fix: license_url not serialised in XML output #179 (#180)

Signed-off-by: Paul Horton <phorton@sonatype.com>
CycloneDX · Feb 21, 2022 · f014d7c · f014d7c
1 parent 670bde4
commit f014d7c
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 8 deletions.
diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py
@@ -376,6 +376,9 @@ def __hash__(self) -> int:
         return hash(self._uri)
 
     def __repr__(self) -> str:
+        return f'<XsUri {self._uri}>'
+
+    def __str__(self) -> str:
         return self._uri
 
 

diff --git a/cyclonedx/output/xml.py b/cyclonedx/output/xml.py
@@ -356,8 +356,9 @@ def _add_licenses_to_element(self, licenses: Set[LicenseChoice], parent_element:
                         license_text_e_attrs['encoding'] = license_.license.text.encoding.value
                     ElementTree.SubElement(license_e, 'text',
                                            license_text_e_attrs).text = license_.license.text.content
+                if license_.license.url:
+                    ElementTree.SubElement(license_e, 'url').text = str(license_.license.url)
 
-                    ElementTree.SubElement(license_e, 'text').text = license_.license.id
                 license_output = True
             else:
                 if self.license_supports_expression():

diff --git a/tests/data.py b/tests/data.py
@@ -24,8 +24,8 @@
 from packageurl import PackageURL
 
 from cyclonedx.model import AttachedText, DataClassification, DataFlow, Encoding, ExternalReference, \
-    ExternalReferenceType, HashType, LicenseChoice, Note, NoteText, OrganizationalContact, OrganizationalEntity, \
-    Property, Tool, XsUri
+    ExternalReferenceType, HashType, LicenseChoice, License, Note, NoteText, OrganizationalContact, \
+    OrganizationalEntity, Property, Tool, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Commit, Component, ComponentEvidence, ComponentType, Copyright, Patch, \
     PatchClassification, Pedigree, Swid, ComponentScope
@@ -166,7 +166,11 @@ def get_bom_just_complete_metadata() -> Bom:
     )
     bom.metadata.manufacture = get_org_entity_1()
     bom.metadata.supplier = get_org_entity_2()
-    bom.metadata.licenses = [LicenseChoice(license_expression='Commercial')]
+    bom.metadata.licenses = [LicenseChoice(license_=License(
+        spdx_license_id='Apache-2.0', license_text=AttachedText(
+            content='VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=', encoding=Encoding.BASE_64
+        ), license_url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.txt')
+    ))]
     bom.metadata.properties = get_properties_1()
     return bom
 

diff --git a/tests/fixtures/json/1.3/bom_with_full_metadata.json b/tests/fixtures/json/1.3/bom_with_full_metadata.json
@@ -62,7 +62,15 @@
     },
     "licenses": [
       {
-        "expression": "Commercial"
+        "license": {
+          "id": "Apache-2.0",
+          "text": {
+            "contentType": "text/plain",
+            "encoding": "base64",
+            "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE="
+          },
+          "url": "https://www.apache.org/licenses/LICENSE-2.0.txt"
+        }
       }
     ],
     "properties": [

diff --git a/tests/fixtures/json/1.4/bom_with_full_metadata.json b/tests/fixtures/json/1.4/bom_with_full_metadata.json
@@ -96,7 +96,15 @@
     },
     "licenses": [
       {
-        "expression": "Commercial"
+        "license": {
+          "id": "Apache-2.0",
+          "text": {
+            "contentType": "text/plain",
+            "encoding": "base64",
+            "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE="
+          },
+          "url": "https://www.apache.org/licenses/LICENSE-2.0.txt"
+        }
       }
     ],
     "properties": [

diff --git a/tests/fixtures/xml/1.3/bom_with_full_metadata.xml b/tests/fixtures/xml/1.3/bom_with_full_metadata.xml
@@ -47,7 +47,11 @@
             </contact>
         </supplier>
         <licenses>
-            <expression>Commercial</expression>
+            <license>
+                <id>Apache-2.0</id>
+                <text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</text>
+                <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            </license>
         </licenses>
         <properties>
             <property name="key1">val1</property>

diff --git a/tests/fixtures/xml/1.4/bom_with_full_metadata.xml b/tests/fixtures/xml/1.4/bom_with_full_metadata.xml
@@ -73,7 +73,11 @@
             </contact>
         </supplier>
         <licenses>
-            <expression>Commercial</expression>
+            <license>
+                <id>Apache-2.0</id>
+                <text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</text>
+                <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            </license>
         </licenses>
         <properties>
             <property name="key1">val1</property>