", - "LGPL-2.1-or-later", - "LGPL-3.0", - "LGPL-3.0+", - "LGPL-3.0-only", + "Rdisc", + "GPL-2.0-with-classpath-exception", + "CC-BY-3.0-US", + "CDDL-1.0", + "Xnet", + "CPL-1.0", "LGPL-3.0-or-later", - "LGPLLR", - "LPL-1.0", - "LPL-1.02", - "LPPL-1.0", - "LPPL-1.1", - "LPPL-1.2", - "LPPL-1.3a", - "LPPL-1.3c", - "Latex2e", - "Leptonica", - "LiLiQ-P-1.1", - "LiLiQ-R-1.1", - "LiLiQ-Rplus-1.1", - "Libpng", - "Linux-OpenIB", - "MIT", - "MIT-0", - "MIT-CMU", - "MIT-advertising", + "NASA-1.3", + "BUSL-1.1", + "etalab-2.0", + "MIT-open-group", + "OLDAP-1.4", + "GFDL-1.1-invariants-only", + "RPL-1.1", + "CC-BY-NC-ND-2.5", + "FSFULLR", + "Saxpath", + "NTP-0", + "SISSL-1.2", + "GPL-3.0-or-later", + "Apache-1.1", + "CC-BY-SA-2.1-JP", + "AGPL-3.0-only", + "GPL-2.0-with-autoconf-exception", + "Artistic-2.0", + "App-s2p", + "Unicode-DFS-2015", + "diffmark", + "SNIA", + "CC-BY-SA-2.5", + "Linux-man-pages-copyleft", + "HPND-sell-variant", + "ZPL-2.1", + "BSD-4-Clause-UC", + "LAL-1.2", + "AGPL-1.0-only", "MIT-enna", - "MIT-feh", - "MITNFA", - "MPL-1.0", - "MPL-1.1", - "MPL-2.0", + "Condor-1.1", + "Naumen", + "GFDL-1.3-no-invariants-or-later", + "RPL-1.5", + "PolyForm-Small-Business-1.0.0", + "EFL-1.0", + "MirOS", + "CC-BY-2.5-AU", + "Afmparse", "MPL-2.0-no-copyleft-exception", - "MS-PL", - "MS-RL", - "MTLL", + "LiLiQ-Rplus-1.1", + "AFL-1.2", + "OSL-1.0", + "GPL-1.0-only", + "APSL-1.0", + "OGL-Canada-2.0", + "CPAL-1.0", + "Latex2e", + "Zend-2.0", + "Unlicense", + "xpp", + "CC-BY-NC-1.0", + "GPL-3.0-with-autoconf-exception", + "CC-BY-NC-SA-3.0", + "TCP-wrappers", + "SCEA", + "SSH-short", + "CC-BY-3.0-NL", + "SchemeReport", + "CC-BY-3.0", + "MPL-2.0", + "Unicode-TOU", + "CC-BY-NC-ND-1.0", + "Entessa", + "BSD-3-Clause-No-Nuclear-License", + "SWL", + "GFDL-1.2-no-invariants-only", + "Parity-7.0.0", + "OLDAP-2.2.1", + "SGI-B-1.1", + "FTL", + "OLDAP-2.4", + "CC-BY-NC-4.0", + "bzip2-1.0.6", + "copyleft-next-0.3.0", "MakeIndex", - "MirOS", - "Motosoto", - "MulanPSL-1.0", - "MulanPSL-2.0", - "Multics", - "Mup", - "NASA-1.3", - "NBPL-1.0", + "NRL", + "GFDL-1.3-invariants-or-later", + "CC-BY-NC-2.0", + "SugarCRM-1.1.3", + "AFL-2.1", + "GPL-2.0-only", + "GFDL-1.3-invariants-only", + "TORQUE-1.1", + "Ruby", + "X11", + "Borceux", + "Libpng", + "X11-distribute-modifications-variant", + "Frameworx-1.0", "NCGL-UK-2.0", + "CECILL-2.1", + "CC-BY-3.0-AT", + "CNRI-Python", "NCSA", - "NGPL", - "NIST-PD", - "NIST-PD-fallback", - "NLOD-1.0", - "NLPL", - "NOSL", - "NPL-1.0", - "NPL-1.1", - "NPOSL-3.0", - "NRL", - "NTP", - "NTP-0", - "Naumen", - "Net-SNMP", - "NetCDF", + "gSOAP-1.3b", + "EUPL-1.1", + "AMDPLPA", + "Imlib2", + "CDDL-1.1", + "WTFPL", + "LPL-1.0", + "EPL-1.0", + "BSD-3-Clause-Attribution", + "OSL-3.0", + "RHeCos-1.1", + "PHP-3.0", + "BSD-Protection", + "CC-BY-NC-3.0-DE", + "APL-1.0", + "EUDatagrid", + "GPL-1.0", + "SHL-0.5", + "CC-BY-SA-2.0", + "CC-BY-SA-3.0-AT", + "CC-BY-NC-SA-3.0-IGO", + "Adobe-2006", "Newsletr", - "Nokia", - "Noweb", "Nunit", - "O-UDA-1.0", - "OCCT-PL", - "OCLC-2.0", - "ODC-By-1.0", - "ODbL-1.0", - "OFL-1.0", - "OFL-1.0-RFN", - "OFL-1.0-no-RFN", - "OFL-1.1", - "OFL-1.1-RFN", - "OFL-1.1-no-RFN", - "OGC-1.0", - "OGL-Canada-2.0", + "Multics", "OGL-UK-1.0", - "OGL-UK-2.0", - "OGL-UK-3.0", - "OGTSL", - "OLDAP-1.1", - "OLDAP-1.2", - "OLDAP-1.3", - "OLDAP-1.4", - "OLDAP-2.0", - "OLDAP-2.0.1", - "OLDAP-2.1", - "OLDAP-2.2", - "OLDAP-2.2.1", - "OLDAP-2.2.2", - "OLDAP-2.3", - "OLDAP-2.4", - "OLDAP-2.5", + "Vim", + "eCos-2.0", + "Zimbra-1.3", + "eGenix", + "IBM-pibs", + "BitTorrent-1.1", + "OFL-1.1-no-RFN", + "psfrag", + "CC-BY-ND-2.0", + "SHL-0.51", + "FreeBSD-DOC", + "Python-2.0", + "Mup", + "BSD-4-Clause-Shortened", + "CC-BY-NC-SA-4.0", + "HPND", "OLDAP-2.6", - "OLDAP-2.7", - "OLDAP-2.8", - "OML", - "OPL-1.0", - "OSET-PL-2.1", - "OSL-1.0", - "OSL-1.1", - "OSL-2.0", - "OSL-2.1", - "OSL-3.0", - "OpenSSL", - "PDDL-1.0", - "PHP-3.0", + "MPL-1.1", + "GPL-2.0-with-GCC-exception", + "HaskellReport", + "ECL-1.0", + "LGPL-2.1-or-later", + "OFL-1.0", + "APSL-1.1", + "MITNFA", + "CECILL-2.0", + "Crossword", + "Aladdin", + "Baekmuk", + "XFree86-1.1", + "GPL-1.0-or-later", + "CERN-OHL-W-2.0", + "CC-BY-SA-1.0", + "NTP", "PHP-3.01", - "PSF-2.0", - "Parity-6.0.0", - "Parity-7.0.0", - "Plexus", - "PolyForm-Noncommercial-1.0.0", - "PolyForm-Small-Business-1.0.0", - "PostgreSQL", - "Python-2.0", - "QPL-1.0", - "Qhull", - "RHeCos-1.1", - "RPL-1.1", - "RPL-1.5", - "RPSL-1.0", + "OCLC-2.0", + "CC-BY-3.0-DE", + "CC-BY-NC-2.5", + "Zlib", + "CATOSL-1.1", + "LGPL-3.0+", + "CAL-1.0", + "NPL-1.0", + "SMLNJ", + "GPL-2.0+", + "OLDAP-2.5", + "JasPer-2.0", + "GPL-2.0-or-later", + "BSD-2-Clause-Patent", + "MS-RL", + "CUA-OPL-1.0", + "IPA", + "NLPL", + "O-UDA-1.0", + "MIT-Modern-Variant", + "OLDAP-1.2", + "BSD-2-Clause-FreeBSD", + "Info-ZIP", + "CC-BY-NC-SA-2.0-FR", + "0BSD", + "Unicode-DFS-2016", + "OFL-1.0-RFN", + "Intel", + "AFL-2.0", + "GL2PS", + "TAPR-OHL-1.0", + "Apache-1.0", + "MTLL", + "Motosoto", "RSA-MD", + "Community-Spec-1.0", + "ODC-By-1.0", + "zlib-acknowledgement", + "DL-DE-BY-2.0", + "VSL-1.0", + "LiLiQ-R-1.1", + "OPL-1.0", + "GPL-3.0+", + "MulanPSL-2.0", + "APSL-1.2", + "OGDL-Taiwan-1.0", "RSCPL", - "Rdisc", - "Ruby", - "SAX-PD", - "SCEA", - "SGI-B-1.0", - "SGI-B-1.1", - "SGI-B-2.0", - "SHL-0.5", - "SHL-0.51", - "SISSL", - "SISSL-1.2", - "SMLNJ", - "SMPPL", - "SNIA", - "SPL-1.0", - "SSH-OpenSSH", - "SSH-short", - "SSPL-1.0", - "SWL", - "Saxpath", - "Sendmail", + "OGC-1.0", + "EFL-2.0", + "CAL-1.0-Combined-Work-Exception", + "MS-PL", + "Plexus", "Sendmail-8.23", - "SimPL-2.0", - "Sleepycat", - "Spencer-86", - "Spencer-94", - "Spencer-99", - "StandardML-NJ", - "SugarCRM-1.1.3", - "TAPR-OHL-1.0", - "TCL", - "TCP-wrappers", - "TMate", - "TORQUE-1.1", - "TOSL", - "TU-Berlin-1.0", - "TU-Berlin-2.0", - "UCL-1.0", - "UPL-1.0", - "Unicode-DFS-2015", - "Unicode-DFS-2016", - "Unicode-TOU", - "Unlicense", - "VOSTROM", - "VSL-1.0", - "Vim", - "W3C", - "W3C-19980720", - "W3C-20150513", - "WTFPL", + "Cube", + "JSON", + "EUPL-1.2", + "Adobe-Glyph", + "FreeImage", "Watcom-1.0", - "Wsuipa", - "X11", - "XFree86-1.1", - "XSkat", - "Xerox", - "Xnet", - "YPL-1.0", - "YPL-1.1", + "Jam", + "Hippocratic-2.1", + "OLDAP-2.0.1", + "CC-BY-NC-SA-2.0", + "Nokia", + "OCCT-PL", + "ErlPL-1.1", + "TOSL", + "OSL-2.1", + "ClArtistic", + "xinetd", + "GPL-3.0-with-GCC-exception", + "ODbL-1.0", + "MIT", + "LGPL-2.1+", + "LGPL-2.1-only", + "CrystalStacker", + "ECL-2.0", + "LPPL-1.0", + "iMatix", + "CC-BY-NC-ND-3.0-IGO", + "BSD-Source-Code", + "Parity-6.0.0", + "TCL", + "Arphic-1999", + "CC-BY-SA-3.0", + "Caldera", + "AGPL-1.0", + "IPL-1.0", + "LAL-1.3", + "EPICS", + "NGPL", + "DRL-1.0", + "BSD-2-Clause-NetBSD", "ZPL-1.1", + "GD", + "LPPL-1.2", + "Dotseqn", + "Spencer-99", + "OLDAP-2.3", + "YPL-1.1", + "Fair", + "Qhull", + "GFDL-1.1-no-invariants-or-later", + "CECILL-C", + "MulanPSL-1.0", + "OLDAP-1.1", + "OLDAP-2.1", + "LPL-1.02", + "UPL-1.0", + "Abstyles", "ZPL-2.0", - "ZPL-2.1", - "Zed", - "Zend-2.0", - "Zimbra-1.3", - "Zimbra-1.4", - "Zlib", - "blessing", - "bzip2-1.0.5", - "bzip2-1.0.6", - "copyleft-next-0.3.0", - "copyleft-next-0.3.1", - "curl", - "diffmark", - "dvipdfm", - "eCos-2.0", - "eGenix", - "etalab-2.0", - "gSOAP-1.3b", - "gnuplot", - "iMatix", - "libpng-2.0", + "MIT-0", + "LGPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "AGPL-3.0", + "EPL-2.0", + "AFL-3.0", + "CDLA-Permissive-1.0", + "Artistic-1.0", + "CC-BY-NC-ND-4.0", + "HTMLTIDY", + "Glide", + "FSFAP", + "LGPLLR", + "OGL-UK-3.0", + "GFDL-1.2", + "SSH-OpenSSH", + "GFDL-1.1-only", + "MIT-feh", + "MPL-1.0", + "PostgreSQL", + "OLDAP-2.2.2", + "SMPPL", + "OFL-1.1", + "Leptonica", + "CERN-OHL-1.1", + "BSD-3-Clause-No-Nuclear-Warranty", + "CC-BY-ND-2.5", + "CC-BY-1.0", + "GFDL-1.2-only", + "OPUBL-1.0", "libselinux-1.0", - "libtiff", - "mpich2", - "psfrag", - "psutils", + "BSD-3-Clause", + "ANTLR-PD-fallback", + "copyleft-next-0.3.1", + "GPL-1.0+", "wxWindows", - "xinetd", - "xpp", - "zlib-acknowledgement", - "GCC-exception-2.0", - "openvpn-openssl-exception", - "Nokia-Qt-exception-1.1", - "GPL-3.0-linking-exception", - "Fawkes-Runtime-exception", - "u-boot-exception-2.0", + "LGPL-3.0", + "LGPL-2.1", + "StandardML-NJ", + "BSD-4-Clause", + "GPL-2.0-with-bison-exception", + "Apache-2.0", + "Artistic-1.0-cl8", + "GPL-2.0", + "Intel-ACPI", + "BSL-1.0", + "Artistic-1.0-Perl", + "BSD-2-Clause-Views", + "Interbase-1.0", + "NPOSL-3.0", + "FLTK-exception", + "Bootloader-exception", + "WxWindows-exception-3.1", + "Linux-syscall-note", + "Qt-LGPL-exception-1.1", + "LLVM-exception", "PS-or-PDF-font-exception-20170817", - "gnu-javamail-exception", + "GCC-exception-3.1", + "Autoconf-exception-3.0", "LGPL-3.0-linking-exception", - "DigiRule-FOSS-exception", - "LLVM-exception", - "Linux-syscall-note", - "GPL-3.0-linking-source-exception", - "Qwt-exception-1.0", - "389-exception", - "mif-exception", - "eCos-exception-2.0", - "CLISP-exception-2.0", + "GCC-exception-2.0", "Bison-exception-2.2", + "openvpn-openssl-exception", "Libtool-exception", - "LZMA-exception", - "OpenJDK-assembly-exception-1.0", - "Font-exception-2.0", - "OCaml-LGPL-linking-exception", - "GCC-exception-3.1", - "Bootloader-exception", - "SHL-2.0", - "Classpath-exception-2.0", - "Swift-exception", "Autoconf-exception-2.0", - "FLTK-exception", - "freertos-exception-2.0", + "GPL-3.0-linking-source-exception", + "GPL-CC-1.0", + "OCaml-LGPL-linking-exception", "Universal-FOSS-exception-1.0", - "WxWindows-exception-3.1", - "OCCT-exception-1.0", - "Autoconf-exception-3.0", "i2p-gpl-java-exception", - "GPL-CC-1.0", - "Qt-LGPL-exception-1.1", + "CLISP-exception-2.0", + "OCCT-exception-1.0", + "Qwt-exception-1.0", + "gnu-javamail-exception", + "u-boot-exception-2.0", + "freertos-exception-2.0", + "Qt-GPL-exception-1.0", + "OpenJDK-assembly-exception-1.0", "SHL-2.1", - "Qt-GPL-exception-1.0" + "mif-exception", + "Fawkes-Runtime-exception", + "Swift-exception", + "GPL-3.0-linking-exception", + "SHL-2.0", + "Classpath-exception-2.0", + "LZMA-exception", + "Font-exception-2.0", + "Nokia-Qt-exception-1.1", + "DigiRule-FOSS-exception", + "eCos-exception-2.0", + "389-exception" ] -} +} \ No newline at end of file diff --git a/cyclonedx/schema/spdx.xsd b/cyclonedx/schema/spdx.xsd index b45e2de0..4fb43642 100644 --- a/cyclonedx/schema/spdx.xsd +++ b/cyclonedx/schema/spdx.xsd @@ -2,2049 +2,2059 @@ + version="1.0-3.17"> - + - Academic Free License v2.0 + Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic - + - Attribution Assurance License + SGI Free Software License B v2.0 - + - Adobe Systems Incorporated Source Code License Agreement + LaTeX Project Public License v1.3c - + - Academic Free License v3.0 + NIST Public Domain Notice with license fallback - + - Amazon Digital Services License + libtiff License - + - BSD Zero Clause License + XSkat License - + - Afmparse License + Open Data Commons Public Domain Dedication & License 1.0 - + - Academic Free License v1.2 + KiCad Libraries Exception - + - Affero General Public License v1.0 or later + Creative Commons Attribution Non Commercial Share Alike 1.0 Generic - + - Academic Free License v2.1 + GNU Free Documentation License v1.1 only - no invariants - + - Academic Free License v1.1 + Xerox License - + - Affero General Public License v1.0 + LaTeX Project Public License v1.1 - + - Adobe Glyph List License + VOSTROM Public License for Open Source - + - AMD's plpa_map.c License + Upstream Compatibility License v1.0 - + - Aladdin Free Public License + Amazon Digital Services License - + - ANTLR Software Rights Notice + Open Software License 2.0 - + - Apple MIT License + Attribution Assurance License - + - Apache License 1.0 + Fraunhofer FDK AAC Codec Library - + - ANTLR Software Rights Notice with license fallback + W3C Software Notice and Document License (2015-05-13) - + - Abstyles License + Academic Free License v1.1 - + - Affero General Public License v1.0 only + W3C Software Notice and License (2002-12-31) - + - Adobe Postscript AFM License + Sleepycat License - + - Apple Public Source License 1.0 + CeCILL Free Software License Agreement v1.1 - + - Apple Public Source License 1.1 + mpich2 License - + - Apple Public Source License 2.0 + Sun Industry Standards Source License v1.1 - + - GNU Affero General Public License v3.0 only + Norwegian Licence for Open Government Data (NLOD) 1.0 - + - Apache License 1.1 + ANTLR Software Rights Notice - + - Apache License 2.0 + GNU General Public License v3.0 only - + - Adaptive Public License 1.0 + gnuplot License - + - Bahyph License + Norwegian Licence for Open Government Data (NLOD) 2.0 - + - Artistic License 1.0 + BSD 3-Clause Open MPI variant - + - Academy of Motion Picture Arts and Sciences BSD + Licence Libre du Québec – Permissive version 1.1 - + - Barr License + BSD 3-Clause Clear License - + - GNU Affero General Public License v3.0 or later + FSF Unlimited License - + - Blue Oak Model License 1.0.0 + Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales - + - Beerware License + CERN Open Hardware Licence Version 2 - Strongly Reciprocal - + - Artistic License 1.0 w/clause 8 + Spencer License 94 - + - SQLite Blessing + CERN Open Hardware Licence v1.2 - + - Borceux license + GNU Free Documentation License v1.1 or later - + - BSD 2-Clause NetBSD License + Affero General Public License v1.0 or later - + - BSD 1-Clause License + Wsuipa License - + - BSD-2-Clause Plus Patent License + Apple MIT License - + - BitTorrent Open Source License v1.0 + BSD 2-Clause "Simplified" License - + - BSD 2-Clause FreeBSD License + DSDP License - + - BSD with attribution + Creative Commons Attribution 2.5 Generic - + - BSD 2-Clause "Simplified" License + CMU License - + - Apple Public Source License 1.2 + Beerware License - + - Lawrence Berkeley National Labs BSD variant license + Sendmail License - + - Artistic License 2.0 + Technische Universitaet Berlin License 1.0 - + - BSD 3-Clause No Nuclear License 2014 + CNRI Jython License - + - BSD 3-Clause Modification + mplus Font License - + - BSD 4 Clause Shortened + Code Project Open License 1.02 - + - BSD 3-Clause "New" or "Revised" License + BSD 3-Clause No Nuclear License 2014 - + - BSD 3-Clause Open MPI variant + ISC License - + - BitTorrent Open Source License v1.1 + Creative Commons Attribution Share Alike 4.0 International - + - BSD 3-Clause No Nuclear Warranty + Eurosym License - + - BSD Source Code Attribution + GNU Lesser General Public License v3.0 only - + - BSD Protection License + Open LDAP Public License v1.3 - + - GNU Affero General Public License v3.0 + GNU Free Documentation License v1.1 or later - invariants - + - Business Source License 1.1 + Glulxe License - + - Artistic License 1.0 (Perl) + Simple Public License 2.0 - + - Boost Software License 1.0 + Community Data License Agreement Permissive 2.0 - + - BSD 2-Clause with views sentence + GNU General Public License v2.0 w/Font exception - + - Cryptographic Autonomy License 1.0 (Combined Work Exception) + Open Government Licence v2.0 - + - Computer Associates Trusted Open Source License 1.1 + Creative Commons Attribution Share Alike 3.0 Germany - + - bzip2 and libbzip2 License v1.0.5 + Creative Commons Attribution No Derivatives 1.0 Generic - + - bzip2 and libbzip2 License v1.0.6 + GNU Free Documentation License v1.1 - + - Creative Commons Attribution 2.5 Generic + Creative Commons Attribution 4.0 International - + - Creative Commons Attribution 3.0 Austria + OpenSSL License - + - Computational Use of Data Agreement v1.0 + Technische Universitaet Berlin License 2.0 - + - Creative Commons Attribution 3.0 United States + DOC License - + - Creative Commons Attribution 1.0 Generic + GNU Free Documentation License v1.2 or later - no invariants - + - Creative Commons Attribution Non Commercial 1.0 Generic + Q Public License 1.0 - + - Creative Commons Attribution Non Commercial 2.0 Generic + Open LDAP Public License v2.8 - + - Creative Commons Attribution Non Commercial 2.5 Generic + Open Market License - + - Creative Commons Attribution 2.0 Generic + Open LDAP Public License v2.7 - + - Creative Commons Attribution Non Commercial 4.0 International + NIST Public Domain Notice - + - Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic + Bitstream Vera Font License - + - Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic + GNU Free Documentation License v1.2 or later - + - Creative Commons Attribution Non Commercial 3.0 Unported + SIL Open Font License 1.1 with Reserved Font Name - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO + Bahyph License - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported + Barr License - + - BSD 3-Clause No Nuclear License + Copyfree Open Innovation License - + - Creative Commons Attribution Non Commercial No Derivatives 4.0 International + GNU Free Documentation License v1.3 - + - Creative Commons Attribution Non Commercial Share Alike 2.0 Generic + CeCILL-B Free Software License Agreement - + - Creative Commons Attribution Non Commercial Share Alike 2.5 Generic + Japan Network Information Center License - + - Creative Commons Attribution Non Commercial Share Alike 3.0 Unported + Zed License - + - Creative Commons Attribution Non Commercial Share Alike 4.0 International + ICU License - + - Creative Commons Attribution No Derivatives 1.0 Generic + Creative Commons Attribution Non Commercial Share Alike 2.5 Generic - + - BSD 3-Clause Clear License + Creative Commons Attribution No Derivatives 3.0 Germany - + - Creative Commons Attribution No Derivatives 2.5 Generic + bzip2 and libbzip2 License v1.0.5 - + - Creative Commons Attribution No Derivatives 3.0 Unported + Sun Public License v1.0 - + - Creative Commons Attribution No Derivatives 4.0 International + Yahoo! Public License v1.0 - + - Creative Commons Attribution Share Alike 1.0 Generic + OSET Public License version 2.1 - + - Creative Commons Attribution Share Alike 2.0 England and Wales + Noweb License - + - Creative Commons Attribution Share Alike 2.0 Generic + RealNetworks Public Source License v1.0 - + - Creative Commons Attribution Share Alike 2.1 Japan + Lawrence Berkeley National Labs BSD variant license - + - Creative Commons Attribution No Derivatives 2.0 Generic + Community Data License Agreement Sharing 1.0 - + - Creative Commons Attribution-Share Alike 3.0 Austria + CeCILL Free Software License Agreement v1.0 - + - Creative Commons Attribution Share Alike 3.0 Unported + Academy of Motion Picture Arts and Sciences BSD - + - Creative Commons Attribution Share Alike 4.0 International + Adobe Postscript AFM License - + - Creative Commons Attribution Share Alike 2.5 Generic + Creative Commons Attribution No Derivatives 3.0 Unported - + - Creative Commons Attribution 3.0 Unported + Deutsche Freie Software Lizenz - + - Common Development and Distribution License 1.0 + Creative Commons Attribution Non Commercial 3.0 Unported - + - Creative Commons Zero v1.0 Universal + PNG Reference Library version 2 - + - Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic + PolyForm Noncommercial License 1.0.0 - + - Creative Commons Attribution Non Commercial Share Alike 1.0 Generic + dvipdfm License - + - Caldera License + GNU Free Documentation License v1.3 or later - + - Community Data License Agreement Permissive 1.0 + Open Group Test Suite License - + - Creative Commons Attribution 4.0 International + Netscape Public License v1.1 - + - Creative Commons Public Domain Dedication and Certification + GNU General Public License v3.0 only - + - BSD-4-Clause (University of California-Specific) + CERN Open Hardware Licence Version 2 - Permissive - + - BSD 4-Clause "Original" or "Old" License + Blue Oak Model License 1.0.0 - + - Cryptographic Autonomy License 1.0 + GNU Affero General Public License v3.0 or later - + - Common Development and Distribution License 1.1 + SQLite Blessing - + - CERN Open Hardware Licence v1.2 + ImageMagick License - + - CERN Open Hardware Licence v1.1 + Apple Public Source License 2.0 - + - CERN Open Hardware Licence Version 2 - Permissive + Enlightenment License (e16) - + - CERN Open Hardware Licence Version 2 - Strongly Reciprocal + curl License - + - CeCILL Free Software License Agreement v1.1 + Creative Commons Zero v1.0 Universal - + - CeCILL Free Software License Agreement v2.0 + Zimbra Public License v1.4 - + - CeCILL Free Software License Agreement v1.0 + Server Side Public License, v 1 - + - CNRI Python License + psutils License - + - CNRI Python Open Source GPL Compatible License Agreement + Creative Commons Attribution Share Alike 2.0 England and Wales - + - copyleft-next 0.3.0 + Python Software Foundation License 2.0 - + - Common Public Attribution License 1.0 + Net-SNMP License - + - copyleft-next 0.3.1 + Nara Institute of Science and Technology License (2003) - + - Common Public License 1.0 + GNU Free Documentation License v1.2 or later - invariants - + - Clarified Artistic License + SGI Free Software License B v1.0 - + - CeCILL-C Free Software License Agreement + Net Boolean Public License v1 - + - CNRI Jython License + GNU Free Documentation License v1.2 only - invariants - + - Condor Public License v1.1 + W3C Software Notice and License (1998-07-20) - + - Code Project Open License 1.02 + SIL Open Font License 1.0 with no Reserved Font Name - + - curl License + NetCDF license - + - diffmark license + TMate Open Source License - + - Crossword License + Netizen Open Source License - + - Dotseqn License + CNRI Python Open Source GPL Compatible License Agreement - + - DOC License + BSD 1-Clause License - + - DSDP License + Creative Commons Attribution Non Commercial Share Alike 3.0 Germany - + - Detection Rule License 1.0 + BSD 3-Clause Modification - + - Educational Community License v1.0 + Good Luck With That Public License - + - Educational Community License v2.0 + GNU Free Documentation License v1.3 only - + - eCos license version 2.0 + Open LDAP Public License v2.2 - + - CrystalStacker License + Creative Commons Attribution No Derivatives 4.0 International - + - CERN Open Hardware Licence Version 2 - Weakly Reciprocal + Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany - + - Deutsche Freie Software Lizenz + European Union Public License 1.0 - + - eGenix.com Public License 1.1.0 + Linux Kernel Variant of OpenIB.org license - + - EPICS Open License + GNU Library General Public License v2 or later - + - Entessa Public License v1.0 + Open Software License 1.1 - + - Eclipse Public License 1.0 + Spencer License 86 - + - Eiffel Forum License v2.0 + GNU Library General Public License v2 only - + - CUA Office Public License v1.0 + Creative Commons Public Domain Dedication and Certification - + - Etalab Open License 2.0 + Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported - + - European Union Public License 1.0 + Common Documentation License 1.0 - + - Erlang Public License v1.1 + Elastic License 2.0 - + - EU DataGrid Software License + Creative Commons Attribution 2.0 Generic - + - European Union Public License 1.1 + BSD 3-Clause No Military License - + - Cube License + Independent JPEG Group License - + - dvipdfm License + LaTeX Project Public License v1.3a - + - FreeBSD Documentation License + Sax Public Domain Notice - + - Eurosym License + BitTorrent Open Source License v1.0 - + - FSF All Permissive License + Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) - + - FreeImage Public License v1.0 + Giftware License - + - FSF Unlimited License (with License Retention) + Computational Use of Data Agreement v1.0 - + - FSF Unlimited License + GNU Library General Public License v2 or later - + - GD License + Rdisc License - + - GNU Free Documentation License v1.1 only - invariants + GNU General Public License v2.0 w/Classpath exception - + - European Union Public License 1.2 + Creative Commons Attribution 3.0 United States - + - Eclipse Public License 2.0 + Common Development and Distribution License 1.0 - + - GNU Free Documentation License v1.1 or later - no invariants + X.Net License - + - GNU Free Documentation License v1.1 only + Common Public License 1.0 - + - GNU Free Documentation License v1.1 or later + GNU Lesser General Public License v3.0 or later - + - GNU Free Documentation License v1.1 + NASA Open Source Agreement 1.3 - + - Freetype Project License + Business Source License 1.1 - + - GNU Free Documentation License v1.2 or later - invariants + Etalab Open License 2.0 - + - GNU Free Documentation License v1.1 or later - invariants + MIT Open Group variant - + - GNU Free Documentation License v1.2 only - invariants + Open LDAP Public License v1.4 - + - GNU Free Documentation License v1.2 only + GNU Free Documentation License v1.1 only - invariants - + - GNU Free Documentation License v1.2 or later + Reciprocal Public License 1.1 - + - GNU Free Documentation License v1.2 + Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic - + - GNU Free Documentation License v1.2 only - no invariants + FSF Unlimited License (with License Retention) - + - GNU Free Documentation License v1.3 only - invariants + Saxpath License - + - GNU Free Documentation License v1.3 only - no invariants + NTP No Attribution - + - GNU Free Documentation License v1.3 or later - invariants + Sun Industry Standards Source License v1.2 - + - GNU Free Documentation License v1.2 or later - no invariants + GNU General Public License v3.0 or later - + - Fair License + Apache License 1.1 - + - Frameworx Open License 1.0 + Creative Commons Attribution Share Alike 2.1 Japan - + - Giftware License + GNU Affero General Public License v3.0 only - + - GNU Free Documentation License v1.1 only - no invariants + GNU General Public License v2.0 w/Autoconf exception - + - GL2PS License + Artistic License 2.0 - + - Glulxe License + App::s2p License - + - 3dfx Glide License + Unicode License Agreement - Data Files and Software (2015) - + - gnuplot License + diffmark license - + - Good Luck With That Public License + SNIA Public License 1.1 - + - GNU General Public License v1.0 only + Creative Commons Attribution Share Alike 2.5 Generic - + - GNU General Public License v1.0 or later + Linux man-pages Copyleft - + - GNU General Public License v1.0 only + Historical Permission Notice and Disclaimer - sell variant - + - GNU Free Documentation License v1.3 only + Zope Public License 2.1 - + - GNU General Public License v2.0 only + BSD-4-Clause (University of California-Specific) - + - GNU General Public License v2.0 or later + Licence Art Libre 1.2 - + - GNU General Public License v2.0 w/Autoconf exception + Affero General Public License v1.0 only - + - GNU General Public License v2.0 or later + enna License - + - GNU Free Documentation License v1.3 + Condor Public License v1.1 - + - GNU General Public License v1.0 or later + Naumen Public License - + - Community Data License Agreement Sharing 1.0 + GNU Free Documentation License v1.3 or later - no invariants - + - GNU General Public License v2.0 w/Classpath exception + Reciprocal Public License 1.5 - + - GNU General Public License v2.0 w/GCC Runtime Library exception + PolyForm Small Business License 1.0.0 - + - GNU General Public License v2.0 w/Bison exception + Eiffel Forum License v1.0 - + - GNU General Public License v2.0 w/Font exception + The MirOS Licence - + - GNU General Public License v2.0 only + Creative Commons Attribution 2.5 Australia - + - CeCILL Free Software License Agreement v2.1 + Afmparse License - + - GNU General Public License v3.0 only + Mozilla Public License 2.0 (no copyleft exception) - + - GNU General Public License v3.0 or later + Licence Libre du Québec – Réciprocité forte version 1.1 - + - GNU General Public License v3.0 w/Autoconf exception + Academic Free License v1.2 - + - GNU General Public License v3.0 only + Open Software License 1.0 - + - Hippocratic License 2.1 + GNU General Public License v1.0 only - + - Historical Permission Notice and Disclaimer + Apple Public Source License 1.0 - + - HTML Tidy License + Open Government Licence - Canada - + - GNU General Public License v3.0 w/GCC Runtime Library exception + Common Public Attribution License 1.0 - + - Haskell Language Report License + Latex2e License - + - GNU General Public License v3.0 or later + Zend License v2.0 - + - ICU License + The Unlicense - + - ImageMagick License + XPP License - + - iMatix Standard Function Library Agreement + Creative Commons Attribution Non Commercial 1.0 Generic - + - IBM PowerPC Initialization and Boot Software + GNU General Public License v3.0 w/Autoconf exception - + - Intel ACPI Software License Agreement + Creative Commons Attribution Non Commercial Share Alike 3.0 Unported - + - Intel Open Source License + TCP Wrappers License - + - Info-ZIP License + SCEA Shared Source License - + - IPA Font License + SSH short notice - + - Independent JPEG Group License + Creative Commons Attribution 3.0 Netherlands - + - ISC License + Scheme Language Report License - + - JasPer License + Creative Commons Attribution 3.0 Unported - + - Japan Network Information Center License + Mozilla Public License 2.0 - + - JSON License + Unicode Terms of Use - + - Licence Art Libre 1.2 + Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic - + - Licence Art Libre 1.3 + Entessa Public License v1.0 - + - Latex2e License + BSD 3-Clause No Nuclear License - + - Leptonica License + Scheme Widget Library (SWL) Software License Agreement - + - Historical Permission Notice and Disclaimer - sell variant + GNU Free Documentation License v1.2 only - no invariants - + - GNU Library General Public License v2 only + The Parity Public License 7.0.0 - + - GNU Library General Public License v2 or later + Open LDAP Public License v2.2.1 - + - Imlib2 License + SGI Free Software License B v1.1 - + - IBM Public License v1.0 + Freetype Project License - + - GNU Lesser General Public License v2.1 only + Open LDAP Public License v2.4 - + - GNU Lesser General Public License v2.1 or later + Creative Commons Attribution Non Commercial 4.0 International - + - GNU Library General Public License v2 or later + bzip2 and libbzip2 License v1.0.6 - + - GNU Library General Public License v2 only + copyleft-next 0.3.0 - + - CeCILL-B Free Software License Agreement + MakeIndex License - + - GNU Lesser General Public License v3.0 or later + NRL License - + - GNU Lesser General Public License v3.0 only + GNU Free Documentation License v1.3 or later - invariants - + - Lesser General Public License For Linguistic Resources + Creative Commons Attribution Non Commercial 2.0 Generic - + - PNG Reference Library version 2 + SugarCRM Public License v1.1.3 - + - libpng License + Academic Free License v2.1 - + - libselinux public domain notice + GNU General Public License v2.0 only - + - GNU Lesser General Public License v3.0 or later + GNU Free Documentation License v1.3 only - invariants - + - Eiffel Forum License v1.0 + TORQUE v2.5+ Software License v1.1 - + - libtiff License + Ruby License - + - GNU Free Documentation License v1.3 or later - no invariants + X11 License - + - Licence Libre du Québec – Réciprocité forte version 1.1 + Borceux license - + - Licence Libre du Québec – Réciprocité version 1.1 + libpng License - + - Lucent Public License Version 1.0 + X11 License Distribution Modification Variant - + - Licence Libre du Québec – Permissive version 1.1 + Frameworx Open License 1.0 - + - Linux Kernel Variant of OpenIB.org license + Non-Commercial Government Licence - + - LaTeX Project Public License v1.0 + CeCILL Free Software License Agreement v2.1 - + - LaTeX Project Public License v1.2 + Creative Commons Attribution 3.0 Austria - + - LaTeX Project Public License v1.3a + CNRI Python License - + - Lucent Public License v1.02 + University of Illinois/NCSA Open Source License - + - LaTeX Project Public License v1.3c + gSOAP Public License v1.3b - + - MakeIndex License + European Union Public License 1.1 - + - GNU Library General Public License v2.1 or later + AMD's plpa_map.c License - + - LaTeX Project Public License v1.1 + Imlib2 License - + - CMU License + Common Development and Distribution License 1.1 - + - The MirOS Licence + Do What The F*ck You Want To Public License - + - Enlightenment License (e16) + Lucent Public License Version 1.0 - + - MIT License Modern Variant + Eclipse Public License 1.0 - + - MIT License + BSD with attribution - + - enna License + Open Software License 3.0 - + - MIT Open Group variant + Red Hat eCos Public License v1.1 - + - feh License + PHP License v3.0 - + - MIT +no-false-attribs license + BSD Protection License - + - Mozilla Public License 1.0 + Creative Commons Attribution Non Commercial 3.0 Germany - + - mpich2 License + Adaptive Public License 1.0 - + - Mozilla Public License 2.0 + EU DataGrid Software License - + - Mozilla Public License 2.0 (no copyleft exception) + GNU General Public License v1.0 only - + - Microsoft Reciprocal License + Solderpad Hardware License v0.5 - + - Matrix Template Library License + Creative Commons Attribution Share Alike 2.0 Generic - + - Mozilla Public License 1.1 + Creative Commons Attribution Share Alike 3.0 Austria - + - Mulan Permissive Software License, Version 2 + Creative Commons Attribution Non Commercial Share Alike 3.0 IGO - + - Motosoto License + Adobe Systems Incorporated Source Code License Agreement - + - Mup License + Newsletr License - + - Mulan Permissive Software License, Version 1 + Nunit License - + - Nara Institute of Science and Technology License (2003) + Multics License - + - Naumen Public License + Open Government Licence v1.0 - + - Multics License + Vim License - + - Net Boolean Public License v1 + eCos license version 2.0 - + - University of Illinois/NCSA Open Source License + Zimbra Public License v1.3 - + - Net-SNMP License + eGenix.com Public License 1.1.0 - + - NetCDF license + IBM PowerPC Initialization and Boot Software - + - NASA Open Source Agreement 1.3 + BitTorrent Open Source License v1.1 - + - Nethack General Public License + SIL Open Font License 1.1 with no Reserved Font Name - + - NIST Public Domain Notice with license fallback + psfrag License - + - NIST Public Domain Notice + Creative Commons Attribution No Derivatives 2.0 Generic - + - Newsletr License + Solderpad Hardware License, Version 0.51 - + - No Limit Public License + FreeBSD Documentation License - + - Nokia Open Source License + Python License 2.0 - + - Netizen Open Source License + Mup License - + - Noweb License + BSD 4 Clause Shortened - + - Norwegian Licence for Open Government Data + Creative Commons Attribution Non Commercial Share Alike 4.0 International - + - Netscape Public License v1.0 + Historical Permission Notice and Disclaimer - + - Non-Commercial Government Licence + Open LDAP Public License v2.6 - + - NRL License + Mozilla Public License 1.1 - + - NTP No Attribution + GNU General Public License v2.0 w/GCC Runtime Library exception - + - NTP License + Haskell Language Report License - + - GNU Free Documentation License v1.3 or later + Educational Community License v1.0 - + - Nunit License + GNU Lesser General Public License v2.1 or later - + - Open Use of Data Agreement v1.0 + SIL Open Font License 1.0 - + - Netscape Public License v1.1 + Apple Public Source License 1.1 - + - Open CASCADE Technology Public License + MIT +no-false-attribs license - + - Open Data Commons Attribution License v1.0 + CeCILL Free Software License Agreement v2.0 - + - SIL Open Font License 1.0 with no Reserved Font Name + Crossword License - + - OCLC Research Public License 2.0 + Aladdin Free Public License - + - SIL Open Font License 1.0 with Reserved Font Name + Baekmuk License - + - SIL Open Font License 1.0 + XFree86 License 1.1 - + - SIL Open Font License 1.1 with no Reserved Font Name + GNU General Public License v1.0 or later - + - SIL Open Font License 1.1 with Reserved Font Name + CERN Open Hardware Licence Version 2 - Weakly Reciprocal - + - SIL Open Font License 1.1 + Creative Commons Attribution Share Alike 1.0 Generic - + - Taiwan Open Government Data License, version 1.0 + NTP License - + - OGC Software License, Version 1.0 + PHP License v3.01 - + - Open Government Licence v1.0 + OCLC Research Public License 2.0 - + - Open Government Licence v2.0 + Creative Commons Attribution 3.0 Germany - + - Open Government Licence v3.0 + Creative Commons Attribution Non Commercial 2.5 Generic - + - Open Group Test Suite License + zlib License - + - Open LDAP Public License v1.1 + Computer Associates Trusted Open Source License 1.1 - + - Open LDAP Public License v1.2 + GNU Lesser General Public License v3.0 or later - + - Open LDAP Public License v1.3 + Cryptographic Autonomy License 1.0 - + - Open Government Licence - Canada + Netscape Public License v1.0 - + - Open LDAP Public License v2.0.1 + Standard ML of New Jersey License - + - Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) + GNU General Public License v2.0 or later - + - Open LDAP Public License v2.1 + Open LDAP Public License v2.5 - + - Open LDAP Public License v2.2.1 + JasPer License - + - Open LDAP Public License 2.2.2 + GNU General Public License v2.0 or later - + - Open LDAP Public License v2.2 + BSD-2-Clause Plus Patent License - + - Open Data Commons Open Database License v1.0 + Microsoft Reciprocal License - + - Open LDAP Public License v2.4 + CUA Office Public License v1.0 - + - Open LDAP Public License v1.4 + IPA Font License - + - Open LDAP Public License v2.3 + No Limit Public License - + - Open LDAP Public License v2.7 + Open Use of Data Agreement v1.0 - + - Open LDAP Public License v2.8 + MIT License Modern Variant - + - Open Market License + Open LDAP Public License v1.2 - + - OpenSSL License + BSD 2-Clause FreeBSD License - + - Open LDAP Public License v2.6 + Info-ZIP License - + - Open Public License v1.0 + Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France - + - Open Software License 1.0 + BSD Zero Clause License - + - Open Software License 1.1 + Unicode License Agreement - Data Files and Software (2016) - + - Open Software License 2.0 + SIL Open Font License 1.0 with Reserved Font Name - + - OSET Public License version 2.1 + Intel Open Source License - + - Open Software License 2.1 + Academic Free License v2.0 - + - The Parity Public License 6.0.0 + GL2PS License - + - The Parity Public License 7.0.0 + TAPR Open Hardware License v1.0 - + - Open Data Commons Public Domain Dedication & License 1.0 + Apache License 1.0 - + - PHP License v3.0 + Matrix Template Library License - + - Open Software License 3.0 + Motosoto License - + - Plexus Classworlds License + RSA Message-Digest License - + - Microsoft Public License + Community Specification License 1.0 - + - PolyForm Small Business License 1.0.0 + Open Data Commons Attribution License v1.0 - + - PolyForm Noncommercial License 1.0.0 + zlib/libpng License with Acknowledgement - + - Python Software Foundation License 2.0 + Data licence Germany – attribution – version 2.0 - + - psfrag License + Vovida Software License v1.0 - + - PostgreSQL License + Licence Libre du Québec – Réciprocité version 1.1 - + - psutils License + Open Public License v1.0 - + - Qhull License + GNU General Public License v3.0 or later - + - Q Public License 1.0 + Mulan Permissive Software License, Version 2 - + - Rdisc License + Apple Public Source License 1.2 - + - Python License 2.0 + Taiwan Open Government Data License, version 1.0 - + - Reciprocal Public License 1.1 + Ricoh Source Code Public License - + - Reciprocal Public License 1.5 + OGC Software License, Version 1.0 - + - Red Hat eCos Public License v1.1 + Eiffel Forum License v2.0 - + - RSA Message-Digest License + Cryptographic Autonomy License 1.0 (Combined Work Exception) - + - Ricoh Source Code Public License + Microsoft Public License - + - Ruby License + Plexus Classworlds License - + - Sax Public Domain Notice + Sendmail License 8.23 - + - Saxpath License + Cube License - + - SCEA Shared Source License + JSON License - + - Sendmail License 8.23 + European Union Public License 1.2 - + - Sendmail License + Adobe Glyph List License - + - SGI Free Software License B v1.0 + FreeImage Public License v1.0 - + - SGI Free Software License B v1.1 + Sybase Open Watcom Public License 1.0 - + - SGI Free Software License B v2.0 + Jam License - + - Solderpad Hardware License v0.5 + Hippocratic License 2.1 - + - Solderpad Hardware License, Version 0.51 + Open LDAP Public License v2.0.1 - + - Simple Public License 2.0 + Creative Commons Attribution Non Commercial Share Alike 2.0 Generic - + - Sun Industry Standards Source License v1.2 + Nokia Open Source License - + - Sun Industry Standards Source License v1.1 + Open CASCADE Technology Public License - + - Sleepycat License + Erlang Public License v1.1 - + - Standard ML of New Jersey License + Trusster Open Source License - + - Secure Messaging Protocol Public License + Open Software License 2.1 - + - SNIA Public License 1.1 + Clarified Artistic License - + - Spencer License 86 + xinetd License - + - Spencer License 94 + GNU General Public License v3.0 w/GCC Runtime Library exception - + - Spencer License 99 + Open Data Commons Open Database License v1.0 - + - Sun Public License v1.0 + MIT License - + - SSH OpenSSH license + GNU Library General Public License v2.1 or later - + - PHP License v3.01 + GNU Lesser General Public License v2.1 only - + - SSH short notice + CrystalStacker License - + - MIT No Attribution + Educational Community License v2.0 - + - RealNetworks Public Source License v1.0 + LaTeX Project Public License v1.0 - + - Scheme Widget Library (SWL) Software License Agreement + iMatix Standard Function Library Agreement - + - SugarCRM Public License v1.1.3 + Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO + + + + + BSD Source Code Attribution + + + + + The Parity Public License 6.0.0 @@ -2052,59 +2062,129 @@ TCL/TK License - + - TCP Wrappers License + Arphic Public License - + - Server Side Public License, v 1 + Creative Commons Attribution Share Alike 3.0 Unported - + - TMate Open Source License + Caldera License - + - Trusster Open Source License + Affero General Public License v1.0 - + - TORQUE v2.5+ Software License v1.1 + IBM Public License v1.0 - + - TAPR Open Hardware License v1.0 + Licence Art Libre 1.3 - + - Upstream Compatibility License v1.0 + EPICS Open License - + - Unicode License Agreement - Data Files and Software (2015) + Nethack General Public License - + - Unicode License Agreement - Data Files and Software (2016) + Detection Rule License 1.0 - + - Unicode Terms of Use + BSD 2-Clause NetBSD License - + - Technische Universitaet Berlin License 1.0 + Zope Public License 1.1 + + + + + GD License + + + + + LaTeX Project Public License v1.2 + + + + + Dotseqn License + + + + + Spencer License 99 + + + + + Open LDAP Public License v2.3 + + + + + Yahoo! Public License v1.1 + + + + + Fair License + + + + + Qhull License + + + + + GNU Free Documentation License v1.1 or later - no invariants + + + + + CeCILL-C Free Software License Agreement + + + + + Mulan Permissive Software License, Version 1 + + + + + Open LDAP Public License v1.1 + + + + + Open LDAP Public License v2.1 + + + + + Lucent Public License v1.02 @@ -2112,210 +2192,270 @@ Universal Permissive License v1.0 - + - The Unlicense + Abstyles License - + - VOSTROM Public License for Open Source + Zope Public License 2.0 - + - Vim License + MIT No Attribution - + - Vovida Software License v1.0 + GNU Library General Public License v2 only - + - W3C Software Notice and Document License (2015-05-13) + GNU Free Documentation License v1.3 only - no invariants - + - W3C Software Notice and License (2002-12-31) + GNU Affero General Public License v3.0 - + - W3C Software Notice and License (1998-07-20) + Eclipse Public License 2.0 - + - Wsuipa License + Academic Free License v3.0 - + - Sybase Open Watcom Public License 1.0 + Community Data License Agreement Permissive 1.0 - + - Do What The F*ck You Want To Public License + Artistic License 1.0 - + - X11 License + Creative Commons Attribution Non Commercial No Derivatives 4.0 International - + - Xerox License + HTML Tidy License + + + + + 3dfx Glide License + + + + + FSF All Permissive License + + + + + Lesser General Public License For Linguistic Resources + + + + + Open Government Licence v3.0 + + + + + GNU Free Documentation License v1.2 + + + + + SSH OpenSSH license + + + + + GNU Free Documentation License v1.1 only + + + + + feh License + + + + + Mozilla Public License 1.0 + + + + + PostgreSQL License + + + + + Open LDAP Public License 2.2.2 + + + + + Secure Messaging Protocol Public License - + - XFree86 License 1.1 + SIL Open Font License 1.1 - + - xinetd License + Leptonica License - + - X.Net License + CERN Open Hardware Licence v1.1 - + - XPP License + BSD 3-Clause No Nuclear Warranty - + - XSkat License + Creative Commons Attribution No Derivatives 2.5 Generic - + - Yahoo! Public License v1.0 + Creative Commons Attribution 1.0 Generic - + - Yahoo! Public License v1.1 + GNU Free Documentation License v1.2 only - + - Zed License + Open Publication License v1.0 - + - Zend License v2.0 + libselinux public domain notice - + - Technische Universitaet Berlin License 2.0 + BSD 3-Clause "New" or "Revised" License - + - Zimbra Public License v1.4 + ANTLR Software Rights Notice with license fallback - + - zlib/libpng License with Acknowledgement + copyleft-next 0.3.1 - + - zlib License + GNU General Public License v1.0 or later - + - Zope Public License 1.1 + wxWindows Library License - + - Zope Public License 2.0 + GNU Lesser General Public License v3.0 only - + - Zope Public License 2.1 + GNU Lesser General Public License v2.1 only - + - wxWindows Library License + Standard ML of New Jersey License - + - Zimbra Public License v1.3 + BSD 4-Clause "Original" or "Old" License - + - gSOAP Public License v1.3b + GNU General Public License v2.0 w/Bison exception - + - Interbase Public License v1.0 + Apache License 2.0 - + - GNU Lesser General Public License v2.1 only + Artistic License 1.0 w/clause 8 - + - GNU Lesser General Public License v3.0 only + GNU General Public License v2.0 only - + - Non-Profit Open Software License 3.0 + Intel ACPI Software License Agreement - + - Open LDAP Public License v2.5 + Boost Software License 1.0 - + - Standard ML of New Jersey License + Artistic License 1.0 (Perl) - - + - 389 Directory Server Exception + BSD 2-Clause with views sentence - + - Autoconf exception 2.0 + Interbase Public License v1.0 - + - Autoconf exception 3.0 + Non-Profit Open Software License 3.0 - + + - Bison exception 2.2 + FLTK exception @@ -2323,44 +2463,44 @@ Bootloader Distribution Exception - + - Classpath exception 2.0 + WxWindows Library Exception 3.1 - + - CLISP exception 2.0 + Linux Syscall Note - + - DigiRule FOSS License Exception + Qt LGPL exception 1.1 - + - eCos exception 2.0 + LLVM Exception - + - Fawkes Runtime Exception + PS/PDF font exception (2017-08-17) - + - FLTK exception + GCC Runtime Library exception 3.1 - + - Font exception 2.0 + Autoconf exception 3.0 - + - FreeRTOS Exception 2.0 + LGPL-3.0 Linking Exception @@ -2368,19 +2508,24 @@ GCC Runtime Library exception 2.0 - + - GCC Runtime Library exception 3.1 + Bison exception 2.2 - + - GNU JavaMail exception + OpenVPN OpenSSL Exception - + - GPL-3.0 Linking Exception + Libtool Exception + + + + + Autoconf exception 2.0 @@ -2393,54 +2538,54 @@ GPL Cooperation Commitment 1.0 - + - i2p GPL+Java Exception + OCaml LGPL Linking Exception - + - LGPL-3.0 Linking Exception + Universal FOSS Exception, Version 1.0 - + - Libtool Exception + i2p GPL+Java Exception - + - Linux Syscall Note + CLISP exception 2.0 - + - LLVM Exception + Open CASCADE Exception 1.0 - + - LZMA exception + Qwt exception 1.0 - + - Macros and Inline Functions Exception + GNU JavaMail exception - + - Nokia Qt LGPL exception 1.1 + U-Boot exception 2.0 - + - OCaml LGPL Linking Exception + FreeRTOS Exception 2.0 - + - Open CASCADE Exception 1.0 + Qt GPL exception 1.0 @@ -2448,29 +2593,29 @@ OpenJDK Assembly exception 1.0 - + - OpenVPN OpenSSL Exception + Solderpad Hardware License v2.1 - + - PS/PDF font exception (2017-08-17) + Macros and Inline Functions Exception - + - Qt GPL exception 1.0 + Fawkes Runtime Exception - + - Qt LGPL exception 1.1 + Swift Exception - + - Qwt exception 1.0 + GPL-3.0 Linking Exception @@ -2478,29 +2623,39 @@ Solderpad Hardware License v2.0 - + - Solderpad Hardware License v2.1 + Classpath exception 2.0 - + - Swift Exception + LZMA exception - + - U-Boot exception 2.0 + Font exception 2.0 - + - Universal FOSS Exception, Version 1.0 + Nokia Qt LGPL exception 1.1 - + - WxWindows Library Exception 3.1 + DigiRule FOSS License Exception + + + + + eCos exception 2.0 + + + + + 389 Directory Server Exception diff --git a/tests/data.py b/tests/data.py index 854b92d3..585dddf8 100644 --- a/tests/data.py +++ b/tests/data.py @@ -214,7 +214,8 @@ def get_bom_with_component_setuptools_with_vulnerability() -> Bom: version_range='49.0.0 - 54.0.0', status=ImpactAnalysisAffectedStatus.AFFECTED )] ) - ] + ], + properties=get_properties_1() ) component.add_vulnerability(vulnerability=vulnerability) bom.components.add(component) diff --git a/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json b/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json index d0a50bb4..4c47cf75 100644 --- a/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json +++ b/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json @@ -180,6 +180,16 @@ } ] } + ], + "properties": [ + { + "name": "key1", + "value": "val1" + }, + { + "name": "key2", + "value": "val2" + } ] } ] diff --git a/tests/fixtures/xml/1.4/bom_setuptools_with_vulnerabilities.xml b/tests/fixtures/xml/1.4/bom_setuptools_with_vulnerabilities.xml index 9123f8a5..edd24499 100644 --- a/tests/fixtures/xml/1.4/bom_setuptools_with_vulnerabilities.xml +++ b/tests/fixtures/xml/1.4/bom_setuptools_with_vulnerabilities.xml @@ -157,6 +157,10 @@ + + val1 + val2 + \ No newline at end of file diff --git a/typings/sortedcontainers.pyi b/typings/sortedcontainers.pyi index 6c2d4e5f..b8e8b6f6 100644 --- a/typings/sortedcontainers.pyi +++ b/typings/sortedcontainers.pyi @@ -3,19 +3,16 @@ # The contents of this file were obtained from # https://github.com/althonos/python-sortedcontainers/blob/d0a225d7fd0fb4c54532b8798af3cbeebf97e2d5/sortedcontainers/sortedset.pyi -from typing import ( +from typing import ( # Iterator,; Tuple,; Type, Any, Callable, Hashable, Iterable, -# Iterator, List, MutableSet, Optional, Sequence, Set, -# Tuple, -# Type, TypeVar, Union, overload,