oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: lookup alternate scheme on url->licenseID (#4588)

Browse Source 
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
This commit is contained in:
Christopher Angelo Phillips 2026-01-30 14:25:27 -05:00 committed by GitHub
parent 69d0898918
commit c94d1ccf1c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 1840 additions and 839 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/spdxlicense/generate/generate_license_list.go
View File

@ -163,7 +163,8 @@ func cleanLicenseID(id string) string {
return strings.ReplaceAll(cleanID, "-", "")
}
// buildURLToLicenseMap creates a mapping from license URLs (from seeAlso fields) to license IDs
// buildURLToLicenseMap creates a mapping from license URLs (from seeAlso fields) to license IDs.
// URLs are stored without scheme (http:// or https://) so that a single lookup covers both.
func buildURLToLicenseMap(result LicenseList) map[string]string {
urlMap := make(map[string]string)
@ -175,7 +176,7 @@ func buildURLToLicenseMap(result LicenseList) map[string]string {
if replacement != nil {
// Map deprecated license URLs to the replacement license
for _, url := range l.SeeAlso {
urlMap[url] = replacement.ID
urlMap[stripScheme(url)] = replacement.ID
}
}
continue
@ -183,9 +184,17 @@ func buildURLToLicenseMap(result LicenseList) map[string]string {
// Add URLs from non-deprecated licenses
for _, url := range l.SeeAlso {
urlMap[url] = l.ID
urlMap[stripScheme(url)] = l.ID
}
}
return urlMap
}
// stripScheme removes http:// or https:// prefix from a URL.
// This allows a single map entry to match both schemes.
func stripScheme(url string) string {
url = strings.TrimPrefix(url, "https://")
url = strings.TrimPrefix(url, "http://")
return url
}

14
internal/spdxlicense/license.go
View File

@ -41,10 +41,12 @@ type LicenseInfo struct {
ID string
}
// LicenseByURL returns the license ID and name for a given URL from the SPDX license list
// The URL should match one of the URLs in the seeAlso field of an SPDX license
// LicenseByURL returns the license ID and name for a given URL from the SPDX license list.
// The URL should match one of the URLs in the seeAlso field of an SPDX license.
// The scheme (http:// or https://) is stripped before lookup, so both schemes match.
func LicenseByURL(url string) (LicenseInfo, bool) {
url = strings.TrimSpace(url)
url = stripScheme(url)
if id, exists := urlToLicense[url]; exists {
return LicenseInfo{
ID: id,
@ -52,3 +54,11 @@ func LicenseByURL(url string) (LicenseInfo, bool) {
}
return LicenseInfo{}, false
}
// stripScheme removes http:// or https:// prefix from a URL.
// This allows a single map entry to match both schemes.
func stripScheme(url string) string {
url = strings.TrimPrefix(url, "https://")
url = strings.TrimPrefix(url, "http://")
return url
}

1661
internal/spdxlicense/license_list.go
View File

File diff suppressed because it is too large Load Diff

90
internal/spdxlicense/license_url_test.go
View File

@ -76,6 +76,96 @@ func TestLicenseByURL(t *testing.T) {
}
}
func TestLicenseByURL_AlternateScheme(t *testing.T) {
// Test that URLs work with alternate schemes (http ↔ https) even if only one is in the SPDX list
tests := []struct {
name string
url string
wantID string
wantFound bool
}{
{
name: "Apache URL with http when https is in list",
url: "http://www.apache.org/licenses/LICENSE-2.0",
wantID: "Apache-2.0",
wantFound: true,
},
{
name: "BSD-3-Clause with http when https is in list",
url: "http://opensource.org/licenses/BSD-3-Clause",
wantID: "BSD-3-Clause",
wantFound: true,
},
{
name: "Unknown URL with http still not found",
url: "http://example.com/not-a-real-license",
wantID: "",
wantFound: false,
},
{
name: "Unknown URL with https still not found",
url: "https://example.com/not-a-real-license",
wantID: "",
wantFound: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
info, found := LicenseByURL(tt.url)
if found != tt.wantFound {
t.Errorf("LicenseByURL() found = %v, want %v", found, tt.wantFound)
}
if found && info.ID != tt.wantID {
t.Errorf("LicenseByURL() ID = %v, want %v", info.ID, tt.wantID)
}
})
}
}
func TestStripScheme(t *testing.T) {
tests := []struct {
name string
url string
want string
}{
{
name: "https scheme stripped",
url: "https://example.com/license",
want: "example.com/license",
},
{
name: "http scheme stripped",
url: "http://example.com/license",
want: "example.com/license",
},
{
name: "ftp scheme not stripped",
url: "ftp://example.com/license",
want: "ftp://example.com/license",
},
{
name: "no scheme unchanged",
url: "example.com/license",
want: "example.com/license",
},
{
name: "empty string unchanged",
url: "",
want: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := stripScheme(tt.url)
if got != tt.want {
t.Errorf("stripScheme() = %v, want %v", got, tt.want)
}
})
}
}
func TestLicenseByURL_DeprecatedLicenses(t *testing.T) {
// Test that deprecated license URLs map to their replacement licenses
// For example, GPL-2.0+ should map to GPL-2.0-or-later

2
schema/cyclonedx/Makefile
View File

@ -8,4 +8,4 @@ validate-schema:
xmllint --noout --schema ./cyclonedx.xsd bom.xml
@echo "\nValidating CycloneDX JSON..."
../../.tool/yajsv -s cyclonedx.json bom.json
../../.tool/yajsv -s cyclonedx.json -r spdx.schema.json bom.json

786
schema/cyclonedx/spdx.schema.json Normal file
View File

@ -0,0 +1,786 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "http://cyclonedx.org/schema/spdx.schema.json",
"$comment": "v1.0-3.27.0",
"type": "string",
"enum": [
"0BSD",
"3D-Slicer-1.0",
"AAL",
"Abstyles",
"AdaCore-doc",
"Adobe-2006",
"Adobe-Display-PostScript",
"Adobe-Glyph",
"Adobe-Utopia",
"ADSL",
"AFL-1.1",
"AFL-1.2",
"AFL-2.0",
"AFL-2.1",
"AFL-3.0",
"Afmparse",
"AGPL-1.0",
"AGPL-1.0-only",
"AGPL-1.0-or-later",
"AGPL-3.0",
"AGPL-3.0-only",
"AGPL-3.0-or-later",
"Aladdin",
"AMD-newlib",
"AMDPLPA",
"AML",
"AML-glslang",
"AMPAS",
"ANTLR-PD",
"ANTLR-PD-fallback",
"any-OSI",
"any-OSI-perl-modules",
"Apache-1.0",
"Apache-1.1",
"Apache-2.0",
"APAFML",
"APL-1.0",
"App-s2p",
"APSL-1.0",
"APSL-1.1",
"APSL-1.2",
"APSL-2.0",
"Arphic-1999",
"Artistic-1.0",
"Artistic-1.0-cl8",
"Artistic-1.0-Perl",
"Artistic-2.0",
"Artistic-dist",
"Aspell-RU",
"ASWF-Digital-Assets-1.0",
"ASWF-Digital-Assets-1.1",
"Baekmuk",
"Bahyph",
"Barr",
"bcrypt-Solar-Designer",
"Beerware",
"Bitstream-Charter",
"Bitstream-Vera",
"BitTorrent-1.0",
"BitTorrent-1.1",
"blessing",
"BlueOak-1.0.0",
"Boehm-GC",
"Boehm-GC-without-fee",
"Borceux",
"Brian-Gladman-2-Clause",
"Brian-Gladman-3-Clause",
"BSD-1-Clause",
"BSD-2-Clause",
"BSD-2-Clause-Darwin",
"BSD-2-Clause-first-lines",
"BSD-2-Clause-FreeBSD",
"BSD-2-Clause-NetBSD",
"BSD-2-Clause-Patent",
"BSD-2-Clause-pkgconf-disclaimer",
"BSD-2-Clause-Views",
"BSD-3-Clause",
"BSD-3-Clause-acpica",
"BSD-3-Clause-Attribution",
"BSD-3-Clause-Clear",
"BSD-3-Clause-flex",
"BSD-3-Clause-HP",
"BSD-3-Clause-LBNL",
"BSD-3-Clause-Modification",
"BSD-3-Clause-No-Military-License",
"BSD-3-Clause-No-Nuclear-License",
"BSD-3-Clause-No-Nuclear-License-2014",
"BSD-3-Clause-No-Nuclear-Warranty",
"BSD-3-Clause-Open-MPI",
"BSD-3-Clause-Sun",
"BSD-4-Clause",
"BSD-4-Clause-Shortened",
"BSD-4-Clause-UC",
"BSD-4.3RENO",
"BSD-4.3TAHOE",
"BSD-Advertising-Acknowledgement",
"BSD-Attribution-HPND-disclaimer",
"BSD-Inferno-Nettverk",
"BSD-Protection",
"BSD-Source-beginning-file",
"BSD-Source-Code",
"BSD-Systemics",
"BSD-Systemics-W3Works",
"BSL-1.0",
"BUSL-1.1",
"bzip2-1.0.5",
"bzip2-1.0.6",
"C-UDA-1.0",
"CAL-1.0",
"CAL-1.0-Combined-Work-Exception",
"Caldera",
"Caldera-no-preamble",
"Catharon",
"CATOSL-1.1",
"CC-BY-1.0",
"CC-BY-2.0",
"CC-BY-2.5",
"CC-BY-2.5-AU",
"CC-BY-3.0",
"CC-BY-3.0-AT",
"CC-BY-3.0-AU",
"CC-BY-3.0-DE",
"CC-BY-3.0-IGO",
"CC-BY-3.0-NL",
"CC-BY-3.0-US",
"CC-BY-4.0",
"CC-BY-NC-1.0",
"CC-BY-NC-2.0",
"CC-BY-NC-2.5",
"CC-BY-NC-3.0",
"CC-BY-NC-3.0-DE",
"CC-BY-NC-4.0",
"CC-BY-NC-ND-1.0",
"CC-BY-NC-ND-2.0",
"CC-BY-NC-ND-2.5",
"CC-BY-NC-ND-3.0",
"CC-BY-NC-ND-3.0-DE",
"CC-BY-NC-ND-3.0-IGO",
"CC-BY-NC-ND-4.0",
"CC-BY-NC-SA-1.0",
"CC-BY-NC-SA-2.0",
"CC-BY-NC-SA-2.0-DE",
"CC-BY-NC-SA-2.0-FR",
"CC-BY-NC-SA-2.0-UK",
"CC-BY-NC-SA-2.5",
"CC-BY-NC-SA-3.0",
"CC-BY-NC-SA-3.0-DE",
"CC-BY-NC-SA-3.0-IGO",
"CC-BY-NC-SA-4.0",
"CC-BY-ND-1.0",
"CC-BY-ND-2.0",
"CC-BY-ND-2.5",
"CC-BY-ND-3.0",
"CC-BY-ND-3.0-DE",
"CC-BY-ND-4.0",
"CC-BY-SA-1.0",
"CC-BY-SA-2.0",
"CC-BY-SA-2.0-UK",
"CC-BY-SA-2.1-JP",
"CC-BY-SA-2.5",
"CC-BY-SA-3.0",
"CC-BY-SA-3.0-AT",
"CC-BY-SA-3.0-DE",
"CC-BY-SA-3.0-IGO",
"CC-BY-SA-4.0",
"CC-PDDC",
"CC-PDM-1.0",
"CC-SA-1.0",
"CC0-1.0",
"CDDL-1.0",
"CDDL-1.1",
"CDL-1.0",
"CDLA-Permissive-1.0",
"CDLA-Permissive-2.0",
"CDLA-Sharing-1.0",
"CECILL-1.0",
"CECILL-1.1",
"CECILL-2.0",
"CECILL-2.1",
"CECILL-B",
"CECILL-C",
"CERN-OHL-1.1",
"CERN-OHL-1.2",
"CERN-OHL-P-2.0",
"CERN-OHL-S-2.0",
"CERN-OHL-W-2.0",
"CFITSIO",
"check-cvs",
"checkmk",
"ClArtistic",
"Clips",
"CMU-Mach",
"CMU-Mach-nodoc",
"CNRI-Jython",
"CNRI-Python",
"CNRI-Python-GPL-Compatible",
"COIL-1.0",
"Community-Spec-1.0",
"Condor-1.1",
"copyleft-next-0.3.0",
"copyleft-next-0.3.1",
"Cornell-Lossless-JPEG",
"CPAL-1.0",
"CPL-1.0",
"CPOL-1.02",
"Cronyx",
"Crossword",
"CryptoSwift",
"CrystalStacker",
"CUA-OPL-1.0",
"Cube",
"curl",
"cve-tou",
"D-FSL-1.0",
"DEC-3-Clause",
"diffmark",
"DL-DE-BY-2.0",
"DL-DE-ZERO-2.0",
"DOC",
"DocBook-DTD",
"DocBook-Schema",
"DocBook-Stylesheet",
"DocBook-XML",
"Dotseqn",
"DRL-1.0",
"DRL-1.1",
"DSDP",
"dtoa",
"dvipdfm",
"ECL-1.0",
"ECL-2.0",
"eCos-2.0",
"EFL-1.0",
"EFL-2.0",
"eGenix",
"Elastic-2.0",
"Entessa",
"EPICS",
"EPL-1.0",
"EPL-2.0",
"ErlPL-1.1",
"etalab-2.0",
"EUDatagrid",
"EUPL-1.0",
"EUPL-1.1",
"EUPL-1.2",
"Eurosym",
"Fair",
"FBM",
"FDK-AAC",
"Ferguson-Twofish",
"Frameworx-1.0",
"FreeBSD-DOC",
"FreeImage",
"FSFAP",
"FSFAP-no-warranty-disclaimer",
"FSFUL",
"FSFULLR",
"FSFULLRSD",
"FSFULLRWD",
"FSL-1.1-ALv2",
"FSL-1.1-MIT",
"FTL",
"Furuseth",
"fwlw",
"Game-Programming-Gems",
"GCR-docs",
"GD",
"generic-xts",
"GFDL-1.1",
"GFDL-1.1-invariants-only",
"GFDL-1.1-invariants-or-later",
"GFDL-1.1-no-invariants-only",
"GFDL-1.1-no-invariants-or-later",
"GFDL-1.1-only",
"GFDL-1.1-or-later",
"GFDL-1.2",
"GFDL-1.2-invariants-only",
"GFDL-1.2-invariants-or-later",
"GFDL-1.2-no-invariants-only",
"GFDL-1.2-no-invariants-or-later",
"GFDL-1.2-only",
"GFDL-1.2-or-later",
"GFDL-1.3",
"GFDL-1.3-invariants-only",
"GFDL-1.3-invariants-or-later",
"GFDL-1.3-no-invariants-only",
"GFDL-1.3-no-invariants-or-later",
"GFDL-1.3-only",
"GFDL-1.3-or-later",
"Giftware",
"GL2PS",
"Glide",
"Glulxe",
"GLWTPL",
"gnuplot",
"GPL-1.0",
"GPL-1.0+",
"GPL-1.0-only",
"GPL-1.0-or-later",
"GPL-2.0",
"GPL-2.0+",
"GPL-2.0-only",
"GPL-2.0-or-later",
"GPL-2.0-with-autoconf-exception",
"GPL-2.0-with-bison-exception",
"GPL-2.0-with-classpath-exception",
"GPL-2.0-with-font-exception",
"GPL-2.0-with-GCC-exception",
"GPL-3.0",
"GPL-3.0+",
"GPL-3.0-only",
"GPL-3.0-or-later",
"GPL-3.0-with-autoconf-exception",
"GPL-3.0-with-GCC-exception",
"Graphics-Gems",
"gSOAP-1.3b",
"gtkbook",
"Gutmann",
"HaskellReport",
"HDF5",
"hdparm",
"HIDAPI",
"Hippocratic-2.1",
"HP-1986",
"HP-1989",
"HPND",
"HPND-DEC",
"HPND-doc",
"HPND-doc-sell",
"HPND-export-US",
"HPND-export-US-acknowledgement",
"HPND-export-US-modify",
"HPND-export2-US",
"HPND-Fenneberg-Livingston",
"HPND-INRIA-IMAG",
"HPND-Intel",
"HPND-Kevlin-Henney",
"HPND-Markus-Kuhn",
"HPND-merchantability-variant",
"HPND-MIT-disclaimer",
"HPND-Netrek",
"HPND-Pbmplus",
"HPND-sell-MIT-disclaimer-xserver",
"HPND-sell-regexpr",
"HPND-sell-variant",
"HPND-sell-variant-MIT-disclaimer",
"HPND-sell-variant-MIT-disclaimer-rev",
"HPND-UC",
"HPND-UC-export-US",
"HTMLTIDY",
"IBM-pibs",
"ICU",
"IEC-Code-Components-EULA",
"IJG",
"IJG-short",
"ImageMagick",
"iMatix",
"Imlib2",
"Info-ZIP",
"Inner-Net-2.0",
"InnoSetup",
"Intel",
"Intel-ACPI",
"Interbase-1.0",
"IPA",
"IPL-1.0",
"ISC",
"ISC-Veillard",
"Jam",
"JasPer-2.0",
"jove",
"JPL-image",
"JPNIC",
"JSON",
"Kastrup",
"Kazlib",
"Knuth-CTAN",
"LAL-1.2",
"LAL-1.3",
"Latex2e",
"Latex2e-translated-notice",
"Leptonica",
"LGPL-2.0",
"LGPL-2.0+",
"LGPL-2.0-only",
"LGPL-2.0-or-later",
"LGPL-2.1",
"LGPL-2.1+",
"LGPL-2.1-only",
"LGPL-2.1-or-later",
"LGPL-3.0",
"LGPL-3.0+",
"LGPL-3.0-only",
"LGPL-3.0-or-later",
"LGPLLR",
"Libpng",
"libpng-1.6.35",
"libpng-2.0",
"libselinux-1.0",
"libtiff",
"libutil-David-Nugent",
"LiLiQ-P-1.1",
"LiLiQ-R-1.1",
"LiLiQ-Rplus-1.1",
"Linux-man-pages-1-para",
"Linux-man-pages-copyleft",
"Linux-man-pages-copyleft-2-para",
"Linux-man-pages-copyleft-var",
"Linux-OpenIB",
"LOOP",
"LPD-document",
"LPL-1.0",
"LPL-1.02",
"LPPL-1.0",
"LPPL-1.1",
"LPPL-1.2",
"LPPL-1.3a",
"LPPL-1.3c",
"lsof",
"Lucida-Bitmap-Fonts",
"LZMA-SDK-9.11-to-9.20",
"LZMA-SDK-9.22",
"Mackerras-3-Clause",
"Mackerras-3-Clause-acknowledgment",
"magaz",
"mailprio",
"MakeIndex",
"man2html",
"Martin-Birgmeier",
"McPhee-slideshow",
"metamail",
"Minpack",
"MIPS",
"MirOS",
"MIT",
"MIT-0",
"MIT-advertising",
"MIT-Click",
"MIT-CMU",
"MIT-enna",
"MIT-feh",
"MIT-Festival",
"MIT-Khronos-old",
"MIT-Modern-Variant",
"MIT-open-group",
"MIT-testregex",
"MIT-Wu",
"MITNFA",
"MMIXware",
"Motosoto",
"MPEG-SSG",
"mpi-permissive",
"mpich2",
"MPL-1.0",
"MPL-1.1",
"MPL-2.0",
"MPL-2.0-no-copyleft-exception",
"mplus",
"MS-LPL",
"MS-PL",
"MS-RL",
"MTLL",
"MulanPSL-1.0",
"MulanPSL-2.0",
"Multics",
"Mup",
"NAIST-2003",
"NASA-1.3",
"Naumen",
"NBPL-1.0",
"NCBI-PD",
"NCGL-UK-2.0",
"NCL",
"NCSA",
"Net-SNMP",
"NetCDF",
"Newsletr",
"NGPL",
"ngrep",
"NICTA-1.0",
"NIST-PD",
"NIST-PD-fallback",
"NIST-Software",
"NLOD-1.0",
"NLOD-2.0",
"NLPL",
"Nokia",
"NOSL",
"Noweb",
"NPL-1.0",
"NPL-1.1",
"NPOSL-3.0",
"NRL",
"NTIA-PD",
"NTP",
"NTP-0",
"Nunit",
"O-UDA-1.0",
"OAR",
"OCCT-PL",
"OCLC-2.0",
"ODbL-1.0",
"ODC-By-1.0",
"OFFIS",
"OFL-1.0",
"OFL-1.0-no-RFN",
"OFL-1.0-RFN",
"OFL-1.1",
"OFL-1.1-no-RFN",
"OFL-1.1-RFN",
"OGC-1.0",
"OGDL-Taiwan-1.0",
"OGL-Canada-2.0",
"OGL-UK-1.0",
"OGL-UK-2.0",
"OGL-UK-3.0",
"OGTSL",
"OLDAP-1.1",
"OLDAP-1.2",
"OLDAP-1.3",
"OLDAP-1.4",
"OLDAP-2.0",
"OLDAP-2.0.1",
"OLDAP-2.1",
"OLDAP-2.2",
"OLDAP-2.2.1",
"OLDAP-2.2.2",
"OLDAP-2.3",
"OLDAP-2.4",
"OLDAP-2.5",
"OLDAP-2.6",
"OLDAP-2.7",
"OLDAP-2.8",
"OLFL-1.3",
"OML",
"OpenPBS-2.3",
"OpenSSL",
"OpenSSL-standalone",
"OpenVision",
"OPL-1.0",
"OPL-UK-3.0",
"OPUBL-1.0",
"OSET-PL-2.1",
"OSL-1.0",
"OSL-1.1",
"OSL-2.0",
"OSL-2.1",
"OSL-3.0",
"PADL",
"Parity-6.0.0",
"Parity-7.0.0",
"PDDL-1.0",
"PHP-3.0",
"PHP-3.01",
"Pixar",
"pkgconf",
"Plexus",
"pnmstitch",
"PolyForm-Noncommercial-1.0.0",
"PolyForm-Small-Business-1.0.0",
"PostgreSQL",
"PPL",
"PSF-2.0",
"psfrag",
"psutils",
"Python-2.0",
"Python-2.0.1",
"python-ldap",
"Qhull",
"QPL-1.0",
"QPL-1.0-INRIA-2004",
"radvd",
"Rdisc",
"RHeCos-1.1",
"RPL-1.1",
"RPL-1.5",
"RPSL-1.0",
"RSA-MD",
"RSCPL",
"Ruby",
"Ruby-pty",
"SAX-PD",
"SAX-PD-2.0",
"Saxpath",
"SCEA",
"SchemeReport",
"Sendmail",
"Sendmail-8.23",
"Sendmail-Open-Source-1.1",
"SGI-B-1.0",
"SGI-B-1.1",
"SGI-B-2.0",
"SGI-OpenGL",
"SGP4",
"SHL-0.5",
"SHL-0.51",
"SimPL-2.0",
"SISSL",
"SISSL-1.2",
"SL",
"Sleepycat",
"SMAIL-GPL",
"SMLNJ",
"SMPPL",
"SNIA",
"snprintf",
"SOFA",
"softSurfer",
"Soundex",
"Spencer-86",
"Spencer-94",
"Spencer-99",
"SPL-1.0",
"ssh-keyscan",
"SSH-OpenSSH",
"SSH-short",
"SSLeay-standalone",
"SSPL-1.0",
"StandardML-NJ",
"SugarCRM-1.1.3",
"SUL-1.0",
"Sun-PPP",
"Sun-PPP-2000",
"SunPro",
"SWL",
"swrule",
"Symlinks",
"TAPR-OHL-1.0",
"TCL",
"TCP-wrappers",
"TermReadKey",
"TGPPL-1.0",
"ThirdEye",
"threeparttable",
"TMate",
"TORQUE-1.1",
"TOSL",
"TPDL",
"TPL-1.0",
"TrustedQSL",
"TTWL",
"TTYP0",
"TU-Berlin-1.0",
"TU-Berlin-2.0",
"Ubuntu-font-1.0",
"UCAR",
"UCL-1.0",
"ulem",
"UMich-Merit",
"Unicode-3.0",
"Unicode-DFS-2015",
"Unicode-DFS-2016",
"Unicode-TOU",
"UnixCrypt",
"Unlicense",
"Unlicense-libtelnet",
"Unlicense-libwhirlpool",
"UPL-1.0",
"URT-RLE",
"Vim",
"VOSTROM",
"VSL-1.0",
"W3C",
"W3C-19980720",
"W3C-20150513",
"w3m",
"Watcom-1.0",
"Widget-Workshop",
"Wsuipa",
"WTFPL",
"wwl",
"wxWindows",
"X11",
"X11-distribute-modifications-variant",
"X11-swapped",
"Xdebug-1.03",
"Xerox",
"Xfig",
"XFree86-1.1",
"xinetd",
"xkeyboard-config-Zinoviev",
"xlock",
"Xnet",
"xpp",
"XSkat",
"xzoom",
"YPL-1.0",
"YPL-1.1",
"Zed",
"Zeeff",
"Zend-2.0",
"Zimbra-1.3",
"Zimbra-1.4",
"Zlib",
"zlib-acknowledgement",
"ZPL-1.1",
"ZPL-2.0",
"ZPL-2.1",
"389-exception",
"Asterisk-exception",
"Asterisk-linking-protocols-exception",
"Autoconf-exception-2.0",
"Autoconf-exception-3.0",
"Autoconf-exception-generic",
"Autoconf-exception-generic-3.0",
"Autoconf-exception-macro",
"Bison-exception-1.24",
"Bison-exception-2.2",
"Bootloader-exception",
"CGAL-linking-exception",
"Classpath-exception-2.0",
"CLISP-exception-2.0",
"cryptsetup-OpenSSL-exception",
"Digia-Qt-LGPL-exception-1.1",
"DigiRule-FOSS-exception",
"eCos-exception-2.0",
"erlang-otp-linking-exception",
"Fawkes-Runtime-exception",
"FLTK-exception",
"fmt-exception",
"Font-exception-2.0",
"freertos-exception-2.0",
"GCC-exception-2.0",
"GCC-exception-2.0-note",
"GCC-exception-3.1",
"Gmsh-exception",
"GNAT-exception",
"GNOME-examples-exception",
"GNU-compiler-exception",
"gnu-javamail-exception",
"GPL-3.0-389-ds-base-exception",
"GPL-3.0-interface-exception",
"GPL-3.0-linking-exception",
"GPL-3.0-linking-source-exception",
"GPL-CC-1.0",
"GStreamer-exception-2005",
"GStreamer-exception-2008",
"harbour-exception",
"i2p-gpl-java-exception",
"Independent-modules-exception",
"KiCad-libraries-exception",
"LGPL-3.0-linking-exception",
"libpri-OpenH323-exception",
"Libtool-exception",
"Linux-syscall-note",
"LLGPL",
"LLVM-exception",
"LZMA-exception",
"mif-exception",
"mxml-exception",
"Nokia-Qt-exception-1.1",
"OCaml-LGPL-linking-exception",
"OCCT-exception-1.0",
"OpenJDK-assembly-exception-1.0",
"openvpn-openssl-exception",
"PCRE2-exception",
"polyparse-exception",
"PS-or-PDF-font-exception-20170817",
"QPL-1.0-INRIA-2004-exception",
"Qt-GPL-exception-1.0",
"Qt-LGPL-exception-1.1",
"Qwt-exception-1.0",
"romic-exception",
"RRDtool-FLOSS-exception-2.0",
"SANE-exception",
"SHL-2.0",
"SHL-2.1",
"stunnel-exception",
"SWI-exception",
"Swift-exception",
"Texinfo-exception",
"u-boot-exception-2.0",
"UBDL-exception",
"Universal-FOSS-exception-1.0",
"vsftpd-openssl-exception",
"WxWindows-exception-3.1",
"x11vnc-openssl-exception"
]
}

107
schema/cyclonedx/spdx.xsd
View File

@ -2,7 +2,7 @@
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
targetNamespace="http://cyclonedx.org/schema/spdx"
version="1.0-3.26.0">
version="1.0-3.27.0">
<xs:simpleType name="licenseId">
<xs:restriction base="xs:string">
@ -242,6 +242,16 @@
<xs:documentation>Artistic License 2.0</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Artistic-dist">
<xs:annotation>
<xs:documentation>Artistic License 1.0 (dist)</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Aspell-RU">
<xs:annotation>
<xs:documentation>Aspell Russian License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ASWF-Digital-Assets-1.0">
<xs:annotation>
<xs:documentation>ASWF Digital Assets License version 1.0</xs:documentation>
@ -367,6 +377,11 @@
<xs:documentation>BSD-2-Clause Plus Patent License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="BSD-2-Clause-pkgconf-disclaimer">
<xs:annotation>
<xs:documentation>BSD 2-Clause pkgconf disclaimer variant</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="BSD-2-Clause-Views">
<xs:annotation>
<xs:documentation>BSD 2-Clause with views sentence</xs:documentation>
@ -1027,6 +1042,11 @@
<xs:documentation>Crossword License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="CryptoSwift">
<xs:annotation>
<xs:documentation>CryptoSwift License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="CrystalStacker">
<xs:annotation>
<xs:documentation>CrystalStacker License</xs:documentation>
@ -1082,6 +1102,11 @@
<xs:documentation>DOC License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="DocBook-DTD">
<xs:annotation>
<xs:documentation>DocBook DTD License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="DocBook-Schema">
<xs:annotation>
<xs:documentation>DocBook Schema License</xs:documentation>
@ -1272,11 +1297,26 @@
<xs:documentation>FSF Unlimited License (with License Retention)</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="FSFULLRSD">
<xs:annotation>
<xs:documentation>FSF Unlimited License (with License Retention and Short Disclaimer)</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="FSFULLRWD">
<xs:annotation>
<xs:documentation>FSF Unlimited License (With License Retention and Warranty Disclaimer)</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="FSL-1.1-ALv2">
<xs:annotation>
<xs:documentation>Functional Source License, Version 1.1, ALv2 Future License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="FSL-1.1-MIT">
<xs:annotation>
<xs:documentation>Functional Source License, Version 1.1, MIT Future License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="FTL">
<xs:annotation>
<xs:documentation>Freetype Project License</xs:documentation>
@ -1292,6 +1332,11 @@
<xs:documentation>fwlw License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Game-Programming-Gems">
<xs:annotation>
<xs:documentation>Game Programming Gems License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="GCR-docs">
<xs:annotation>
<xs:documentation>Gnome GCR Documentation License</xs:documentation>
@ -1562,6 +1607,11 @@
<xs:documentation>Haskell Language Report License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="HDF5">
<xs:annotation>
<xs:documentation>HDF5 License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="hdparm">
<xs:annotation>
<xs:documentation>hdparm License</xs:documentation>
@ -1812,6 +1862,11 @@
<xs:documentation>JasPer License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="jove">
<xs:annotation>
<xs:documentation>Jove License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="JPL-image">
<xs:annotation>
<xs:documentation>JPL Image Use Policy</xs:documentation>
@ -1937,6 +1992,11 @@
<xs:documentation>libpng License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="libpng-1.6.35">
<xs:annotation>
<xs:documentation>PNG Reference Library License v1 (for libpng 0.5 through 1.6.35)</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="libpng-2.0">
<xs:annotation>
<xs:documentation>PNG Reference Library version 2</xs:documentation>
@ -2087,6 +2147,11 @@
<xs:documentation>MakeIndex License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="man2html">
<xs:annotation>
<xs:documentation>man2html License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Martin-Birgmeier">
<xs:annotation>
<xs:documentation>Martin Birgmeier License</xs:documentation>
@ -2337,6 +2402,11 @@
<xs:documentation>Nethack General Public License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ngrep">
<xs:annotation>
<xs:documentation>ngrep License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="NICTA-1.0">
<xs:annotation>
<xs:documentation>NICTA Public Software License, Version 1.0</xs:documentation>
@ -2407,6 +2477,11 @@
<xs:documentation>NRL License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="NTIA-PD">
<xs:annotation>
<xs:documentation>NTIA Public Domain Notice</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="NTP">
<xs:annotation>
<xs:documentation>NTP License</xs:documentation>
@ -2967,6 +3042,11 @@
<xs:documentation>snprintf License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="SOFA">
<xs:annotation>
<xs:documentation>SOFA Software License</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="softSurfer">
<xs:annotation>
<xs:documentation>softSurfer License</xs:documentation>
@ -3032,6 +3112,11 @@
<xs:documentation>SugarCRM Public License v1.1.3</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="SUL-1.0">
<xs:annotation>
<xs:documentation>Sustainable Use License v1.0</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Sun-PPP">
<xs:annotation>
<xs:documentation>Sun PPP License</xs:documentation>
@ -3202,6 +3287,16 @@
<xs:documentation>The Unlicense</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Unlicense-libtelnet">
<xs:annotation>
<xs:documentation>Unlicense - libtelnet variant</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Unlicense-libwhirlpool">
<xs:annotation>
<xs:documentation>Unlicense - libwhirlpool variant</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="UPL-1.0">
<xs:annotation>
<xs:documentation>Universal Permissive License v1.0</xs:documentation>
@ -3483,6 +3578,11 @@
<xs:documentation>cryptsetup OpenSSL exception</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Digia-Qt-LGPL-exception-1.1">
<xs:annotation>
<xs:documentation>Digia Qt LGPL Exception version 1.1</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="DigiRule-FOSS-exception">
<xs:annotation>
<xs:documentation>DigiRule FOSS License Exception</xs:documentation>
@ -3693,6 +3793,11 @@
<xs:documentation>PCRE2 exception</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="polyparse-exception">
<xs:annotation>
<xs:documentation>Polyparse Exception</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="PS-or-PDF-font-exception-20170817">
<xs:annotation>
<xs:documentation>PS/PDF font exception (2017-08-17)</xs:documentation>