From b41d5cced5390760b35a24e5144a43383180c5c2 Mon Sep 17 00:00:00 2001 From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Date: Thu, 23 May 2024 09:10:36 -0400 Subject: [PATCH] chore: update spdx license list to 3.24.0 (#2895) --------- Signed-off-by: Christopher Phillips --- internal/spdxlicense/license_list.go | 34 +++++++++++++++++-- .../common/spdxhelpers/to_format_model.go | 12 ++++++- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/internal/spdxlicense/license_list.go b/internal/spdxlicense/license_list.go index a07f5d904..18e2a88ca 100644 --- a/internal/spdxlicense/license_list.go +++ b/internal/spdxlicense/license_list.go @@ -1,12 +1,15 @@ // Code generated by go generate; DO NOT EDIT. -// This file was generated by robots at 2024-02-09 10:57:33.980847 -0500 EST m=+0.165923154 +// This file was generated by robots at 2024-05-23 08:47:23.204981 -0400 EDT m=+0.050881068 // using data from https://spdx.org/licenses/licenses.json package spdxlicense -const Version = "3.23" +const Version = "3.24.0" var licenseIDs = map[string]string{ "0bsd": "0BSD", + "3.0.0dslicer1.0": "3D-Slicer-1.0", + "3.0dslicer1.0": "3D-Slicer-1.0", + "3dslicer1.0": "3D-Slicer-1.0", "aal": "AAL", "abstyles": "Abstyles", "adacoredoc": "AdaCore-doc", @@ -56,12 +59,14 @@ var licenseIDs = map[string]string{ "agpl3only": "AGPL-3.0-only", "agpl3orlater": "AGPL-3.0-or-later", "aladdin": "Aladdin", + "amdnewlib": "AMD-newlib", "amdplpa": "AMDPLPA", "aml": "AML", "amlglslang": "AML-glslang", "ampas": "AMPAS", "antlrpd": "ANTLR-PD", "antlrpdfallback": "ANTLR-PD-fallback", + "anyosi": "any-OSI", "apache1": "Apache-1.0", "apache1.0": "Apache-1.0", "apache1.0.0": "Apache-1.0", @@ -136,18 +141,21 @@ var licenseIDs = map[string]string{ "bsd1clause": "BSD-1-Clause", "bsd2.0.0clause": "BSD-2-Clause", "bsd2.0.0clausedarwin": "BSD-2-Clause-Darwin", + "bsd2.0.0clausefirstlines": "BSD-2-Clause-first-lines", "bsd2.0.0clausefreebsd": "BSD-2-Clause-Views", "bsd2.0.0clausenetbsd": "BSD-2-Clause", "bsd2.0.0clausepatent": "BSD-2-Clause-Patent", "bsd2.0.0clauseviews": "BSD-2-Clause-Views", "bsd2.0clause": "BSD-2-Clause", "bsd2.0clausedarwin": "BSD-2-Clause-Darwin", + "bsd2.0clausefirstlines": "BSD-2-Clause-first-lines", "bsd2.0clausefreebsd": "BSD-2-Clause-Views", "bsd2.0clausenetbsd": "BSD-2-Clause", "bsd2.0clausepatent": "BSD-2-Clause-Patent", "bsd2.0clauseviews": "BSD-2-Clause-Views", "bsd2clause": "BSD-2-Clause", "bsd2clausedarwin": "BSD-2-Clause-Darwin", + "bsd2clausefirstlines": "BSD-2-Clause-first-lines", "bsd2clausefreebsd": "BSD-2-Clause-Views", "bsd2clausenetbsd": "BSD-2-Clause", "bsd2clausepatent": "BSD-2-Clause-Patent", @@ -237,6 +245,7 @@ var licenseIDs = map[string]string{ "cal1combinedworkexception": "CAL-1.0-Combined-Work-Exception", "caldera": "Caldera", "calderanopreamble": "Caldera-no-preamble", + "catharon": "Catharon", "catosl1": "CATOSL-1.1", "catosl1.1": "CATOSL-1.1", "catosl1.1.0": "CATOSL-1.1", @@ -477,6 +486,7 @@ var licenseIDs = map[string]string{ "cuda1.0": "C-UDA-1.0", "cuda1.0.0": "C-UDA-1.0", "curl": "curl", + "cvetou": "cve-tou", "dec3.0.0clause": "DEC-3-Clause", "dec3.0clause": "DEC-3-Clause", "dec3clause": "DEC-3-Clause", @@ -701,6 +711,7 @@ var licenseIDs = map[string]string{ "gsoap1.3b": "gSOAP-1.3b", "gsoap1b": "gSOAP-1.3b", "gtkbook": "gtkbook", + "gutmann": "Gutmann", "haskellreport": "HaskellReport", "hdparm": "hdparm", "hippocratic2": "Hippocratic-2.1", @@ -716,19 +727,27 @@ var licenseIDs = map[string]string{ "hpnddec": "HPND-DEC", "hpnddoc": "HPND-doc", "hpnddocsell": "HPND-doc-sell", + "hpndexport2.0.0us": "HPND-export2-US", + "hpndexport2.0us": "HPND-export2-US", + "hpndexport2us": "HPND-export2-US", "hpndexportus": "HPND-export-US", + "hpndexportusacknowledgement": "HPND-export-US-acknowledgement", "hpndexportusmodify": "HPND-export-US-modify", "hpndfenneberglivingston": "HPND-Fenneberg-Livingston", "hpndinriaimag": "HPND-INRIA-IMAG", + "hpndintel": "HPND-Intel", "hpndkevlinhenney": "HPND-Kevlin-Henney", "hpndmarkuskuhn": "HPND-Markus-Kuhn", + "hpndmerchantabilityvariant": "HPND-merchantability-variant", "hpndmitdisclaimer": "HPND-MIT-disclaimer", "hpndpbmplus": "HPND-Pbmplus", "hpndsellmitdisclaimerxserver": "HPND-sell-MIT-disclaimer-xserver", "hpndsellregexpr": "HPND-sell-regexpr", "hpndsellvariant": "HPND-sell-variant", "hpndsellvariantmitdisclaimer": "HPND-sell-variant-MIT-disclaimer", + "hpndsellvariantmitdisclaimerrev": "HPND-sell-variant-MIT-disclaimer-rev", "hpnduc": "HPND-UC", + "hpnducexportus": "HPND-UC-export-US", "htmltidy": "HTMLTIDY", "ibmpibs": "IBM-pibs", "icu": "ICU", @@ -886,6 +905,7 @@ var licenseIDs = map[string]string{ "mitenna": "MIT-enna", "mitfeh": "MIT-feh", "mitfestival": "MIT-Festival", + "mitkhronosold": "MIT-Khronos-old", "mitmodernvariant": "MIT-Modern-Variant", "mitnfa": "MITNFA", "mitopengroup": "MIT-open-group", @@ -932,9 +952,11 @@ var licenseIDs = map[string]string{ "nbpl1": "NBPL-1.0", "nbpl1.0": "NBPL-1.0", "nbpl1.0.0": "NBPL-1.0", + "ncbipd": "NCBI-PD", "ncgluk2": "NCGL-UK-2.0", "ncgluk2.0": "NCGL-UK-2.0", "ncgluk2.0.0": "NCGL-UK-2.0", + "ncl": "NCL", "ncsa": "NCSA", "netcdf": "NetCDF", "netsnmp": "Net-SNMP", @@ -968,6 +990,7 @@ var licenseIDs = map[string]string{ "ntp": "NTP", "ntp0": "NTP-0", "nunit": "Nunit", + "oar": "OAR", "occtpl": "OCCT-PL", "oclc2": "OCLC-2.0", "oclc2.0": "OCLC-2.0", @@ -1098,6 +1121,7 @@ var licenseIDs = map[string]string{ "php3.01": "PHP-3.01", "php3.01.0": "PHP-3.01", "pixar": "Pixar", + "pkgconf": "pkgconf", "plexus": "Plexus", "pnmstitch": "pnmstitch", "polyformnoncommercial1": "PolyForm-Noncommercial-1.0.0", @@ -1107,6 +1131,7 @@ var licenseIDs = map[string]string{ "polyformsmallbusiness1.0": "PolyForm-Small-Business-1.0.0", "polyformsmallbusiness1.0.0": "PolyForm-Small-Business-1.0.0", "postgresql": "PostgreSQL", + "ppl": "PPL", "psf2": "PSF-2.0", "psf2.0": "PSF-2.0", "psf2.0.0": "PSF-2.0", @@ -1206,6 +1231,9 @@ var licenseIDs = map[string]string{ "sugarcrm1.1": "SugarCRM-1.1.3", "sugarcrm1.1.3": "SugarCRM-1.1.3", "sunppp": "Sun-PPP", + "sunppp2000": "Sun-PPP-2000", + "sunppp2000.0": "Sun-PPP-2000", + "sunppp2000.0.0": "Sun-PPP-2000", "sunpro": "SunPro", "swl": "SWL", "swrule": "swrule", @@ -1219,6 +1247,7 @@ var licenseIDs = map[string]string{ "tgppl1": "TGPPL-1.0", "tgppl1.0": "TGPPL-1.0", "tgppl1.0.0": "TGPPL-1.0", + "threeparttable": "threeparttable", "tmate": "TMate", "torque1": "TORQUE-1.1", "torque1.1": "TORQUE-1.1", @@ -1302,6 +1331,7 @@ var licenseIDs = map[string]string{ "xnet": "Xnet", "xpp": "xpp", "xskat": "XSkat", + "xzoom": "xzoom", "ypl1": "YPL-1.0", "ypl1.0": "YPL-1.0", "ypl1.0.0": "YPL-1.0", diff --git a/syft/format/common/spdxhelpers/to_format_model.go b/syft/format/common/spdxhelpers/to_format_model.go index 5edc8e12f..767ffdcbe 100644 --- a/syft/format/common/spdxhelpers/to_format_model.go +++ b/syft/format/common/spdxhelpers/to_format_model.go @@ -124,7 +124,7 @@ func ToFormatModel(s sbom.SBOM) *spdx.Document { CreationInfo: &spdx.CreationInfo{ // 6.7: License List Version // Cardinality: optional, one - LicenseListVersion: spdxlicense.Version, + LicenseListVersion: trimPatchVersion(spdxlicense.Version), // 6.8: Creators: may have multiple keys for Person, Organization // and/or Tool @@ -791,3 +791,13 @@ func newPackageVerificationCode(p pkg.Package, sbom sbom.SBOM) *spdx.PackageVeri Value: fmt.Sprintf("%+x", hasher.Sum(nil)), } } + +// SPDX 2.2 spec requires that the patch version be removed from the semver string +// for the license list version field +func trimPatchVersion(semver string) string { + parts := strings.Split(semver, ".") + if len(parts) >= 3 { + return strings.Join(parts[:2], ".") + } + return semver +}