diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ff70475 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "maven" + cooldown: + default-days: 7 + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cc0284..657d139 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,22 +15,22 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: 17 - name: Cache SonarCloud packages - uses: actions/cache@v1 + uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v1 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index 55ce713..f35157a 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -6,9 +6,14 @@ name: Docker Build on: + workflow_dispatch: + pull_request: + paths: + - Dockerfile + - .github/workflows/docker_deploy.yml push: paths-ignore: - - "**.md" + - '**.md' tags: - 'v*' env: @@ -24,22 +29,16 @@ jobs: steps: - name: Checkout main repository - uses: actions/checkout@v3 + uses: actions/checkout@v5 - - name: Set environment variables - run: | - echo "ORG_BASE_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV - echo "TOOLS_JAVA_VERSION=${GITHUB_REF_NAME/v/}" >> $GITHUB_ENV - - name: Echoing current version - run: | - echo "$TOOLS_JAVA_VERSION" - echo $GITHUB_REF_NAME + - name: Setup QEMU + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -47,19 +46,23 @@ jobs: - name: Extract components metadata id: meta_base - uses: docker/metadata-action@v4 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v51.0.0 with: images: | - ${{ env.REGISTRY }}/${{ env.ORG_BASE_NAME }}/tools-java + ${{ env.REGISTRY }}/${{ github.repository }} + tags: | + type=ref,event=tag + type=semver,pattern={{version}} + type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }} + labels: org.opencontainers.image.licenses=Apache-2.0 - name: Build Container - uses: docker/build-push-action@v3 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . - push: true + push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} load: false - build-args: | - TOOLS_JAVA_VERSION=${{ env.TOOLS_JAVA_VERSION }} + platforms: linux/amd64,linux/arm64 tags: | ${{ steps.meta_base.outputs.tags }} labels: ${{ steps.meta_base.outputs.labels }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..ff52f75 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,36 @@ +name: Generate and publish API JavaDocs + +on: + push: + branches: [ master ] + +jobs: + docs: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + + - name: Set up JDK + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + with: + distribution: 'temurin' + java-version: 17 + + - name: Cache Maven packages + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + + - name: Generate docs + run: mvn javadoc:javadoc + + - name: Deploy docs + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./target/reports/apidocs diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index edf73a4..096ae67 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,11 @@ +--- +SPDX-FileType: DOCUMENTATION SPDX-License-Identifier: CC-BY-4.0 +--- Contributing ============ + Thank you for your interest in `tools-java`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. All contributions must include a "Signed-off-by" line in the commit message. @@ -10,34 +14,35 @@ This indicates that the contribution is made pursuant to the [Developer Certific Issues ------ + `tools-java` has a [project page on GitHub](https://github.com/spdx/tools-java/) where you can [create an issue](https://github.com/spdx/tools-java/issues/new) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a patch. Patches ------- -The source code for `spdx-tools` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. + +The source code for `tools-java` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. To submit a patch via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). +To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.1"). Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. - Licensing --------- New **code files** should include a [short-form SPDX ID](https://spdx.org/ids) at the top, indicating the project license for code, which is Apache-2.0. This should look like the following: -``` +```java // SPDX-License-Identifier: Apache-2.0 ``` Developer Certificate of Origin (DCO) ------------------------------------- -``` +```text Developer Certificate of Origin Version 1.1 @@ -76,4 +81,3 @@ By making a contribution to this project, I certify that: maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. ``` - diff --git a/Dockerfile b/Dockerfile index df1be6a..9b37ffb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,21 @@ # syntax=docker/dockerfile:1.4 # Set Java versions -ARG JAVA_VERSION=17 +ARG JAVA_VERSION=21 # Use Maven eclipse Temurin based -FROM maven:3.8-eclipse-temurin-$JAVA_VERSION as build - -ARG TOOLS_JAVA_VERSION=1.1.5-SNAPSHOT +FROM maven:3.9-eclipse-temurin-$JAVA_VERSION as build WORKDIR /build # BUILD RUN --mount=type=cache,target=/root/.m2 \ --mount=type=bind,source=$PWD,target=/build,rw \ - mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ + export TOOLS_JAVA_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) \ + && mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ && mkdir -p /usr/lib/java/spdx \ && cp target/tools-java-$TOOLS_JAVA_VERSION-jar-with-dependencies.jar /usr/lib/java/spdx/ - # Configure the wrapper script COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java @@ -25,11 +23,10 @@ COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java RUN sed -i "s/@@VERSION@@/$TOOLS_JAVA_VERSION/g" /usr/bin/tools-java \ && chmod +x /usr/bin/tools-java - # Deploy image FROM eclipse-temurin:$JAVA_VERSION as run COPY --from=build /usr/lib/java/spdx /usr/lib/java/spdx COPY --from=build /usr/bin/tools-java /usr/bin/tools-java -ENTRYPOINT [ "/usr/bin/tools-java" ] \ No newline at end of file +ENTRYPOINT [ "/usr/bin/tools-java" ] diff --git a/README.md b/README.md index f057491..93713aa 100644 --- a/README.md +++ b/README.md @@ -1,122 +1,146 @@ -# Overview +# SPDX Tools + +[![Maven Central Version](https://img.shields.io/maven-central/v/org.spdx/tools-java)](https://central.sonatype.com/artifact/org.spdx/tools-java) +[![javadoc](https://javadoc.io/badge2/org.spdx/tools-java/javadoc.svg)](https://javadoc.io/doc/org.spdx/tools-java) + +A command-line utility for creating, converting, comparing, +and validating SPDX documents across multiple formats. + The Software Package Data Exchange (SPDX) specification is a standard format for communicating the components, licenses and copyrights associated with a software package. - * [SPDX License List](http://spdx.org/licenses/) - * [SPDX Vocabulary Specification](http://spdx.org/rdf/terms) +* [SPDX License List](https://spdx.org/licenses/) +* [SPDX Vocabulary Specification](https://spdx.org/specifications) -These tools are published by the SPDX Workgroup -see [http://spdx.org/](http://spdx.org/) +These tools are published by the SPDX Workgroup, +see ## Versions Supported + This utility supports versions 2.0, 2.1, 2.2, 2.3 and 3.0.1 of the SPDX specification. -# Code quality badges +## Code quality badges -| [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=bugs)](https://sonarcloud.io/dashboard?id=tools-java) | [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_index)](https://sonarcloud.io/dashboard?id=tools-java) | +[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=bugs)](https://sonarcloud.io/dashboard?id=tools-java) +[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=tools-java) +[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=tools-java) +[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_index)](https://sonarcloud.io/dashboard?id=tools-java) ## Getting Starting -The SPDX Tool binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java). +The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://central.sonatype.com/artifact/org.spdx/tools-java) (organization `org.spdx`, artifact `tools-java`). See the Syntax section below for the commands available. If you are a developer, there are examples in the [examples folder](examples/org/spdx/examples). -## Contributing -See the file CONTRIBUTING.md for information on making contributions to the SPDX tools. - -## Issues -Report any security related issues by sending an email to [spdx-tools-security@lists.spdx.org](mailto:spdx-tools-security@lists.spdx.org) - -Non-security related issues should be added to the [SPDX tools issues list](https://github.com/spdx/tools-java/issues) - ## Syntax -The command line interface of the spdx tools can be used like this: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar +The command line interface of the SPDX Tools can be used like this: + + java -jar tools-java-2.0.5-jar-with-dependencies.jar ## SPDX format converters -The following converter tools support spdx format: - * Tag - * RDF/XML - * XLSX Spreadsheet - * XLS Spreadsheet - * JSON - * XML - * YAML - * JSON-LD (SPDX spec version 3.0.1) +The following converter tools support SPDX format: + +* Tag +* RDF/XML +* XLSX Spreadsheet +* XLS Spreadsheet +* JSON +* XML +* YAML +* JSON-LD (SPDX spec version 3.0.1) -Example to convert a SPDX file from tag to rdf format: +Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: -* use the file extension `.jsonld.json` or `.jsonld`; + +* use the file extension `.spdx3.json` or `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: -``` -java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD -``` + + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities -The following tools can be used to compare one or more SPDX documents: - * CompareMultipleSpdxDocs with files +The following tools can be used to compare one or more SPDX documents: + +* CompareMultipleSpdxDocs with files - Example to compare multiple SPDX files provided in rdf format and provide a spreadsheet with the results: + Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN - * CompareMultipleSpdxDocs with directory +* CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer + The following tool can be used to "Pretty Print" an SPDX document. - * SPDXViewer +* SPDXViewer Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier + The following tool can be used to verify an SPDX document: - * Verify +* Verify Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators + The following tool can be used to generate an SPDX verification code from a directory of source files: - * GenerateVerificationCode sourceDirectory +* GenerateVerificationCode sourceDirectory Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.5-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool -The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. The [SPDX Validation Tool](https://tools.spdx.org/app/validate/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. -# License +The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. + +The [SPDX Online Tools](https://tools.spdx.org/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. + +## License + A complete SPDX file is available including dependencies is available in the bintray and Maven repos. - SPDX-License-Identifier: Apache-2.0 - PackageLicenseDeclared: Apache-2.0 + SPDX-License-Identifier: Apache-2.0 + PackageLicenseDeclared: Apache-2.0 + +## Development -# Development +### Build -## Build You need [Apache Maven](http://maven.apache.org/) to build the project: mvn clean install +## Contributing + +See the file [CONTRIBUTING.md](./CONTRIBUTING.md) for information on +making contributions to the SPDX tools. + +## Issues + +Report any security related issues by sending an email to [spdx-tools-security@lists.spdx.org](mailto:spdx-tools-security@lists.spdx.org) + +Non-security related issues should be added to the [SPDX Tools issues list](https://github.com/spdx/tools-java/issues) diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md index f711dcb..ab53894 100644 --- a/RELEASE-CHECKLIST.md +++ b/RELEASE-CHECKLIST.md @@ -8,3 +8,4 @@ - [ ] Release artifacts to Maven Central - [ ] Create a Git release including release notes - [ ] Zip up the files from the Maven archive and add them to the release +- [ ] Update README to refer to the new release in the Syntax section diff --git a/dependency-check-supress.xml b/dependency-check-supress.xml index 442d77a..0eb63bd 100644 --- a/dependency-check-supress.xml +++ b/dependency-check-supress.xml @@ -1,4 +1,19 @@ - + + + ^pkg:maven/com\.ibm\.icu/icu4j@.*$ + CVE-2025-5222 + + + + ^pkg:maven/org\.spdx/spdx-java-model-2_X@.*$ + cpe:/a:x.org:x.org + \ No newline at end of file diff --git a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java index 2d0b245..093dd7b 100644 --- a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2021 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2021 Source Auditor Inc. */ package org.spdx.examples; @@ -29,11 +30,10 @@ * for this example is assumed to be JSON (e.g. the output of the SimpleSpdxDocumentV2Compat example). * Different format can be used by using the associated store rather than the spdx-jackson store * (e.g. spdx-spreadsheet-store, spdx-tagvalue-store, or the spdx-rdf-store). - * + *

* This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries - * + *

* @author Gary O'Neall - * */ public class ExistingSpdxDocumentV2Compat { @@ -52,7 +52,7 @@ public static void main(String[] args) { } /* - * First thing we need is a store deseralize the SPDX document into. + * First thing we need is a store deserialize the SPDX document into. * We'll chose the MultiFormatStore since it supports serializing to JSON files * It takes an underlying model store as the first parameter - the inMemSpdxStore is a simple * built in store included in the Spdx-Java-Library. The second parameter is the format @@ -74,7 +74,7 @@ public static void main(String[] args) { * license information over to the document model store */ ModelCopyManager copyManager = new ModelCopyManager(); - // Let's deseralize the document + // Let's deserialize the document try (InputStream stream = new FileInputStream(inputFile)) { modelStore.deSerialize(stream, false); diff --git a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java new file mode 100644 index 0000000..5b07d11 --- /dev/null +++ b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java @@ -0,0 +1,189 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + *
+ * Example of serializing a single expanded license + */ + +package org.spdx.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.core.CreationInfo; +import org.spdx.library.model.v3_0_1.core.Element; +import org.spdx.library.model.v3_0_1.core.ProfileIdentifierType; +import org.spdx.library.model.v3_0_1.core.SpdxDocument; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.storage.IModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Set; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + +/** + * Simple example serializing a single expanded license + */ +public class ExpandedLicenseExampleV3 { + + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); // setting this to false will include all the listed license details in the document + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/complex-license-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.setIdPrefix(prefix); + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense1") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getRootElements().add(complexLicense); + doc.getElements().add(complexLicense); + List warnings = new ArrayList<>(); + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); + warnings.addAll(complexLicense.verify()); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream, doc); + } + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = jsonSchemaFactory.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } + } + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java new file mode 100644 index 0000000..132b3a6 --- /dev/null +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -0,0 +1,868 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + *
+ * Full example of an SPDX document using all classes + */ + +package org.spdx.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v2.SpdxConstantsCompatV2; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.ai.AIPackage; +import org.spdx.library.model.v3_0_1.ai.EnergyUnitType; +import org.spdx.library.model.v3_0_1.ai.SafetyRiskAssessmentType; +import org.spdx.library.model.v3_0_1.build.Build; +import org.spdx.library.model.v3_0_1.core.*; +import org.spdx.library.model.v3_0_1.dataset.ConfidentialityLevelType; +import org.spdx.library.model.v3_0_1.dataset.DatasetAvailabilityType; +import org.spdx.library.model.v3_0_1.dataset.DatasetPackage; +import org.spdx.library.model.v3_0_1.dataset.DatasetType; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.security.*; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.library.model.v3_0_1.simplelicensing.SimpleLicensingText; +import org.spdx.library.model.v3_0_1.software.*; +import org.spdx.storage.IModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.*; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; +import java.util.*; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + + +/** + * This class attempts to implement all the SPDX specification classes and most of the properties. + *

+ * It will generate a resulting serialization that can be used as a full serialization example. + *

+ *

+ * This example is current as of the version 3.0.1 of the SPDX Specification + *

+ */ +public class FullSpdxV3Example { + + static final DateTimeFormatter SPDX_DATE_FORMATTER = DateTimeFormatter.ofPattern(SpdxConstantsCompatV2.SPDX_DATE_FORMAT); + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + static class ExampleBuilder { + private final String prefix; + private final SpdxDocument doc; + private Sbom sBom = null; + private SpdxPackage pkg = null; + + public ExampleBuilder(String prefix, SpdxDocument doc) { + this.prefix = prefix; + this.doc = doc; + } + + void build() throws InvalidSPDXAnalysisException { + addCoreClasses(); + addSoftwareClasses(); + addAIandDataClasses(); + addSecurityClasses(); + addSimpleLicensingClasses(); + addExpandedLicensingClasses(); + addBuildClasses(); + addExtensionClasses(); + } + + private String getNextAnonId() throws InvalidSPDXAnalysisException { + return doc.getModelStore().getNextId(IModelStore.IdType.Anonymous); + } + + private void addExtensionClasses() throws InvalidSPDXAnalysisException { + //TODO: The following is causing a schema validation error - uncomment when resolved +// ModelRegistry.getModelRegistry().registerExtensionType("Extension.example", +// SpdxExtensionExample.class); +// SpdxExtensionExample extension = new SpdxExtensionExample(doc.getModelStore(), +// prefix + "extension", doc.getCopyManager(), true, prefix); +// extension.setExtensionProperty("Extension property value"); +// doc.getExtensions().add(extension); + doc.getExtensions().add(doc.createCdxPropertiesExtension(getNextAnonId()) + .addCdxProperty(doc.createCdxPropertyEntry(getNextAnonId()) + .setCdxPropName("CDXProperty") + .setCdxPropValue("Property Value") + .build()) + .build()); + } + + private void addBuildClasses() throws InvalidSPDXAnalysisException { + Build build = doc.createBuild(prefix + "build") + .setBuildType("https://github.com/spdx/tools-java/blob/master/pom.xml") + .setComment("Builds use the maven-release-plugin") + .setBuildStartTime(LocalDateTime.of(2025, 10, 15, 11, 42) + .format(SPDX_DATE_FORMATTER)) + .setBuildEndTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addConfigSourceDigest(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271 ") + .build()) + .addConfigSourceEntrypoint("release") + .addConfigSourceUri("https://repo1.maven.org/maven2/org/spdx/tools-java/2.0.2/tools-java-2.0.2.pom") + .addEnvironment(doc.createDictionaryEntry(getNextAnonId()) + .setKey("OS") + .setValue("Windows11") + .build()) + .addParameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Next Snapshot Version") + .setValue("2.0.3-SNAPSHOT") + .build()) + .build(); + + // hasInput relationship + SpdxFile pomFile = doc.createSpdxFile(prefix + "pomfile") + .setName("pom.xml") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271") + .build()) + .build(); + doc.getElements().add(pomFile); + sBom.getElements().add(pomFile); + SpdxFile srcDir = doc.createSpdxFile(prefix + "src") + .setName("src") + .setFileKind(FileKindType.DIRECTORY) + .build(); + doc.getElements().add(srcDir); + sBom.getElements().add(srcDir); + Relationship hasInput = doc.createLifecycleScopedRelationship(prefix + "hasinput") + .setRelationshipType(RelationshipType.HAS_INPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setScope(LifecycleScopeType.BUILD) + .setFrom(build) + .addTo(srcDir) + .addTo(pomFile) + .build(); + doc.getElements().add(hasInput); + SpdxFile jarWithDependencies = doc.createSpdxFile(prefix + "jarwdeps") + .setName("tools-java-2.0.2-jar-with-dependencies.jar") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("3b326e4ea0e901d71a58627ca14c7d7ec36fc7bdb01308a78de99de2171c7904") + .build()) + .build(); + doc.getElements().add(jarWithDependencies); + Relationship hasOutput = doc.createRelationship(prefix + "hasoutput") + .setRelationshipType(RelationshipType.HAS_OUTPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(build) + .addTo(jarWithDependencies) + .build(); + doc.getElements().add(hasOutput); + } + + private void addExpandedLicensingClasses() throws InvalidSPDXAnalysisException { + // ConjunctiveLicenseSet + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense3") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getElements().add(complexLicense); + } + + private void addSimpleLicensingClasses() throws InvalidSPDXAnalysisException { + // SimpleLicensingText + String simpleLicenseId = "LicenseRef-simpletext"; + String simpleAdditionId = "LicenseRef-simpleaddition"; + SimpleLicensingText slt = doc.createSimpleLicensingText(prefix + simpleLicenseId) + .setLicenseText("This is the license text to go with my license expression") + .build(); + doc.getElements().add(slt); + SimpleLicensingText simpleaddition = doc.createSimpleLicensingText(prefix + simpleAdditionId) + .setLicenseText("This is the custom addition text") + .build(); + doc.getElements().add(simpleaddition); + // LicenseExpression + doc.getElements().add(doc.createLicenseExpression(prefix + "licenseexpression") + .setLicenseExpression("Apache-2.0 AND " + simpleLicenseId + " WITH " + simpleAdditionId) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleLicenseId) + .setValue(prefix + simpleLicenseId) + .build()) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleAdditionId) + .setValue(prefix + simpleAdditionId) + .build()) + .build()); + // AnyLicenseInfo - Abstract + } + + private void addSecurityClasses() throws InvalidSPDXAnalysisException { + // First - let's add a dependeny with a known vulnerability + SpdxPackage log4j = doc.createSpdxPackage(prefix + "log4j") + .setName("Apache Log4j 2") + .setPackageVersion("2.14.1") + .setPackageUrl("pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CPE23) + .setIssuingAuthority("NVD") + .setIdentifier("cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*") + .build()) + .build(); + doc.getElements().add(log4j); + sBom.getElements().add(log4j); + Relationship depRelationship = doc.createRelationship(prefix + "log4jdep") + .setFrom(pkg) + .addTo(log4j) + .setRelationshipType(RelationshipType.HAS_DYNAMIC_LINK) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + doc.getElements().add(depRelationship); + sBom.getElements().add(depRelationship); + // Since we don't want the vulnerabilities to be in the more static SBOMs, let's create a different collection + Bundle securityBundle = doc.createBundle(prefix + "securitybundle") + .setContext("Security information related to "+sBom.getObjectUri()) + .build(); + // Vulnerability + Vulnerability vuln = doc.createVulnerability(prefix + "log4jvuln") + .setSummary("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups.") + .setDescription("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not " + + "protect from uncontrolled recursion from self-referential lookups. This allows an attacker " + + "with control over ...") + .setPublishedTime(LocalDateTime.of(2021, 12, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CVE) + .setIdentifier("CVE-2021-45105") + .addIdentifierLocator("https://www.cve.org/CVERecord?id=CVE-2021-45105") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.SECURITY_ADVISORY) + .addLocator("https://nvd.nist.gov/vuln/detail/CVE-2021-45105") + .build()) + .build(); + doc.getElements().add(vuln); + securityBundle.getElements().add(vuln); + Relationship log4jVulnRel = doc.createRelationship(prefix + "log4jvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(log4j) + .addTo(vuln) + .build(); + doc.getElements().add(log4jVulnRel); + securityBundle.getElements().add(log4jVulnRel); + Relationship pkgVulnRel = doc.createRelationship(prefix + "pkgvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(pkg) + .addTo(vuln) + .build(); + doc.getElements().add(pkgVulnRel); + securityBundle.getElements().add(pkgVulnRel); + // CvssV2VulnAssessmentRelationship + Agent supplierAgent = doc.createAgent(prefix + "assessmentagent") + .setName("Supplier of Assessments") + .setComment("This would be the supplier of the vulnerability assessments") + .build(); + CvssV2VulnAssessmentRelationship cvssV2 = doc.createCvssV2VulnAssessmentRelationship(prefix + "cvssv2vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV2); + securityBundle.getElements().add(cvssV2); + // CvssV3VulnAssessmentRelationship + CvssV3VulnAssessmentRelationship cvssV3 = doc.createCvssV3VulnAssessmentRelationship(prefix + "cvssv3vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV3); + securityBundle.getElements().add(cvssV3); + // CvssV4VulnAssessmentRelationship + CvssV4VulnAssessmentRelationship cvssV4 = doc.createCvssV4VulnAssessmentRelationship(prefix + "cvssv4vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV4); + securityBundle.getElements().add(cvssV4); + // EpssVulnAssessmentRelationship + EpssVulnAssessmentRelationship epss = doc.createEpssVulnAssessmentRelationship(prefix + "epss") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setProbability(0.01) + .setPercentile(0.4) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(epss); + securityBundle.getElements().add(epss); + // ExploitCatalogVulnAssessmentRelationship + //TODO: The schema has "locator" for the field while the generated Java code has "securityLocator" + //Need to regenerate the library then uncomment the example below + ExploitCatalogVulnAssessmentRelationship excat = doc.createExploitCatalogVulnAssessmentRelationship(prefix + "exploitcat") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setCatalogType(ExploitCatalogType.KEV) + .setSecurityLocator("https://www.cisa.gov/known-exploited-vulnerabilities-catalog") + .setExploited(true) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(excat); + securityBundle.getElements().add(excat); + + // SsvcVulnAssessmentRelationship + SsvcVulnAssessmentRelationship ssvs = doc.createSsvcVulnAssessmentRelationship(prefix + "ssvs") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setDecisionType(SsvcDecisionType.ACT) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(ssvs); + securityBundle.getElements().add(ssvs); + // VexAffectedVulnAssessmentRelationship + VexAffectedVulnAssessmentRelationship vexAffected = doc.createVexAffectedVulnAssessmentRelationship(prefix + "vexaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(log4j) + .setActionStatement("Upgrade to version 2.20 or later") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexAffected); + securityBundle.getElements().add(vexAffected); + // VexFixedVulnAssessmentRelationship + VexFixedVulnAssessmentRelationship vexFixed = doc.createVexFixedVulnAssessmentRelationship(prefix + "vexfixed") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexFixed); + securityBundle.getElements().add(vexFixed); + // VexNotAffectedVulnAssessmentRelationship + VexNotAffectedVulnAssessmentRelationship vexNotAffected = doc.createVexNotAffectedVulnAssessmentRelationship(prefix + "vexnotaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setJustificationType(VexJustificationType.INLINE_MITIGATIONS_ALREADY_EXIST) + .setImpactStatement("No longer using this vulnerable part of this library.") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexNotAffected); + securityBundle.getElements().add(vexNotAffected); + // VexUnderInvestigationVulnAssessmentRelationship + VexUnderInvestigationVulnAssessmentRelationship vexUnderInvestigation = doc.createVexUnderInvestigationVulnAssessmentRelationship(prefix + "vexunderinvestigation") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexUnderInvestigation); + securityBundle.getElements().add(vexUnderInvestigation); + // VexVulnAssessmentRelationship - Abstract + // VulnAssessmentRelationship - Abstract + } + + private void addCoreClasses() throws InvalidSPDXAnalysisException { + // Agent - Abstract, already in creation info + // Annotation + doc.getElements().add(doc.createAnnotation(prefix + "docannotation") + .setStatement("This document is for example purposes only") + .setAnnotationType(AnnotationType.OTHER) + .setSubject(doc) + .build()); + // Artifact - Abstract - used in software package and several others + // Bom - will be used as an AI BOM and software BOM + // Bundle + doc.getElements().add(doc.createBundle(prefix + "bundle") + .setComment("This is just an example of a concrete Bundle class - the elements are not used elsewhere in the SPDX document") + .setContext("Custom Licenses") + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense1") + .setLicenseText("This is a custom license text number one.") + .build()) + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense2") + .setLicenseText("This is a custom license text number two.") + .build()) + .build()); + // CreationInfo - Already created + // DictionaryEntry - Used in several places including SimpleLicensing + // Element - Abstract + // ElementCollection - Abstract + // ExternalIdentifier - Used in Security profile + // Organization + doc.getCreationInfo().getCreatedBys().add(doc.createOrganization(prefix + "spdxorg") + .setName("System Package Data Exchange (SPDX)") + .build()); + // ExternalMap + String orgLocation = "https://external/organization/spdxdata"; + String orgPrefix = orgLocation + "#"; + String orgUri = orgPrefix + "org"; + ExternalOrganization externalOrg = new ExternalOrganization(doc.getModelStore(), + orgUri, doc.getCopyManager(), + true, orgLocation); + doc.getCreationInfo().getCreatedBys().add(externalOrg); + doc.getSpdxImports().add(doc.createExternalMap(getNextAnonId()) + .setExternalSpdxId(orgUri) + .setLocationHint(orgLocation) + .build()); + // Hash - Used in file + // IndividualElement - Used in software package originated by + // IntegrityMethod - Used in file and package + // LifecycleScopedRelationship + // NamespaceMap - Used in doc already + // PackageVerificationCode - Going to ignore - deprecated + // Person - Used in creation info + // PositiveIntegerRange - Used in snippets + // Relationship - Used in software + // SoftwareAgent + doc.getCreationInfo().getCreatedBys().add(doc.createSoftwareAgent(prefix + "softwareagent") + .setName("SPDX Spec Github CI") + .build()); + // SpdxDocument - already used + // ExternalRef + // Tool + doc.getCreationInfo().getCreatedUsings().add(doc.createTool(prefix + "creationtool") + .setName("tools-java") + .setComment("Created by the FullSpdxV3Example.java utility in tools-java") + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java") + .build()) + .build()); + } + + private void addSoftwareClasses() throws InvalidSPDXAnalysisException { + // Sbom + sBom = doc.createSbom(prefix + "sbom") + .setName("AI SBOM") + .addSbomType(SbomType.ANALYZED) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.getElements().add(sBom); + doc.getRootElements().add(sBom); + // Package + pkg = doc.createSpdxPackage(prefix + "tools-java") + .setName("tools-java") + .setPrimaryPurpose(SoftwarePurpose.APPLICATION) + .addAdditionalPurpose(SoftwarePurpose.LIBRARY) + .addAttributionText("Maintained by the SPDX Community") + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + // ContentIdentifier + .addContentIdentifier(doc.createContentIdentifier(getNextAnonId()) + .setContentIdentifierType(ContentIdentifierType.GITOID) + .setContentIdentifierValue("23bd470259f55641eb72b0c5d733edac014a4554") + .build()) + .setCopyrightText("Copyright (c) Source Auditor Inc.") + .setDescription("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .setDownloadLocation("https://github.com/spdx/tools-java/releases/download/v2.0.2/tools-java-2.0.2.zip") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.URL_SCHEME) + .setIdentifier("https://github.com/spdx/tools-java") + .setIssuingAuthority("GitHub") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java:jar:2.0.2") + .build()) + .setPackageUrl("pkg:maven/org.spdx/tools-java@2.0.2") + .setPackageVersion("2.0.2") + .setReleaseTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .setSourceInfo("This package came from the original source - the official SPDX GitHub repo and build process") + .addStandardName("SPDX Version 2.X and SPDX Version 3.0") + .setHomePage("https://github.com/spdx/tools-java") + .addOriginatedBy(new SpdxOrganization()) + .setSuppliedBy(new SpdxOrganization()) + .setSummary("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .addSupportLevel(SupportType.LIMITED_SUPPORT) + .setValidUntilTime(LocalDateTime.of(2027, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("c37ce759c3867780d55791a1804101d288fa921e77ed791e6c053fd5d7513d0d") + .build()) + .build(); + doc.getElements().add(pkg); + sBom.getElements().add(pkg); + sBom.getRootElements().add(pkg); + // File + SpdxFile sourceFile = doc.createSpdxFile(prefix + "example-source") + .setPrimaryPurpose(SoftwarePurpose.SOURCE) + .setContentType("text/plain") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setFileKind(FileKindType.FILE) + .setName("./examples/org/spdx/examples/FullSpdxV3Example.java") + .build(); + sBom.getElements().add(sourceFile); + doc.getElements().add(sourceFile); + // Relationships - declared license, concluded license, generated from + doc.getElements().add(doc.createRelationship(prefix + "example-source-to-pkg") + .setRelationshipType(RelationshipType.GENERATES) + .setFrom(sourceFile) + .addTo(pkg) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build()); + AnyLicenseInfo declared = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + AnyLicenseInfo concluded = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + doc.getElements().add(doc.createRelationship(prefix + "source-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(sourceFile) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "source-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(sourceFile) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(pkg) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(pkg) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // Snippet + Snippet snippet = doc.createSnippet(prefix + "snippet") + .addAttributionText("Example code created by Gary O'Neall") + .setDescription("Main method for the FullSpdxV3Example.java") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setByteRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(43) + .setEndIntegerRange(89) + .build()) + .setLineRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(1548) + .setEndIntegerRange(3955) + .build()) + .setName("main(String[] args)") + .setSnippetFromFile(sourceFile) + .build(); + doc.getElements().add(snippet); + sBom.getElements().add(snippet); + doc.getElements().add(doc.createRelationship(prefix + "snippet-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(snippet) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "snippet-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(snippet) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // SoftwareArtifact - Abstract + } + + private void addAIandDataClasses() throws InvalidSPDXAnalysisException { + Bom aiBom = doc.createBom(prefix + "aibom") + .setName("AI SBOM") + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .build(); + doc.getElements().add(aiBom); + doc.getRootElements().add(aiBom); + // DatasetPackage + DatasetPackage dataset = doc.createDatasetPackage(prefix + "dataset") + .addAnonymizationMethodUsed("Perturbation") + .setConfidentialityLevel(ConfidentialityLevelType.GREEN) + .setDataCollectionProcess("WWW data under open licenses") + .setDataCollectionProcess("Crawler") + .addDataPreprocessing("Anonymization using perturbation of sensitive data") + .setDatasetAvailability(DatasetAvailabilityType.QUERY) + .setDatasetNoise("Includes data input by humans - subject to error") + .setDatasetSize(4000000) + .addDatasetType(DatasetType.TEXT) + .setDatasetUpdateMechanism("Automated crawler") + .setHasSensitivePersonalInformation(PresenceType.NO) + .setIntendedUse("LLM training") + .addKnownBias("Typical human bias representative from the global WWW") + .addSensor(doc.createDictionaryEntry(getNextAnonId()) + .setKey("crawler") + .setValue("webcrawler") + .build()) + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addOriginatedBy(doc.createOrganization(prefix + "dataorg") + .setName("Data Corp.") + .build()) + .setReleaseTime(LocalDateTime.of(2025, 10, 22, 8, 50) + .format(SPDX_DATE_FORMATTER)) + .setDownloadLocation("https://com.data-corp.data/mydata") + .setPrimaryPurpose(SoftwarePurpose.DATA) + .build(); + doc.getElements().add(dataset); + aiBom.getElements().add(dataset); + // AIPackage + AIPackage aiPackage = doc.createAIPackage(prefix + "aipackage") + .setAutonomyType(PresenceType.YES) + .addDomain("Automotive") + // EnergyConsumption + .setEnergyConsumption(doc.createEnergyConsumption(getNextAnonId()) + // EnergyConsumptionDescription + .addFinetuningEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(150.0) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addInferenceEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(0.7) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addTrainingEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(15000.3) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .build()) + .addHyperparameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Hidden layers") + .setValue("14") + .build()) + .setInformationAboutApplication("Used in self driving cars") + .setInformationAboutTraining("Trained from data collected from auto cameras, sensors and WWW") + .setLimitation("Limited by amount of situations encountered from autos used for training") + .addMetric(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("432") + .build()) + .addMetricDecisionThreshold(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("100") + .build()) + .addModelDataPreprocessing("1. data cleaning") + .addModelExplainability("Behaviors from the auto driving car when observed from a safety driver") + .setSafetyRiskAssessment(SafetyRiskAssessmentType.SERIOUS) + .addStandardCompliance("UL 4600") + .addTypeOfModel("LLM") + .setUseSensitivePersonalInformation(PresenceType.NO) + .build(); + doc.getElements().add(aiPackage); + aiBom.getElements().add(aiPackage); + Relationship usesData = doc.createRelationship(prefix + "usesdata") + .setRelationshipType(RelationshipType.TRAINED_ON) + .setFrom(dataset) + .addTo(aiPackage) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + doc.getElements().add(usesData); + aiBom.getElements().add(usesData); + } + } + + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/full-example-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.setIdPrefix(prefix); + ExampleBuilder builder = new ExampleBuilder(prefix, doc); + builder.build(); + List warnings = new ArrayList<>(); + // Add all the elements to the doc to make sure everything gets serialized + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); + + // Verify using the SPDX Java Library + warnings.addAll(doc.verify()); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream, doc); + } + + // Validate using the schema + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = jsonSchemaFactory.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } + } + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java index 07be22c..f99a182 100644 --- a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2021 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2021 Source Auditor Inc. */ package org.spdx.examples; @@ -35,7 +36,6 @@ * This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries * * @author Gary O'Neall - * */ public class SimpleSpdxDocumentV2Compat { diff --git a/examples/org/spdx/examples/SpdxExtensionExample.java b/examples/org/spdx/examples/SpdxExtensionExample.java new file mode 100644 index 0000000..f75d8c9 --- /dev/null +++ b/examples/org/spdx/examples/SpdxExtensionExample.java @@ -0,0 +1,37 @@ +package org.spdx.examples; + +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.model.v3_0_1.extension.Extension; +import org.spdx.storage.IModelStore; +import org.spdx.storage.PropertyDescriptor; + +import javax.annotation.Nullable; +import java.util.Optional; + +public class SpdxExtensionExample extends Extension { + + static final PropertyDescriptor EXTENSION_PROPERTY_DESCRIPTOR = new PropertyDescriptor("extensionProp", "https://my/extension/namespace/"); + + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String specVersion, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + + public SpdxExtensionExample setExtensionProperty(String value) throws InvalidSPDXAnalysisException { + setPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR, value); + return this; + } + + public Optional getExtensionProperty() throws InvalidSPDXAnalysisException { + return getStringPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR); + } + + @Override + public String getType() { + return "Extension.example"; + } +} diff --git a/pom.xml b/pom.xml index d245812..f9b3299 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.0-RC3-SNAPSHOT + 2.0.6-SNAPSHOT jar tools-java @@ -43,19 +43,12 @@ Github Actions https://github.com/spdx/tools-java/actions - - - ossrh - spdx-spdx-tools - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - UTF-8 https://sonarcloud.io spdx tools-java - 8.4.3 + 12.2.1 11 -Xdoclint:none @@ -67,7 +60,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + 3.4.0 attach-sources @@ -81,7 +74,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.2.8 sign-artifacts @@ -104,77 +97,65 @@ commons-io commons-io - 2.16.1 + 2.21.0 org.apache.commons commons-compress - 1.27.1 + 1.28.0 + + + org.apache.ws.xmlschema + xmlschema-core + 2.3.2 junit junit - 4.13.1 + 4.13.2 test org.spdx java-spdx-library - 2.0.0-RC2 - - - org.spdx - spdx-rdf-store - 2.0.0-RC2 + 2.0.3 org.spdx spdx-jackson-store - 2.0.0-RC2 + 2.0.5 - org.apache.ws.xmlschema - xmlschema-core - 2.3.0 + org.spdx + spdx-rdf-store + 2.0.3 org.spdx spdx-spreadsheet-store - 2.0.0-RC2 + 2.0.3 org.spdx spdx-tagvalue-store - 2.0.0-RC2 + 2.0.3 + + + org.spdx + spdx-v3jsonld-store + 1.0.4 com.networknt json-schema-validator - 1.5.1 + 1.5.9 org.slf4j slf4j-simple - 2.0.13 + 2.0.17 true - - org.spdx - spdx-v3jsonld-store - 1.0.0-RC3 - - - org.apache.poi - poi - 5.3.0 - compile - - - org.apache.jena - jena-core - 5.2.0 - compile - @@ -221,6 +202,15 @@ + + org.sonatype.central + central-publishing-maven-plugin + 0.10.0 + true + + central + + org.owasp dependency-check-maven @@ -232,7 +222,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.2.1 + 3.6.2 enforce-java @@ -252,7 +242,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.15.0 ${project.build.sourceEncoding} true @@ -263,19 +253,15 @@ org.apache.maven.plugins maven-javadoc-plugin - 2.9 + 3.12.0 true - 8 - ${env.JAVA_HOME}/bin/javadoc - -Xdoclint:none + true + all,-missing attach-javadocs - - ${javadoc.opts} - jar @@ -285,6 +271,8 @@ org.apache.maven.plugins maven-shade-plugin + 3.2.4 + true jar-with-dependencies @@ -326,7 +314,7 @@ org.spdx spdx-maven-plugin - 0.7.3 + 1.0.3 build-spdx @@ -366,13 +354,18 @@ org.apache.maven.plugins maven-release-plugin - 3.0.1 + 3.3.1 v@{project.version} release deploy + + org.sonarsource.scanner.maven + sonar-maven-plugin + 5.5.0.6356 + diff --git a/resources/spdx-schema-v2.3.json b/resources/spdx-schema-v2.3.json index 403d202..36c955a 100644 --- a/resources/spdx-schema-v2.3.json +++ b/resources/spdx-schema-v2.3.json @@ -413,7 +413,7 @@ "primaryPackagePurpose" : { "description" : "This field provides information about the primary purpose of the identified package. Package Purpose is intrinsic to how the package is being used rather than the content of the package.", "type" : "string", - "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING_SYSTEM", "FILE" ] + "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING-SYSTEM", "FILE" ] }, "releaseDate" : { "description" : "This field provides a place for recording the date the package was released.", diff --git a/resources/spdx-schema-v3.0.1.json b/resources/spdx-schema-v3.0.1.json index ccb1933..bd7a3b5 100644 --- a/resources/spdx-schema-v3.0.1.json +++ b/resources/spdx-schema-v3.0.1.json @@ -10,42 +10,56 @@ }, "required": ["@context"], - "oneOf": [ - { - "type": "object", - "properties": { - "@graph": { - "description": "Top level container for JSON-LD objects", - "type": "array", - "items": { - "type": "object", - "$ref": "#/$defs/AnyClass", - "unevaluatedProperties": false - } + "if": { + "type": "object", + "required": ["@graph"] + }, + "then": { + "type": "object", + "properties": { + "@graph": { + "description": "Top level container for JSON-LD objects", + "type": "array", + "items": { + "type": "object", + "$ref": "#/$defs/AnyClass", + "unevaluatedProperties": false } - }, - "required": ["@graph"] + } }, - { "$ref": "#/$defs/AnyClass" } - ], + "required": ["@graph"] + }, + "else": { + "$ref": "#/$defs/AnyClass" + }, "unevaluatedProperties": false, "$defs": { "ai_EnergyConsumption": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumption" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumption" } }, - { "$ref": "#/$defs/ai_EnergyConsumption_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumption_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumption" + } }, "ai_EnergyConsumption_derived": { "anyOf": [ @@ -66,7 +80,7 @@ "type": "object", "properties": { "ai_finetuningEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -76,7 +90,7 @@ ] }, "ai_inferenceEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -86,7 +100,7 @@ ] }, "ai_trainingEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -109,20 +123,30 @@ "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "ai_EnergyConsumptionDescription": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumptionDescription" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumptionDescription" } }, - { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumptionDescription" + } }, "ai_EnergyConsumptionDescription_derived": { "anyOf": [ @@ -157,7 +181,7 @@ ] }, "prop_ai_EnergyConsumptionDescription_ai_energyQuantity": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -175,20 +199,30 @@ ] }, "ai_EnergyUnitType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyUnitType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyUnitType" } }, - { "$ref": "#/$defs/ai_EnergyUnitType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyUnitType_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyUnitType" + } }, "ai_EnergyUnitType_derived": { "anyOf": [ @@ -216,20 +250,30 @@ ] }, "ai_SafetyRiskAssessmentType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_SafetyRiskAssessmentType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_SafetyRiskAssessmentType" } }, - { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } + ] + }, + "else": { + "const": "Not a ai_SafetyRiskAssessmentType" + } }, "ai_SafetyRiskAssessmentType_derived": { "anyOf": [ @@ -258,20 +302,30 @@ ] }, "AnnotationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "AnnotationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "AnnotationType" } }, - { "$ref": "#/$defs/AnnotationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/AnnotationType_props" } + ] + }, + "else": { + "const": "Not a AnnotationType" + } }, "AnnotationType_derived": { "anyOf": [ @@ -298,20 +352,30 @@ ] }, "CreationInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "CreationInfo" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "CreationInfo" } }, - { "$ref": "#/$defs/CreationInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/CreationInfo_props" } + ] + }, + "else": { + "const": "Not a CreationInfo" + } }, "CreationInfo_derived": { "anyOf": [ @@ -338,7 +402,7 @@ "$ref": "#/$defs/prop_CreationInfo_created" }, "createdBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -349,7 +413,7 @@ ] }, "createdUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -395,20 +459,30 @@ "type": "string" }, "DictionaryEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "DictionaryEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "DictionaryEntry" } }, - { "$ref": "#/$defs/DictionaryEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/DictionaryEntry_props" } + ] + }, + "else": { + "const": "Not a DictionaryEntry" + } }, "DictionaryEntry_derived": { "anyOf": [ @@ -520,7 +594,17 @@ "$ref": "#/$defs/prop_Element_description" }, "extension": { - "oneOf": [ + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/prop_Element_extension" + } + } + ] + }, + "extension": { + "anyOf": [ { "type": "array", "items": { @@ -530,7 +614,7 @@ ] }, "externalIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -540,7 +624,7 @@ ] }, "externalRef": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -556,7 +640,7 @@ "$ref": "#/$defs/prop_Element_summary" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -584,6 +668,9 @@ "prop_Element_extension": { "$ref": "#/$defs/extension_Extension_derived" }, + "prop_Element_extension": { + "$ref": "#/$defs/extension_Extension_derived" + }, "prop_Element_externalIdentifier": { "$ref": "#/$defs/ExternalIdentifier_derived" }, @@ -621,7 +708,7 @@ "type": "object", "properties": { "element": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -631,7 +718,7 @@ ] }, "profileConformance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -641,7 +728,7 @@ ] }, "rootElement": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -675,20 +762,30 @@ "$ref": "#/$defs/Element_derived" }, "ExternalIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifier" } }, - { "$ref": "#/$defs/ExternalIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifier_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifier" + } }, "ExternalIdentifier_derived": { "anyOf": [ @@ -718,7 +815,7 @@ "$ref": "#/$defs/prop_ExternalIdentifier_identifier" }, "identifierLocator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -766,20 +863,30 @@ "type": "string" }, "ExternalIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifierType" } }, - { "$ref": "#/$defs/ExternalIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifierType" + } }, "ExternalIdentifierType_derived": { "anyOf": [ @@ -815,20 +922,30 @@ ] }, "ExternalMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalMap" } }, - { "$ref": "#/$defs/ExternalMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalMap_props" } + ] + }, + "else": { + "const": "Not a ExternalMap" + } }, "ExternalMap_derived": { "anyOf": [ @@ -858,7 +975,7 @@ "$ref": "#/$defs/prop_ExternalMap_locationHint" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -887,20 +1004,30 @@ "$ref": "#/$defs/IntegrityMethod_derived" }, "ExternalRef": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRef" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRef" } }, - { "$ref": "#/$defs/ExternalRef_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRef_props" } + ] + }, + "else": { + "const": "Not a ExternalRef" + } }, "ExternalRef_derived": { "anyOf": [ @@ -930,7 +1057,7 @@ "$ref": "#/$defs/prop_ExternalRef_externalRefType" }, "locator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1004,20 +1131,30 @@ "type": "string" }, "ExternalRefType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRefType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRefType" } }, - { "$ref": "#/$defs/ExternalRefType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRefType_props" } + ] + }, + "else": { + "const": "Not a ExternalRefType" + } }, "ExternalRefType_derived": { "anyOf": [ @@ -1088,20 +1225,30 @@ ] }, "HashAlgorithm": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "HashAlgorithm" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "HashAlgorithm" } }, - { "$ref": "#/$defs/HashAlgorithm_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/HashAlgorithm_props" } + ] + }, + "else": { + "const": "Not a HashAlgorithm" + } }, "HashAlgorithm_derived": { "anyOf": [ @@ -1148,21 +1295,31 @@ ] }, "IndividualElement": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "IndividualElement" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "IndividualElement" + } }, - { "$ref": "#/$defs/IndividualElement_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/IndividualElement_props" } + ] + }, + "else": { + "const": "Not a IndividualElement" + } }, "IndividualElement_derived": { "anyOf": [ @@ -1219,20 +1376,30 @@ "type": "string" }, "LifecycleScopeType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopeType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopeType" } }, - { "$ref": "#/$defs/LifecycleScopeType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/LifecycleScopeType_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopeType" + } }, "LifecycleScopeType_derived": { "anyOf": [ @@ -1263,20 +1430,30 @@ ] }, "NamespaceMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "NamespaceMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "NamespaceMap" } }, - { "$ref": "#/$defs/NamespaceMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/NamespaceMap_props" } + ] + }, + "else": { + "const": "Not a NamespaceMap" + } }, "NamespaceMap_derived": { "anyOf": [ @@ -1317,20 +1494,30 @@ "type": "string" }, "PackageVerificationCode": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PackageVerificationCode" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PackageVerificationCode" } }, - { "$ref": "#/$defs/PackageVerificationCode_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PackageVerificationCode_props" } + ] + }, + "else": { + "const": "Not a PackageVerificationCode" + } }, "PackageVerificationCode_derived": { "anyOf": [ @@ -1357,7 +1544,7 @@ "$ref": "#/$defs/prop_PackageVerificationCode_hashValue" }, "packageVerificationCodeExcludedFile": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1407,20 +1594,30 @@ "type": "string" }, "PositiveIntegerRange": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PositiveIntegerRange" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PositiveIntegerRange" } }, - { "$ref": "#/$defs/PositiveIntegerRange_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PositiveIntegerRange_props" } + ] + }, + "else": { + "const": "Not a PositiveIntegerRange" + } }, "PositiveIntegerRange_derived": { "anyOf": [ @@ -1463,20 +1660,30 @@ "minimum": 1 }, "PresenceType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PresenceType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PresenceType" } }, - { "$ref": "#/$defs/PresenceType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PresenceType_props" } + ] + }, + "else": { + "const": "Not a PresenceType" + } }, "PresenceType_derived": { "anyOf": [ @@ -1504,20 +1711,30 @@ ] }, "ProfileIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ProfileIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ProfileIdentifierType" } }, - { "$ref": "#/$defs/ProfileIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ProfileIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ProfileIdentifierType" + } }, "ProfileIdentifierType_derived": { "anyOf": [ @@ -1552,21 +1769,31 @@ ] }, "Relationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Relationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Relationship" + } }, - { "$ref": "#/$defs/Relationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Relationship_props" } + ] + }, + "else": { + "const": "Not a Relationship" + } }, "Relationship_derived": { "anyOf": [ @@ -1613,7 +1840,7 @@ "$ref": "#/$defs/prop_Relationship_startTime" }, "to": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -1731,20 +1958,30 @@ "$ref": "#/$defs/Element_derived" }, "RelationshipCompleteness": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipCompleteness" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipCompleteness" } }, - { "$ref": "#/$defs/RelationshipCompleteness_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipCompleteness_props" } + ] + }, + "else": { + "const": "Not a RelationshipCompleteness" + } }, "RelationshipCompleteness_derived": { "anyOf": [ @@ -1772,20 +2009,30 @@ ] }, "RelationshipType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipType" } }, - { "$ref": "#/$defs/RelationshipType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipType_props" } + ] + }, + "else": { + "const": "Not a RelationshipType" + } }, "RelationshipType_derived": { "anyOf": [ @@ -1869,21 +2116,31 @@ ] }, "SpdxDocument": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SpdxDocument" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SpdxDocument" + } }, - { "$ref": "#/$defs/SpdxDocument_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SpdxDocument_props" } + ] + }, + "else": { + "const": "Not a SpdxDocument" + } }, "SpdxDocument_derived": { "anyOf": [ @@ -1907,7 +2164,7 @@ "$ref": "#/$defs/prop_SpdxDocument_dataLicense" }, "import": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1917,7 +2174,7 @@ ] }, "namespaceMap": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1940,20 +2197,30 @@ "$ref": "#/$defs/NamespaceMap_derived" }, "SupportType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "SupportType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "SupportType" } }, - { "$ref": "#/$defs/SupportType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/SupportType_props" } + ] + }, + "else": { + "const": "Not a SupportType" + } }, "SupportType_derived": { "anyOf": [ @@ -1985,21 +2252,31 @@ ] }, "Tool": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Tool" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Tool" + } }, - { "$ref": "#/$defs/Tool_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Tool_props" } + ] + }, + "else": { + "const": "Not a Tool" + } }, "Tool_derived": { "anyOf": [ @@ -2024,20 +2301,30 @@ ] }, "dataset_ConfidentialityLevelType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_ConfidentialityLevelType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_ConfidentialityLevelType" } }, - { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } + ] + }, + "else": { + "const": "Not a dataset_ConfidentialityLevelType" + } }, "dataset_ConfidentialityLevelType_derived": { "anyOf": [ @@ -2066,20 +2353,30 @@ ] }, "dataset_DatasetAvailabilityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetAvailabilityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetAvailabilityType" } }, - { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetAvailabilityType" + } }, "dataset_DatasetAvailabilityType_derived": { "anyOf": [ @@ -2109,20 +2406,30 @@ ] }, "dataset_DatasetType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetType" } }, - { "$ref": "#/$defs/dataset_DatasetType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetType" + } }, "dataset_DatasetType_derived": { "anyOf": [ @@ -2192,7 +2499,7 @@ "$ref": "#/$defs/prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2230,21 +2537,31 @@ "type": "string" }, "expandedlicensing_ListedLicenseException": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicenseException" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicenseException" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicenseException" + } }, "expandedlicensing_ListedLicenseException_derived": { "anyOf": [ @@ -2281,20 +2598,30 @@ "type": "string" }, "extension_CdxPropertyEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertyEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertyEntry" } }, - { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertyEntry" + } }, "extension_CdxPropertyEntry_derived": { "anyOf": [ @@ -2334,22 +2661,34 @@ "type": "string" }, "extension_Extension": { - "allOf": [ - { - "type": "object", - "unevaluatedProperties": true, - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "allOf": [ - { "$ref": "#/$defs/IRI" }, - { "not": { "const": "extension_Extension" } } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "allOf": [ + { "$ref": "#/$defs/IRI" }, + { "not": { "const": "extension_Extension" } } + ] } }, - { "$ref": "#/$defs/extension_Extension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "unevaluatedProperties": true, + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_Extension_props" } + ] + }, + "else": { + "const": "Not a extension_Extension" + } }, "extension_Extension_derived": { "anyOf": [ @@ -2374,20 +2713,30 @@ ] }, "security_CvssSeverityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssSeverityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssSeverityType" } }, - { "$ref": "#/$defs/security_CvssSeverityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_CvssSeverityType_props" } + ] + }, + "else": { + "const": "Not a security_CvssSeverityType" + } }, "security_CvssSeverityType_derived": { "anyOf": [ @@ -2417,20 +2766,30 @@ ] }, "security_ExploitCatalogType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogType" } }, - { "$ref": "#/$defs/security_ExploitCatalogType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_ExploitCatalogType_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogType" + } }, "security_ExploitCatalogType_derived": { "anyOf": [ @@ -2457,20 +2816,30 @@ ] }, "security_SsvcDecisionType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcDecisionType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcDecisionType" } }, - { "$ref": "#/$defs/security_SsvcDecisionType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_SsvcDecisionType_props" } + ] + }, + "else": { + "const": "Not a security_SsvcDecisionType" + } }, "security_SsvcDecisionType_derived": { "anyOf": [ @@ -2499,20 +2868,30 @@ ] }, "security_VexJustificationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_VexJustificationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexJustificationType" } }, - { "$ref": "#/$defs/security_VexJustificationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_VexJustificationType_props" } + ] + }, + "else": { + "const": "Not a security_VexJustificationType" + } }, "security_VexJustificationType_derived": { "anyOf": [ @@ -2658,21 +3037,31 @@ ] }, "simplelicensing_LicenseExpression": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_LicenseExpression" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_LicenseExpression" + } }, - { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_LicenseExpression" + } }, "simplelicensing_LicenseExpression_derived": { "anyOf": [ @@ -2693,7 +3082,7 @@ "type": "object", "properties": { "simplelicensing_customIdToUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2726,21 +3115,31 @@ "type": "string" }, "simplelicensing_SimpleLicensingText": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_SimpleLicensingText" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_SimpleLicensingText" + } }, - { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_SimpleLicensingText" + } }, "simplelicensing_SimpleLicensingText_derived": { "anyOf": [ @@ -2774,20 +3173,30 @@ "type": "string" }, "software_ContentIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifier" } }, - { "$ref": "#/$defs/software_ContentIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifier_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifier" + } }, "software_ContentIdentifier_derived": { "anyOf": [ @@ -2831,22 +3240,32 @@ "$ref": "#/$defs/anyURI" }, "software_ContentIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifierType" } }, - { "$ref": "#/$defs/software_ContentIdentifierType_props" } - ] - }, - "software_ContentIdentifierType_derived": { + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifierType_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifierType" + } + }, + "software_ContentIdentifierType_derived": { "anyOf": [ { "type": "object", @@ -2871,20 +3290,30 @@ ] }, "software_FileKindType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_FileKindType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_FileKindType" } }, - { "$ref": "#/$defs/software_FileKindType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_FileKindType_props" } + ] + }, + "else": { + "const": "Not a software_FileKindType" + } }, "software_FileKindType_derived": { "anyOf": [ @@ -2911,20 +3340,30 @@ ] }, "software_SbomType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SbomType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SbomType" } }, - { "$ref": "#/$defs/software_SbomType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SbomType_props" } + ] + }, + "else": { + "const": "Not a software_SbomType" + } }, "software_SbomType_derived": { "anyOf": [ @@ -2955,20 +3394,30 @@ ] }, "software_SoftwarePurpose": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SoftwarePurpose" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SoftwarePurpose" } }, - { "$ref": "#/$defs/software_SoftwarePurpose_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SoftwarePurpose_props" } + ] + }, + "else": { + "const": "Not a software_SoftwarePurpose" + } }, "software_SoftwarePurpose_derived": { "anyOf": [ @@ -3022,21 +3471,31 @@ ] }, "build_Build": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "build_Build" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "build_Build" + } }, - { "$ref": "#/$defs/build_Build_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/build_Build_props" } + ] + }, + "else": { + "const": "Not a build_Build" + } }, "build_Build_derived": { "anyOf": [ @@ -3069,7 +3528,7 @@ "$ref": "#/$defs/prop_build_Build_build_buildType" }, "build_configSourceDigest": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3079,7 +3538,7 @@ ] }, "build_configSourceEntrypoint": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3089,7 +3548,7 @@ ] }, "build_configSourceUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3099,7 +3558,7 @@ ] }, "build_environment": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3109,7 +3568,7 @@ ] }, "build_parameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3169,21 +3628,31 @@ "$ref": "#/$defs/DictionaryEntry_derived" }, "Agent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Agent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Agent" + } }, - { "$ref": "#/$defs/Agent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Agent_props" } + ] + }, + "else": { + "const": "Not a Agent" + } }, "Agent_derived": { "anyOf": [ @@ -3212,21 +3681,31 @@ ] }, "Annotation": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Annotation" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Annotation" + } }, - { "$ref": "#/$defs/Annotation_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Annotation_props" } + ] + }, + "else": { + "const": "Not a Annotation" + } }, "Annotation_derived": { "anyOf": [ @@ -3309,7 +3788,7 @@ "$ref": "#/$defs/prop_Artifact_builtTime" }, "originatedBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3322,7 +3801,7 @@ "$ref": "#/$defs/prop_Artifact_releaseTime" }, "standardName": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3335,7 +3814,7 @@ "$ref": "#/$defs/prop_Artifact_suppliedBy" }, "supportLevel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3405,21 +3884,31 @@ ] }, "Bundle": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bundle" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bundle" + } }, - { "$ref": "#/$defs/Bundle_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bundle_props" } + ] + }, + "else": { + "const": "Not a Bundle" + } }, "Bundle_derived": { "anyOf": [ @@ -3452,20 +3941,30 @@ "type": "string" }, "Hash": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "Hash" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "Hash" } }, - { "$ref": "#/$defs/Hash_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/Hash_props" } + ] + }, + "else": { + "const": "Not a Hash" + } }, "Hash_derived": { "anyOf": [ @@ -3529,21 +4028,31 @@ "type": "string" }, "LifecycleScopedRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopedRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopedRelationship" + } }, - { "$ref": "#/$defs/LifecycleScopedRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/LifecycleScopedRelationship_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopedRelationship" + } }, "LifecycleScopedRelationship_derived": { "anyOf": [ @@ -3581,21 +4090,31 @@ ] }, "Organization": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Organization" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Organization" + } }, - { "$ref": "#/$defs/Organization_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Organization_props" } + ] + }, + "else": { + "const": "Not a Organization" + } }, "Organization_derived": { "anyOf": [ @@ -3621,21 +4140,31 @@ ] }, "Person": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Person" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Person" + } }, - { "$ref": "#/$defs/Person_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Person_props" } + ] + }, + "else": { + "const": "Not a Person" + } }, "Person_derived": { "anyOf": [ @@ -3660,21 +4189,31 @@ ] }, "SoftwareAgent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SoftwareAgent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SoftwareAgent" + } }, - { "$ref": "#/$defs/SoftwareAgent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SoftwareAgent_props" } + ] + }, + "else": { + "const": "Not a SoftwareAgent" + } }, "SoftwareAgent_derived": { "anyOf": [ @@ -3699,21 +4238,31 @@ ] }, "expandedlicensing_ConjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ConjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ConjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ConjunctiveLicenseSet" + } }, "expandedlicensing_ConjunctiveLicenseSet_derived": { "anyOf": [ @@ -3734,7 +4283,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3755,21 +4304,31 @@ "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_CustomLicenseAddition": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicenseAddition" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicenseAddition" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicenseAddition" + } }, "expandedlicensing_CustomLicenseAddition_derived": { "anyOf": [ @@ -3794,21 +4353,31 @@ ] }, "expandedlicensing_DisjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_DisjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_DisjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_DisjunctiveLicenseSet" + } }, "expandedlicensing_DisjunctiveLicenseSet_derived": { "anyOf": [ @@ -3829,7 +4398,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3874,21 +4443,31 @@ ] }, "expandedlicensing_IndividualLicensingInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_IndividualLicensingInfo" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_IndividualLicensingInfo" + } }, - { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_IndividualLicensingInfo" + } }, "expandedlicensing_IndividualLicensingInfo_derived": { "anyOf": [ @@ -3949,7 +4528,7 @@ "$ref": "#/$defs/prop_expandedlicensing_License_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4002,21 +4581,31 @@ "type": "string" }, "expandedlicensing_ListedLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicense" + } }, "expandedlicensing_ListedLicense_derived": { "anyOf": [ @@ -4053,21 +4642,31 @@ "type": "string" }, "expandedlicensing_OrLaterOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_OrLaterOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_OrLaterOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_OrLaterOperator" + } }, "expandedlicensing_OrLaterOperator_derived": { "anyOf": [ @@ -4101,21 +4700,31 @@ "$ref": "#/$defs/expandedlicensing_License_derived" }, "expandedlicensing_WithAdditionOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_WithAdditionOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_WithAdditionOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_WithAdditionOperator" + } }, "expandedlicensing_WithAdditionOperator_derived": { "anyOf": [ @@ -4156,20 +4765,30 @@ "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" }, "extension_CdxPropertiesExtension": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertiesExtension" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertiesExtension" } }, - { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertiesExtension" + } }, "extension_CdxPropertiesExtension_derived": { "anyOf": [ @@ -4190,7 +4809,7 @@ "type": "object", "properties": { "extension_cdxProperty": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -4211,21 +4830,31 @@ "$ref": "#/$defs/extension_CdxPropertyEntry_derived" }, "security_CvssV2VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV2VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV2VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV2VulnAssessmentRelationship" + } }, "security_CvssV2VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4260,7 +4889,7 @@ ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_score": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -4270,26 +4899,36 @@ } ] }, - "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { - "type": "string" - }, - "security_CvssV3VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV3VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] - }, - { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } - ] - }, + "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { + "type": "string" + }, + "security_CvssV3VulnAssessmentRelationship": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV3VulnAssessmentRelationship" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV3VulnAssessmentRelationship" + } + }, "security_CvssV3VulnAssessmentRelationship_derived": { "anyOf": [ { @@ -4327,7 +4966,7 @@ ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_score": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -4350,21 +4989,31 @@ "type": "string" }, "security_CvssV4VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV4VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV4VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV4VulnAssessmentRelationship" + } }, "security_CvssV4VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4403,7 +5052,7 @@ ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_score": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -4426,21 +5075,31 @@ "type": "string" }, "security_EpssVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_EpssVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_EpssVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_EpssVulnAssessmentRelationship" + } }, "security_EpssVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4475,7 +5134,7 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_percentile": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -4486,7 +5145,7 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_probability": { - "oneOf": [ + "anyOf": [ { "type": "number" }, @@ -4497,21 +5156,31 @@ ] }, "security_ExploitCatalogVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogVulnAssessmentRelationship" + } }, "security_ExploitCatalogVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4562,21 +5231,31 @@ "$ref": "#/$defs/anyURI" }, "security_SsvcVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_SsvcVulnAssessmentRelationship" + } }, "security_SsvcVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4652,21 +5331,31 @@ "type": "string" }, "security_Vulnerability": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_Vulnerability" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_Vulnerability" + } }, - { "$ref": "#/$defs/security_Vulnerability_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_Vulnerability_props" } + ] + }, + "else": { + "const": "Not a security_Vulnerability" + } }, "security_Vulnerability_derived": { "anyOf": [ @@ -4755,7 +5444,7 @@ "type": "object", "properties": { "software_additionalPurpose": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4765,7 +5454,7 @@ ] }, "software_attributionText": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4775,7 +5464,7 @@ ] }, "software_contentIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4870,21 +5559,31 @@ ] }, "Bom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bom" + } }, - { "$ref": "#/$defs/Bom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bom_props" } + ] + }, + "else": { + "const": "Not a Bom" + } }, "Bom_derived": { "anyOf": [ @@ -4910,21 +5609,31 @@ ] }, "expandedlicensing_CustomLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicense" + } }, "expandedlicensing_CustomLicense_derived": { "anyOf": [ @@ -4949,21 +5658,31 @@ ] }, "security_VexAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexAffectedVulnAssessmentRelationship" + } }, "security_VexAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5011,21 +5730,31 @@ ] }, "security_VexFixedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexFixedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexFixedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexFixedVulnAssessmentRelationship" + } }, "security_VexFixedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5050,21 +5779,31 @@ ] }, "security_VexNotAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexNotAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexNotAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexNotAffectedVulnAssessmentRelationship" + } }, "security_VexNotAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5121,21 +5860,31 @@ ] }, "security_VexUnderInvestigationVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexUnderInvestigationVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexUnderInvestigationVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexUnderInvestigationVulnAssessmentRelationship" + } }, "security_VexUnderInvestigationVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5160,21 +5909,31 @@ ] }, "software_File": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_File" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_File" + } }, - { "$ref": "#/$defs/software_File_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_File_props" } + ] + }, + "else": { + "const": "Not a software_File" + } }, "software_File_derived": { "anyOf": [ @@ -5215,21 +5974,31 @@ ] }, "software_Package": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Package" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Package" + } }, - { "$ref": "#/$defs/software_Package_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Package_props" } + ] + }, + "else": { + "const": "Not a software_Package" + } }, "software_Package_derived": { "anyOf": [ @@ -5286,21 +6055,31 @@ "type": "string" }, "software_Sbom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Sbom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Sbom" + } }, - { "$ref": "#/$defs/software_Sbom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Sbom_props" } + ] + }, + "else": { + "const": "Not a software_Sbom" + } }, "software_Sbom_derived": { "anyOf": [ @@ -5321,7 +6100,7 @@ "type": "object", "properties": { "software_sbomType": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5345,21 +6124,31 @@ ] }, "software_Snippet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Snippet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Snippet" + } }, - { "$ref": "#/$defs/software_Snippet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Snippet_props" } + ] + }, + "else": { + "const": "Not a software_Snippet" + } }, "software_Snippet_derived": { "anyOf": [ @@ -5405,21 +6194,31 @@ "$ref": "#/$defs/software_File_derived" }, "ai_AIPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "ai_AIPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_AIPackage" + } }, - { "$ref": "#/$defs/ai_AIPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/ai_AIPackage_props" } + ] + }, + "else": { + "const": "Not a ai_AIPackage" + } }, "ai_AIPackage_derived": { "anyOf": [ @@ -5443,7 +6242,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_autonomyType" }, "ai_domain": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5456,7 +6255,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_energyConsumption" }, "ai_hyperparameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5475,7 +6274,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_limitation" }, "ai_metric": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5485,7 +6284,7 @@ ] }, "ai_metricDecisionThreshold": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5495,7 +6294,7 @@ ] }, "ai_modelDataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5505,7 +6304,7 @@ ] }, "ai_modelExplainability": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5518,7 +6317,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_safetyRiskAssessment" }, "ai_standardCompliance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5528,7 +6327,7 @@ ] }, "ai_typeOfModel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5603,21 +6402,31 @@ ] }, "dataset_DatasetPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetPackage" + } }, - { "$ref": "#/$defs/dataset_DatasetPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/dataset_DatasetPackage_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetPackage" + } }, "dataset_DatasetPackage_derived": { "anyOf": [ @@ -5638,7 +6447,7 @@ "type": "object", "properties": { "dataset_anonymizationMethodUsed": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5654,7 +6463,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_dataCollectionProcess" }, "dataset_dataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5673,7 +6482,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_datasetSize" }, "dataset_datasetType": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -5693,7 +6502,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_intendedUse" }, "dataset_knownBias": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5703,7 +6512,7 @@ ] }, "dataset_sensor": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5798,7 +6607,7 @@ "pattern": "^_:.+" }, "BlankNodeOrIRI": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "$ref": "#/$defs/BlankNode" } ] @@ -5810,7 +6619,7 @@ "type": "object", "properties": { "type": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "enum": [ @@ -5982,4 +6791,4 @@ ] } } -} \ No newline at end of file +} diff --git a/src/main/java/org/spdx/tools/CONTRIBUTING.md b/src/main/java/org/spdx/tools/CONTRIBUTING.md deleted file mode 100644 index 755f112..0000000 --- a/src/main/java/org/spdx/tools/CONTRIBUTING.md +++ /dev/null @@ -1,23 +0,0 @@ -Contributing -============ -Thank you for your interest in `Spdx-Java-Library`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. - -Issues ------- -`Spdx-Java-Library` has a [project page on GitHub](https://github.com/spdx/Spdx-Java-Library) where you can [create an issue](https://github.com/spdx/Spdx-Java-Library/issues/new/choose) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). - -If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a Pull Request. - -Pull Requests -------- -The source code for `Spdx-Java-Library` is hosted on [github.com/spdx/Spdx-Java-Library](https://github.com/spdx/Spdx-Java-Library). Please review [open pull requests](https://github.com/spdx/Spdx-Java-Library/pulls) and [active branches](https://github.com/spdx/Spdx-Java-Library/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. - -To submit a pull request via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. - -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). - -Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. - -Licensing ---------- -However you choose to contribute, please sign-off in each of your commits that you license your contributions under the terms of [the Developer Certificate of Origin](https://developercertificate.org/). Git has utilities for signing off on commits: `git commit -s` signs a current commit, and `git rebase --signoff ` retroactively signs a range of past commits. \ No newline at end of file diff --git a/src/main/java/org/spdx/tools/CompareSpdxDocs.java b/src/main/java/org/spdx/tools/CompareSpdxDocs.java index 6894031..fdc9629 100644 --- a/src/main/java/org/spdx/tools/CompareSpdxDocs.java +++ b/src/main/java/org/spdx/tools/CompareSpdxDocs.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools; import java.io.File; @@ -44,7 +46,6 @@ * Document files can be either in RDF/XML or tag/value format * * @author Gary O'Neall - * */ public class CompareSpdxDocs { static final int MIN_ARGS = 2; @@ -77,6 +78,7 @@ public static void main(String[] args) { } /** + * Invoke SPDX document processing functions from the online tool * * @param args args[0] is the output Excel file name, all other args are SPDX document file names * @throws OnlineToolException Exception caught by JPype and displayed to the user diff --git a/src/main/java/org/spdx/tools/GenerateVerificationCode.java b/src/main/java/org/spdx/tools/GenerateVerificationCode.java index f84ff34..c125df5 100644 --- a/src/main/java/org/spdx/tools/GenerateVerificationCode.java +++ b/src/main/java/org/spdx/tools/GenerateVerificationCode.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools; import java.io.File; @@ -36,7 +38,6 @@ /** * Generates a verification code for a specific directory * @author Gary O'Neall - * */ public class GenerateVerificationCode { diff --git a/src/main/java/org/spdx/tools/InvalidFileNameException.java b/src/main/java/org/spdx/tools/InvalidFileNameException.java index 8e3e404..9f438fe 100644 --- a/src/main/java/org/spdx/tools/InvalidFileNameException.java +++ b/src/main/java/org/spdx/tools/InvalidFileNameException.java @@ -1,26 +1,26 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools; /** - * Illegal paramater fro a file name + * Illegal parameter fro a file name * @author Gary O'Neall - * */ public class InvalidFileNameException extends Exception { diff --git a/src/main/java/org/spdx/tools/Main.java b/src/main/java/org/spdx/tools/Main.java index 94ddfdb..0f1123a 100644 --- a/src/main/java/org/spdx/tools/Main.java +++ b/src/main/java/org/spdx/tools/Main.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -26,7 +25,6 @@ * Dispatch individual tools * * @author Gary O'Neall - * */ public class Main { diff --git a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java index 9d0ddc2..272d95b 100644 --- a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java +++ b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2014 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2014 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools; import java.io.File; @@ -30,7 +32,6 @@ * license ID's that are equivalent using the SPDX Legal team's license matching * guidelines (http://spdx.org/spdx-license-list/matching-guidelines) * @author Gary O'Neall - * */ public class MatchingStandardLicenses { diff --git a/src/main/java/org/spdx/tools/OnlineToolException.java b/src/main/java/org/spdx/tools/OnlineToolException.java index ac84aef..59be6fb 100644 --- a/src/main/java/org/spdx/tools/OnlineToolException.java +++ b/src/main/java/org/spdx/tools/OnlineToolException.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2017 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2017 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,31 +15,29 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools; /** * Default Exception thrown to the Online Tool * * @author Rohit Lodha - * */ - public class OnlineToolException extends Exception { /** - * + * Serial version UID */ private static final long serialVersionUID = 1L; /** - * + * Default constructor for OnlineToolException. */ public OnlineToolException() { } /** - * + * Constructs an OnlineToolException with the specified message. * @param arg0 */ public OnlineToolException(String arg0) { @@ -45,7 +45,7 @@ public OnlineToolException(String arg0) { } /** - * + * Constructs an OnlineToolException with the specified throwable. * @param arg0 */ public OnlineToolException(Throwable arg0) { @@ -53,7 +53,7 @@ public OnlineToolException(Throwable arg0) { } /** - * + * Constructs an OnlineToolException with the specified message and throwable. * @param arg0 * @param arg1 */ @@ -62,7 +62,7 @@ public OnlineToolException(String arg0, Throwable arg1) { } /** - * + * Constructs an OnlineToolException with the specified message, throwable, and booleans. * @param arg0 * @param arg1 * @param arg2 diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java index da78787..299099a 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools; @@ -35,9 +36,8 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * Convert an RDF schema file containing SPDX property to a JSON context file for all properties in the SPDX namspace + * Convert an RDF schema file containing SPDX property to a JSON context file for all properties in the SPDX namespace * @author Gary O'Neall - * */ public class RdfSchemaToJsonContext { diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java index af32803..595257b 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools; @@ -37,9 +38,8 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * Convert an RDF schema file containing SPDX property to a JSON schema file for all properties in the SPDX namspace + * Convert an RDF schema file containing SPDX property to a JSON schema file for all properties in the SPDX namespace * @author Gary O'Neall - * */ public class RdfSchemaToJsonSchema { @@ -120,7 +120,7 @@ public static void main(String[] args) { public static void usage() { System.out.println("Usage:"); - System.out.println("RdfSchemaToJsonScema rdfSchemaFile jsonSchemaFile"); + System.out.println("RdfSchemaToJsonSchema rdfSchemaFile jsonSchemaFile"); System.out.println("\trdfSchemaFile RDF schema file in RDF/XML format"); System.out.println("\tjsonSchemaFile output JSON Schema file"); } diff --git a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java index 5eed1d3..5482966 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java @@ -1,4 +1,23 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ package org.spdx.tools; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -16,29 +35,9 @@ import org.spdx.tools.schema.OwlToXsd; import org.spdx.tools.schema.SchemaException; - -/** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - /** * Convert an RDF OWL document to an XML Schema * @author Gary O'Neall - * */ public class RdfSchemaToXsd { diff --git a/src/main/java/org/spdx/tools/SpdxConverter.java b/src/main/java/org/spdx/tools/SpdxConverter.java index aeb500e..d8c010c 100644 --- a/src/main/java/org/spdx/tools/SpdxConverter.java +++ b/src/main/java/org/spdx/tools/SpdxConverter.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools; @@ -47,7 +48,6 @@ * * the covert(...) methods can be called programmatically to convert files * @author Gary O'Neall - * */ public class SpdxConverter { static final Logger logger = LoggerFactory.getLogger(SpdxConverter.class); diff --git a/src/main/java/org/spdx/tools/SpdxConverterException.java b/src/main/java/org/spdx/tools/SpdxConverterException.java index bef43d2..ad20b34 100644 --- a/src/main/java/org/spdx/tools/SpdxConverterException.java +++ b/src/main/java/org/spdx/tools/SpdxConverterException.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,15 +15,13 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; /** - * @author Gary O'Neall - * * Exceptions related to the SPDX converter utility * + * @author Gary O'Neall */ public class SpdxConverterException extends Exception { diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index 5c525b7..59ab84e 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -56,10 +55,12 @@ * Static helper methods for the various tools * * @author Gary O'Neall - * */ public class SpdxToolsHelper { + /** + * Supported serialization file types + */ public enum SerFileType { JSON, RDFXML, XML, XLS, XLSX, YAML, TAG, RDFTTL, JSONLD } @@ -69,6 +70,7 @@ public enum SerFileType { static Map EXT_TO_FILETYPE; static { HashMap temp = new HashMap<>(); + temp.put("spdx3.json", SerFileType.JSONLD); temp.put("jsonld.json", SerFileType.JSONLD); temp.put("jsonld", SerFileType.JSONLD); temp.put("json", SerFileType.JSON); @@ -86,6 +88,9 @@ public enum SerFileType { } /** + * Determine the appropriate in memory based model store which supports + * serialization for the fileType + * * @param fileType * file type for the store * @return the appropriate in memory based model store which supports @@ -131,6 +136,8 @@ public static ISerializableModelStore fileTypeToStore(SerFileType fileType) } /** + * Determine the file type based on the file name and extension + * * @param file * @return the file type based on the file name and file extension * @throws InvalidFileNameException @@ -153,10 +160,14 @@ public static SerFileType fileToFileType(File file) if (fileName.endsWith("rdf.ttl")) { ext = "rdf.ttl"; } - }if ("json".equals(ext)) { + } + if ("json".equals(ext)) { if (fileName.endsWith("jsonld.json")) { ext = "jsonld.json"; } + if (fileName.endsWith("spdx3.json")) { + ext = "spdx3.json"; + } } SerFileType retval = EXT_TO_FILETYPE.get(ext); if (SerFileType.JSON.equals(retval)) { @@ -190,6 +201,8 @@ public static SerFileType fileToFileType(File file) } /** + * Determine the file type based on the file extension or string + * * @param str * @return the file type based on the file extension or string */ @@ -199,6 +212,9 @@ public static SerFileType strToFileType(String str) { } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -217,6 +233,9 @@ public static SpdxDocument deserializeDocumentCompatV2(File file) return readDocumentFromFileCompatV2(store, file); } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -237,6 +256,8 @@ public static SpdxDocument deserializeDocumentCompatV2(File file, } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -255,6 +276,8 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument deserializeDocumen return readDocumentFromFileV3(store, file); } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -310,6 +333,8 @@ public static void deserializeFile(ISerializableModelStore store, File file) thr } /** + * Is the store supporting SPDX version 3 + * * @param store model store * @return true of the model store support SPDX spec version 3 */ @@ -318,6 +343,8 @@ public static boolean supportsV3(ISerializableModelStore store) { } /** + * Is the store supporting SPDX version 2 + * * @param store model store * @return true of the model store support SPDX spec version 2 */ @@ -360,7 +387,9 @@ public static CoreModelObject readDocumentFromFile(ISerializableModelStore store } /** - * Reads an SPDX Document from a file + * Reads an SPDX Document from a file, + * compatible with SPDX version 2 + * * @param store Store where the document is to be stored * @param file File to read the store from * @return SPDX Document from the store @@ -377,6 +406,8 @@ public static SpdxDocument readDocumentFromFileCompatV2(ISerializableModelStore } /** + * Gets an SPDX document from the model store + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException @@ -391,12 +422,15 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument getDocFromStore(IS throw new InvalidSPDXAnalysisException("No SPDX version 3 documents in model store"); } if (docs.size() > 1) { - throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelSTore. There can only be one SPDX document."); + throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelStore. There can only be one SPDX document."); } return docs.get(0); } /** + * Gets an SPDX document from the model store, + * compatible with SPDX version 2 + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException diff --git a/src/main/java/org/spdx/tools/SpdxVerificationException.java b/src/main/java/org/spdx/tools/SpdxVerificationException.java index 65faf49..5a75b45 100644 --- a/src/main/java/org/spdx/tools/SpdxVerificationException.java +++ b/src/main/java/org/spdx/tools/SpdxVerificationException.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,15 +15,13 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; /** - * @author Gary O'Neall - * * Exceptions for the SPDX Verify tools * + * @author Gary O'Neall */ public class SpdxVerificationException extends Exception { diff --git a/src/main/java/org/spdx/tools/SpdxVersion.java b/src/main/java/org/spdx/tools/SpdxVersion.java index b432b60..eec1812 100644 --- a/src/main/java/org/spdx/tools/SpdxVersion.java +++ b/src/main/java/org/spdx/tools/SpdxVersion.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxViewer.java b/src/main/java/org/spdx/tools/SpdxViewer.java index 269a894..cd2c37a 100644 --- a/src/main/java/org/spdx/tools/SpdxViewer.java +++ b/src/main/java/org/spdx/tools/SpdxViewer.java @@ -1,12 +1,13 @@ -package org.spdx.tools; /** - * Copyright (c) 2010 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2010 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +16,7 @@ * limitations under the License. * */ - +package org.spdx.tools; import java.io.File; import java.io.PrintWriter; @@ -37,7 +38,6 @@ * @author Gary O'Neall * @version 0.1 */ - public class SpdxViewer { static final int MIN_ARGS = 1; @@ -48,9 +48,7 @@ public class SpdxViewer { * Pretty Printer for an SPDX Document * * @param args args[0] SPDX file path; args[1] [RDFXML|JSON|XLS|XLSX|YAML|TAG] an optional file type - if not present, file type of the to file will be used - * */ - public static void main(String[] args) { if (args.length < MIN_ARGS) { System.err diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index de421f2..00ff30e 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -1,19 +1,21 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + *
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + *
+ * https://www.apache.org/licenses/LICENSE-2.0 + *
* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools; import java.io.File; @@ -38,6 +40,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; + import com.networknt.schema.JsonSchema; import com.networknt.schema.JsonSchemaFactory; import com.networknt.schema.SpecVersion.VersionFlag; @@ -46,16 +49,15 @@ /** * Verifies an SPDX document and lists any verification errors * @author Gary O'Neall - * */ public class Verify { static final int MIN_ARGS = 1; static final int MAX_ARGS = 2; static final int ERROR_STATUS = 1; - private static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; - private static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; - private static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; + public static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); @@ -69,7 +71,7 @@ public static void main(String[] args) { System.exit(ERROR_STATUS); } if (args.length > MAX_ARGS) { - System.out.printf("Warning: Extra arguments will be ignored"); + System.out.println("Warning: Extra arguments will be ignored"); } SpdxToolsHelper.initialize(); List verify = null; @@ -103,20 +105,20 @@ public static void main(String[] args) { errors.add(verifyMsg); } } - if (errors.size() > 0) { + if (!errors.isEmpty()) { System.out.println("This SPDX Document is not valid due to:"); for (String errorMsg:errors) { System.out.print("\t" + errorMsg+"\n"); } } - if (warnings.size() > 0) { + if (!warnings.isEmpty()) { System.out.println("Warning: Deprecated license identifiers were found that should no longer be used.\n" + "References to the following deprecated license ID's should be updated:"); for (String warningMsg:warnings) { System.out.print("\t" + warningMsg+"\n"); } } - if (errors.size() == 0) { + if (errors.isEmpty()) { System.out.println("This SPDX Document is valid."); } else { System.exit(ERROR_STATUS); @@ -126,10 +128,7 @@ public static void main(String[] args) { /** * Verify a an SPDX file * @param filePath File path to the SPDX file to be verified - * @param fileType * @return A list of verification errors - if empty, the SPDX file is valid - * @throws InvalidFileNameException on invalid file name or file not found - * @throws IOException on IO error * @throws SpdxVerificationException where the SPDX file can not be parsed or the filename is invalid */ public static List verify(String filePath, SerFileType fileType) throws SpdxVerificationException { diff --git a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java index e42492f..6d1c1dc 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -35,7 +37,6 @@ * The first column is the file path, second column indicates if all documents are equal, * columns 3 through N are for the values of the individual documents * @author Gary O'Neall - * */ public abstract class AbstractFileCompareSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/AbstractSheet.java b/src/main/java/org/spdx/tools/compare/AbstractSheet.java index e44cfb4..207d7b6 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -38,7 +40,6 @@ /** * Abstract class representing a workbook sheet used in storing structured data * @author Gary O'Neall - * */ public abstract class AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/CompareHelper.java b/src/main/java/org/spdx/tools/compare/CompareHelper.java index ad7121f..381af00 100644 --- a/src/main/java/org/spdx/tools/compare/CompareHelper.java +++ b/src/main/java/org/spdx/tools/compare/CompareHelper.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.net.URI; @@ -40,7 +42,6 @@ /** * Helper class for comparisons * @author Gary O'Neall - * */ public class CompareHelper { diff --git a/src/main/java/org/spdx/tools/compare/CreatorSheet.java b/src/main/java/org/spdx/tools/compare/CreatorSheet.java index 882760b..1e0477b 100644 --- a/src/main/java/org/spdx/tools/compare/CreatorSheet.java +++ b/src/main/java/org/spdx/tools/compare/CreatorSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -35,7 +37,6 @@ * Column 1 describes if the creator is the same or different * Columns 2 through N are for creators in each of the documents * @author Gary O'Neall - * */ public class CreatorSheet extends AbstractSheet { private static final int COL_WIDTH = 50; diff --git a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java index 28af862..a8ec948 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -35,7 +37,6 @@ /** * Sheet for document level annotations * @author Gary O'Neall - * */ public class DocumentAnnotationSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java index 9237bd6..b7f1dae 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -37,7 +39,6 @@ /** * Sheet for document level relationships * @author Gary O'Neall - * */ public class DocumentRelationshipSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/DocumentSheet.java b/src/main/java/org/spdx/tools/compare/DocumentSheet.java index b0e2a1a..efd8650 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -36,7 +38,6 @@ * The first row summarizes which fields are different, the subsequent rows are the * specific date from each result * @author Gary O'Neall - * */ public class DocumentSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java index 7c3cb2f..4cac713 100644 --- a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -37,7 +39,6 @@ /** * Sheet that compares the external document references * @author Gary O'Neall - * */ public class ExternalReferencesSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java index 0c23d7c..5971296 100644 --- a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -40,7 +42,6 @@ * Column 1 contains the extracted text * Columns 2 through N contains the license information in the format licenseId [licenseName] {licenceUrls} (licenseComment) * @author Gary O'Neall - * */ public class ExtractedLicenseSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java index 21b372f..4a6e79a 100644 --- a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file annotations * @author Gary O'Neall - * */ public class FileAnnotationSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java index 36a9020..737f886 100644 --- a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -28,7 +30,6 @@ /** * Sheet with results for file contributor comparison results * @author Gary O'Neall - * */ public class FileAttributionSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java index f063b54..d2d11bd 100644 --- a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Objects; @@ -28,7 +30,6 @@ /** * Sheet of comparison results for file checksums * @author Gary O'Neall - * */ public class FileChecksumSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java index c809b24..021558f 100644 --- a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Optional; @@ -25,9 +27,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * Sheet continaing results for file comment comparison + * Sheet containing results for file comment comparison * @author Gary O'Neall - * */ public class FileCommentSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java index 24f6cfb..d616012 100644 --- a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,8 +27,8 @@ /** + * Sheet with results for file concluded license comparison results * @author Source Auditor - * */ public class FileConcludedSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java index 5812a9a..871ff33 100644 --- a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -27,7 +29,6 @@ /** * Sheet with results for file AttributionText comparison results * @author Gary O'Neall - * */ public class FileContributorsSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java index 6de6819..eb52526 100644 --- a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file copyrights * @author Gary O'Neall - * */ public class FileCopyrightSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java index 8c71fc7..7475a48 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Optional; @@ -28,7 +30,6 @@ /** * Sheet of comparison results for file license comments * @author Gary O'Neall - * */ public class FileLicenseCommentsSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java index 7881578..78313be 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -30,7 +32,6 @@ /** * Sheet of the comparison results for the file seen licenses * @author Gary O'Neall - * */ public class FileLicenseInfoSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java index 0832232..56b526d 100644 --- a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Optional; @@ -27,7 +29,6 @@ /** * Sheet for file notice comparison results * @author Gary O'Neall - * */ public class FileNoticeSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java index c389860..9bd2db3 100644 --- a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file relationships * @author Gary O'Neall - * */ public class FileRelationshipSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java index d870ebc..9a56d5f 100644 --- a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -22,8 +24,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * @author Gary - * + * Sheet comparing file SPDX IDs + * @author Gary O'Neall */ public class FileSpdxIdSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java index 0e8c954..55bb071 100644 --- a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -29,7 +31,6 @@ /** * Sheet containing File Type * @author Gary O'Neall - * */ public class FileTypeSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java index dedd571..2ad3478 100644 --- a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java +++ b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.File; @@ -59,7 +61,6 @@ * - verification: List of any verification errors * * @author Gary O'Neall - * */ public class MultiDocumentSpreadsheet { diff --git a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java index e98437c..170e50a 100644 --- a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java +++ b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -25,7 +27,6 @@ * - File separator character is "/" * - Must begin with "./" * @author Gary O'Neall - * */ public class NormalizedFileNameComparator implements Comparator>, Serializable { @@ -36,6 +37,7 @@ public class NormalizedFileNameComparator implements Comparator static final char DOS_SEPARATOR = '\\'; static final char UNIX_SEPARATOR = '/'; static final String RELATIVE_DIR = "./"; + /* (non-Javadoc) * @see java.util.Comparator#compare(java.lang.Object, java.lang.Object) */ diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java index 2d33d62..f0c5c5e 100644 --- a/src/main/java/org/spdx/tools/compare/PackageSheet.java +++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -39,12 +41,12 @@ import org.spdx.utility.compare.SpdxCompareException; import org.spdx.utility.compare.SpdxComparer; import org.spdx.utility.compare.SpdxPackageComparer; + /** * Document level fields for comparison spreadsheet * Column1 is the document field name, column2 indicates if all docs are equal, * columns3 through columnN are document specific field values * @author Gary O'Neall - * */ public class PackageSheet extends AbstractSheet { @@ -294,7 +296,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/src/main/java/org/spdx/tools/compare/SnippetSheet.java b/src/main/java/org/spdx/tools/compare/SnippetSheet.java index ac0dbe7..d7ea26d 100644 --- a/src/main/java/org/spdx/tools/compare/SnippetSheet.java +++ b/src/main/java/org/spdx/tools/compare/SnippetSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -38,9 +40,8 @@ import org.spdx.utility.compare.SpdxSnippetComparer; /** - * Comparsion sheet for SPDX Snippets - * @author Gary O'Neall - * + * Comparison sheet for SPDX Snippets + * @author Gary O'Neal */ public class SnippetSheet extends AbstractSheet { @@ -195,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/src/main/java/org/spdx/tools/compare/VerificationSheet.java b/src/main/java/org/spdx/tools/compare/VerificationSheet.java index 235a998..945d487 100644 --- a/src/main/java/org/spdx/tools/compare/VerificationSheet.java +++ b/src/main/java/org/spdx/tools/compare/VerificationSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -28,9 +30,9 @@ /** * Worksheet containing verification errors + * * Columns are package names, rows are individual verification errors * @author Gary O'Neall - * */ public class VerificationSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/package-info.java b/src/main/java/org/spdx/tools/compare/package-info.java index 9b41c4a..f5ad148 100644 --- a/src/main/java/org/spdx/tools/compare/package-info.java +++ b/src/main/java/org/spdx/tools/compare/package-info.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,12 +15,11 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ + /** - * @author Gary O'Neall - * * Classes related to the Compare SPDX Docs utilities * + * @author Gary O'Neall */ -package org.spdx.tools.compare; \ No newline at end of file +package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java index af16822..f945e8e 100644 --- a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java +++ b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools.schema; @@ -51,7 +52,6 @@ * Abstract class for implementing classes which convert from RDF/XML OWL format to some other format * * @author Gary O'Neall - * */ public class AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java index 792fa37..b205af2 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools.schema; @@ -38,7 +39,6 @@ * Convert OWL RDF schema to a JSON Context file * * @author Gary O'Neall - * */ public class OwlToJsonContext extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java index 790c87f..beb7b84 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools.schema; @@ -46,10 +47,9 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * @author Gary O'Neall - * * Converts from RDF/OWL RDF/XML documents to JSON Schema draft 7 * + * @author Gary O'Neall */ public class OwlToJsonSchema extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToXsd.java b/src/main/java/org/spdx/tools/schema/OwlToXsd.java index 24c4741..60c0a15 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToXsd.java +++ b/src/main/java/org/spdx/tools/schema/OwlToXsd.java @@ -1,19 +1,20 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools.schema; @@ -60,7 +61,6 @@ * * * @author Gary O'Neall - * */ public class OwlToXsd extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/SchemaException.java b/src/main/java/org/spdx/tools/schema/SchemaException.java index e009b2b..77d88e6 100644 --- a/src/main/java/org/spdx/tools/schema/SchemaException.java +++ b/src/main/java/org/spdx/tools/schema/SchemaException.java @@ -1,53 +1,63 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package org.spdx.tools.schema; /** - * @author gary + * Exception thrown for schema-related errors * + * @author Gary O'Neall */ public class SchemaException extends Exception { /** - * + * Serial version UID for serialization */ private static final long serialVersionUID = 1L; /** - * @param message + * Constructs a new SchemaException with the specified detail message + * + * @param message the detail message */ public SchemaException(String message) { super(message); } /** - * @param message - * @param cause + * Constructs a new SchemaException with the specified detail message and + * cause + * + * @param message the detail message + * @param cause the cause */ public SchemaException(String message, Throwable cause) { super(message, cause); } /** - * @param message - * @param cause - * @param enableSuppression - * @param writableStackTrace + * Constructs a new SchemaException with the specified detail message, + * cause, and configurations + * + * @param message the detail message + * @param cause the cause + * @param enableSuppression whether or not suppression is enabled + * @param writableStackTrace whether or not the stack trace is writable */ public SchemaException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { super(message, cause, enableSuppression, writableStackTrace); diff --git a/src/main/java/org/spdx/tools/schema/package-info.java b/src/main/java/org/spdx/tools/schema/package-info.java index a317a47..8610df2 100644 --- a/src/main/java/org/spdx/tools/schema/package-info.java +++ b/src/main/java/org/spdx/tools/schema/package-info.java @@ -1,20 +1,22 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ + /** * This package contains classes implementing tools for managing various schemas for the SPDX documents. * @@ -23,6 +25,5 @@ * - RDF/OWL in RDF/XML format * - JSON Schema Draft 7 * - JSON LD (Linked Data) - * */ package org.spdx.tools.schema; \ No newline at end of file diff --git a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java index 8f1f85c..d72556c 100644 --- a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java +++ b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -41,10 +40,9 @@ import junit.framework.TestCase; /** - * @author Gary O'Neall - * * Test cases for CompareSpdxDocs * + * @author Gary O'Neall */ public class CompareSpdxDocsTest extends TestCase { @@ -65,7 +63,7 @@ public class CompareSpdxDocsTest extends TestCase { static final String TEST_XML_FILE_PATH_23 = TEST_DIR + File.separator + "SPDXXMLExample-v2.3.spdx.xml"; static final String TEST_YAML_FILE_PATH_23 = TEST_DIR + File.separator + "SPDXYAMLExample-2.3.spdx.yaml"; - static final String TEST_DIFF_FILE_COMMNENT_FILE_PATH = TEST_DIR + File.separator + "DifferentFileComment.spdx.yaml"; + static final String TEST_DIFF_FILE_COMMENT_FILE_PATH = TEST_DIR + File.separator + "DifferentFileComment.spdx.yaml"; @@ -137,7 +135,7 @@ public void testCompareDocumentsv22() throws OnlineToolException, SpreadsheetExc public void testDifferentDocuments() throws OnlineToolException, SpreadsheetException { String outputFilePath = tempDirPath + File.separator + "comp.xlsx"; String[] params = new String[] {outputFilePath, - TEST_YAML_FILE_PATH_22, TEST_DIFF_FILE_COMMNENT_FILE_PATH + TEST_YAML_FILE_PATH_22, TEST_DIFF_FILE_COMMENT_FILE_PATH }; CompareSpdxDocs.onlineFunction(params); MultiDocumentSpreadsheet result = new MultiDocumentSpreadsheet(new File(outputFilePath), false, true); diff --git a/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java b/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java index 5c437a7..5e3b753 100644 --- a/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java +++ b/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java new file mode 100644 index 0000000..90e517e --- /dev/null +++ b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java @@ -0,0 +1,70 @@ +/** + * SPDX-FileContributor: Arthit Suriyawongkul + * SPDX-FileCopyrightText: 2025 SPDX contributors + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ +package org.spdx.tools; + +import java.io.IOException; +import java.net.URI; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Comparator; +import java.util.Optional; + +import org.apache.commons.io.IOUtils; + +import junit.framework.TestCase; + +public class LatestSchemaVersionTest extends TestCase { + + private String VERSION_REGEX = "spdx-schema-v(\\d+\\.\\d+(\\.\\d+)?)\\.json"; + + public void testLatestSpdxSchemaVersionIsUpToDate() throws IOException { + // Step 1: Find the latest JSON schema file in the resources directory + Path resourcesDir = Paths.get("resources"); + Optional latestSchemaFile = Files.list(resourcesDir) + .filter(path -> path.getFileName().toString().matches(VERSION_REGEX)) + .max(Comparator.comparing(path -> parseVersion(path.getFileName().toString()), + versionComparator)); + assertTrue("No SPDX schema file found in resources directory.", + latestSchemaFile.isPresent()); + + Path schemaFilePath = latestSchemaFile.get(); + String fileName = schemaFilePath.getFileName().toString(); + String version = extractVersionNumber(fileName); + + // Step 2: Compare the content of the file with the content from the URL + String localSchemaContent = Files.readString(schemaFilePath).replaceAll("\\s+", " "); + String remoteSchemaUrl = "https://spdx.org/schema/" + version + "/spdx-json-schema.json"; + String remoteSchemaContent = IOUtils.toString(URI.create(remoteSchemaUrl).toURL(), "UTF-8").replaceAll("\\s+", " "); + assertEquals("The local SPDX schema file does not match the remote schema content.", + localSchemaContent.trim(), remoteSchemaContent.trim()); + } + + private String extractVersionNumber(String fileName) { + return fileName.replaceAll(VERSION_REGEX, "$1"); + } + + private int[] parseVersion(String fileName) { + String version = extractVersionNumber(fileName); + String[] parts = version.split("\\."); + int[] versionNumbers = new int[3]; // [major, minor, patch] + for (int i = 0; i < parts.length; i++) { + versionNumbers[i] = Integer.parseInt(parts[i]); + } + return versionNumbers; + } + + private Comparator versionComparator = (v1, v2) -> { + for (int i = 0; i < 3; i++) { + int comparison = Integer.compare(v1[i], v2[i]); + if (comparison != 0) { + return comparison; + } + } + return 0; + }; +} diff --git a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java index 547ff58..ce8402c 100644 --- a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java +++ b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -47,8 +46,7 @@ import junit.framework.TestCase; /** - * @author gary - * + * @author Gary O'Neall */ public class SpdxConverterTestV2 extends TestCase { diff --git a/src/test/java/org/spdx/tools/SpdxConverterTestV3.java b/src/test/java/org/spdx/tools/SpdxConverterTestV3.java index 608a23e..dadc29f 100644 --- a/src/test/java/org/spdx/tools/SpdxConverterTestV3.java +++ b/src/test/java/org/spdx/tools/SpdxConverterTestV3.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2024 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2024 Source Auditor Inc. */ package org.spdx.tools; @@ -32,8 +33,9 @@ import junit.framework.TestCase; /** - * @author gary + * Test SPDX converter v3 * + * @author Gary O'Neall */ public class SpdxConverterTestV3 extends TestCase { diff --git a/src/test/java/org/spdx/tools/VerifyTest.java b/src/test/java/org/spdx/tools/VerifyTest.java index 7b2f627..f2d03fe 100644 --- a/src/test/java/org/spdx/tools/VerifyTest.java +++ b/src/test/java/org/spdx/tools/VerifyTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java b/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java index 3d022e2..d32d63f 100644 --- a/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java +++ b/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.schema; import java.io.File; diff --git a/testResources/sourcefiles/AbstractFileCompareSheet.java b/testResources/sourcefiles/AbstractFileCompareSheet.java index 2e481a4..f908977 100644 --- a/testResources/sourcefiles/AbstractFileCompareSheet.java +++ b/testResources/sourcefiles/AbstractFileCompareSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -35,7 +37,6 @@ * The first column is the file path, second column indicates if all documents are equal, * columns 3 through N are for the values of the individual documents * @author Gary O'Neall - * */ public abstract class AbstractFileCompareSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/AbstractSheet.java b/testResources/sourcefiles/AbstractSheet.java index 88a2be1..c302bbe 100644 --- a/testResources/sourcefiles/AbstractSheet.java +++ b/testResources/sourcefiles/AbstractSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -38,7 +40,6 @@ /** * Abstract class representing a workbook sheet used in storing structured data * @author Gary O'Neall - * */ public abstract class AbstractSheet { diff --git a/testResources/sourcefiles/CompareHelper.java b/testResources/sourcefiles/CompareHelper.java index c90a146..ed3631e 100644 --- a/testResources/sourcefiles/CompareHelper.java +++ b/testResources/sourcefiles/CompareHelper.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.net.URI; @@ -40,7 +42,6 @@ /** * Helper class for comparisons * @author Gary O'Neall - * */ public class CompareHelper { diff --git a/testResources/sourcefiles/CreatorSheet.java b/testResources/sourcefiles/CreatorSheet.java index 4f2bc7e..a9edca4 100644 --- a/testResources/sourcefiles/CreatorSheet.java +++ b/testResources/sourcefiles/CreatorSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -34,7 +36,6 @@ * Column 1 describes if the creator is the same or different * Columns 2 through N are for creators in each of the documents * @author Gary O'Neall - * */ public class CreatorSheet extends AbstractSheet { private static final int COL_WIDTH = 50; diff --git a/testResources/sourcefiles/DocumentAnnotationSheet.java b/testResources/sourcefiles/DocumentAnnotationSheet.java index 9b879cc..4eb1087 100644 --- a/testResources/sourcefiles/DocumentAnnotationSheet.java +++ b/testResources/sourcefiles/DocumentAnnotationSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -34,7 +36,6 @@ /** * Sheet for document level annotations * @author Gary O'Neall - * */ public class DocumentAnnotationSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/DocumentRelationshipSheet.java b/testResources/sourcefiles/DocumentRelationshipSheet.java index 84c4da3..36116eb 100644 --- a/testResources/sourcefiles/DocumentRelationshipSheet.java +++ b/testResources/sourcefiles/DocumentRelationshipSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -34,7 +36,6 @@ /** * Sheet for document level relationships * @author Gary O'Neall - * */ public class DocumentRelationshipSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/DocumentSheet.java b/testResources/sourcefiles/DocumentSheet.java index 0b9f378..ebe5b07 100644 --- a/testResources/sourcefiles/DocumentSheet.java +++ b/testResources/sourcefiles/DocumentSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -34,7 +36,6 @@ * The first row summarizes which fields are different, the subsequent rows are the * specific date from each result * @author Gary O'Neall - * */ public class DocumentSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/ExternalReferencesSheet.java b/testResources/sourcefiles/ExternalReferencesSheet.java index f5f3ecd..d9d8753 100644 --- a/testResources/sourcefiles/ExternalReferencesSheet.java +++ b/testResources/sourcefiles/ExternalReferencesSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -35,7 +37,6 @@ /** * Sheet that compares the external document references * @author Gary O'Neall - * */ public class ExternalReferencesSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/ExtractedLicenseSheet.java b/testResources/sourcefiles/ExtractedLicenseSheet.java index d18f7fe..2437aac 100644 --- a/testResources/sourcefiles/ExtractedLicenseSheet.java +++ b/testResources/sourcefiles/ExtractedLicenseSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -40,7 +42,6 @@ * Column 1 contains the extracted text * Columns 2 through N contains the license information in the format licenseId [licenseName] {licenceUrls} (licenseComment) * @author Gary O'Neall - * */ public class ExtractedLicenseSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/FileAnnotationSheet.java b/testResources/sourcefiles/FileAnnotationSheet.java index 1b1f3f7..86d3dab 100644 --- a/testResources/sourcefiles/FileAnnotationSheet.java +++ b/testResources/sourcefiles/FileAnnotationSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file annotations * @author Gary O'Neall - * */ public class FileAnnotationSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileAttributionSheet.java b/testResources/sourcefiles/FileAttributionSheet.java index 1850612..31be291 100644 --- a/testResources/sourcefiles/FileAttributionSheet.java +++ b/testResources/sourcefiles/FileAttributionSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -28,7 +30,6 @@ /** * Sheet with results for file contributor comparison results * @author Gary O'Neall - * */ public class FileAttributionSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileChecksumSheet.java b/testResources/sourcefiles/FileChecksumSheet.java index 1f0f248..e046f72 100644 --- a/testResources/sourcefiles/FileChecksumSheet.java +++ b/testResources/sourcefiles/FileChecksumSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Objects; @@ -28,7 +30,6 @@ /** * Sheet of comparison results for file checksums * @author Gary O'Neall - * */ public class FileChecksumSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileCommentSheet.java b/testResources/sourcefiles/FileCommentSheet.java index 10597b8..45b98c6 100644 --- a/testResources/sourcefiles/FileCommentSheet.java +++ b/testResources/sourcefiles/FileCommentSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -23,9 +25,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * Sheet continaing results for file comment comparison + * Sheet containing results for file comment comparison * @author Gary O'Neall - * */ public class FileCommentSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileConcludedSheet.java b/testResources/sourcefiles/FileConcludedSheet.java index c1e96db..e6d5884 100644 --- a/testResources/sourcefiles/FileConcludedSheet.java +++ b/testResources/sourcefiles/FileConcludedSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -23,10 +25,8 @@ import org.spdx.utility.compare.SpdxCompareException; import org.spdx.utility.compare.SpdxComparer; - /** * @author Source Auditor - * */ public class FileConcludedSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileContributorsSheet.java b/testResources/sourcefiles/FileContributorsSheet.java index 165e812..00e8dba 100644 --- a/testResources/sourcefiles/FileContributorsSheet.java +++ b/testResources/sourcefiles/FileContributorsSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -27,7 +29,6 @@ /** * Sheet with results for file AttributionText comparison results * @author Gary O'Neall - * */ public class FileContributorsSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileCopyrightSheet.java b/testResources/sourcefiles/FileCopyrightSheet.java index d63e014..0448492 100644 --- a/testResources/sourcefiles/FileCopyrightSheet.java +++ b/testResources/sourcefiles/FileCopyrightSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file copyrights * @author Gary O'Neall - * */ public class FileCopyrightSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileLicenseCommentsSheet.java b/testResources/sourcefiles/FileLicenseCommentsSheet.java index a34abe1..e75d38f 100644 --- a/testResources/sourcefiles/FileLicenseCommentsSheet.java +++ b/testResources/sourcefiles/FileLicenseCommentsSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -26,7 +28,6 @@ /** * Sheet of comparison results for file license comments * @author Gary O'Neall - * */ public class FileLicenseCommentsSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileLicenseInfoSheet.java b/testResources/sourcefiles/FileLicenseInfoSheet.java index 7760f9c..d98e8ea 100644 --- a/testResources/sourcefiles/FileLicenseInfoSheet.java +++ b/testResources/sourcefiles/FileLicenseInfoSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Collection; @@ -30,7 +32,6 @@ /** * Sheet of the comparison results for the file seen licenses * @author Gary O'Neall - * */ public class FileLicenseInfoSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileNoticeSheet.java b/testResources/sourcefiles/FileNoticeSheet.java index 03d1652..20903b0 100644 --- a/testResources/sourcefiles/FileNoticeSheet.java +++ b/testResources/sourcefiles/FileNoticeSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Optional; @@ -27,7 +29,6 @@ /** * Sheet for file notice comparison results * @author Gary O'Neall - * */ public class FileNoticeSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileRelationshipSheet.java b/testResources/sourcefiles/FileRelationshipSheet.java index e424286..0ac675e 100644 --- a/testResources/sourcefiles/FileRelationshipSheet.java +++ b/testResources/sourcefiles/FileRelationshipSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +27,6 @@ /** * Sheet comparing file relationships * @author Gary O'Neall - * */ public class FileRelationshipSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileSpdxIdSheet.java b/testResources/sourcefiles/FileSpdxIdSheet.java index 1ca68bf..2e1602d 100644 --- a/testResources/sourcefiles/FileSpdxIdSheet.java +++ b/testResources/sourcefiles/FileSpdxIdSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -22,8 +24,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * @author Gary - * + * Sheet containing file SPDX ID + * @author Gary O'Neall */ public class FileSpdxIdSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileTypeSheet.java b/testResources/sourcefiles/FileTypeSheet.java index c6fb446..c12abb2 100644 --- a/testResources/sourcefiles/FileTypeSheet.java +++ b/testResources/sourcefiles/FileTypeSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -29,7 +31,6 @@ /** * Sheet containing File Type * @author Gary O'Neall - * */ public class FileTypeSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/MultiDocumentSpreadsheet.java b/testResources/sourcefiles/MultiDocumentSpreadsheet.java index bba8104..ba33332 100644 --- a/testResources/sourcefiles/MultiDocumentSpreadsheet.java +++ b/testResources/sourcefiles/MultiDocumentSpreadsheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.File; @@ -59,7 +61,6 @@ * - verification: List of any verification errors * * @author Gary O'Neall - * */ public class MultiDocumentSpreadsheet { diff --git a/testResources/sourcefiles/NormalizedFileNameComparator.java b/testResources/sourcefiles/NormalizedFileNameComparator.java index e98437c..9a65cb3 100644 --- a/testResources/sourcefiles/NormalizedFileNameComparator.java +++ b/testResources/sourcefiles/NormalizedFileNameComparator.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -25,7 +27,6 @@ * - File separator character is "/" * - Must begin with "./" * @author Gary O'Neall - * */ public class NormalizedFileNameComparator implements Comparator>, Serializable { diff --git a/testResources/sourcefiles/PackageSheet.java b/testResources/sourcefiles/PackageSheet.java index f6d3d0e..fddb1f0 100644 --- a/testResources/sourcefiles/PackageSheet.java +++ b/testResources/sourcefiles/PackageSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -43,7 +45,6 @@ * Column1 is the document field name, column2 indicates if all docs are equal, * columns3 through columnN are document specific field values * @author Gary O'Neall - * */ public class PackageSheet extends AbstractSheet { @@ -293,7 +294,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/SnippetSheet.java b/testResources/sourcefiles/SnippetSheet.java index 0147ecb..ebf81c6 100644 --- a/testResources/sourcefiles/SnippetSheet.java +++ b/testResources/sourcefiles/SnippetSheet.java @@ -1,11 +1,13 @@ /** - * Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -38,9 +40,8 @@ import org.spdx.utility.compare.SpdxSnippetComparer; /** - * Comparsion sheet for SPDX Snippets + * Comparison sheet for SPDX Snippets * @author Gary O'Neall - * */ public class SnippetSheet extends AbstractSheet { @@ -195,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/VerificationSheet.java b/testResources/sourcefiles/VerificationSheet.java index 235a998..d00cdbe 100644 --- a/testResources/sourcefiles/VerificationSheet.java +++ b/testResources/sourcefiles/VerificationSheet.java @@ -1,12 +1,14 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * -*/ + */ package org.spdx.tools.compare; import java.util.List; @@ -30,7 +32,6 @@ * Worksheet containing verification errors * Columns are package names, rows are individual verification errors * @author Gary O'Neall - * */ public class VerificationSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/package-info.java b/testResources/sourcefiles/package-info.java index 9b41c4a..f5ad148 100644 --- a/testResources/sourcefiles/package-info.java +++ b/testResources/sourcefiles/package-info.java @@ -1,13 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,12 +15,11 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ + /** - * @author Gary O'Neall - * * Classes related to the Compare SPDX Docs utilities * + * @author Gary O'Neall */ -package org.spdx.tools.compare; \ No newline at end of file +package org.spdx.tools.compare; diff --git a/tools-java.iml b/tools-java.iml new file mode 100644 index 0000000..ae72666 --- /dev/null +++ b/tools-java.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file