diff --git a/README.md b/README.md index 828c62a4f..d3ac972d7 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ additional installation of optional dependencies * Serialize to JSON-LD See [Quickstart to SPDX 3.0](#quickstart-to-spdx-30) below. -The implementation is based on the descriptive markdown files in the repository https://github.com/spdx/spdx-3-model (latest commit: ea2e1446ae937c6722b3f599f95813f8747d54b4). +The implementation is based on the descriptive markdown files in the repository https://github.com/spdx/spdx-3-model (latest commit: a5372a3c145dbdfc1381fc1f791c68889aafc7ff). # Installation diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/package.py b/src/spdx_tools/spdx3/bump_from_spdx2/package.py index bd0a07d11..899506360 100644 --- a/src/spdx_tools/spdx3/bump_from_spdx2/package.py +++ b/src/spdx_tools/spdx3/bump_from_spdx2/package.py @@ -75,8 +75,8 @@ def bump_package( "and missing definition of license profile", ) - external_references = [] - external_identifiers = [] + external_reference = [] + external_identifier = [] purl_refs = [ external_ref for external_ref in spdx2_package.external_references if external_ref.reference_type == "purl" ] @@ -89,13 +89,11 @@ def bump_package( continue id_or_ref = bump_external_package_ref(spdx2_external_ref) if isinstance(id_or_ref, ExternalReference): - external_references.append(id_or_ref) + external_reference.append(id_or_ref) elif isinstance(id_or_ref, ExternalIdentifier): - external_identifiers.append(id_or_ref) + external_identifier.append(id_or_ref) - package_purpose = ( - [SoftwarePurpose[spdx2_package.primary_package_purpose.name]] if spdx2_package.primary_package_purpose else [] - ) + package_purpose = SoftwarePurpose[spdx2_package.primary_package_purpose.name] payload.add_element( Package( @@ -106,14 +104,14 @@ def bump_package( description=spdx2_package.description, comment=spdx2_package.comment, verified_using=integrity_methods, - external_references=external_references, - external_identifier=external_identifiers, + external_reference=external_reference, + external_identifier=external_identifier, originated_by=originated_by_spdx_id, supplied_by=supplied_by_spdx_id, built_time=spdx2_package.built_date, release_time=spdx2_package.release_date, valid_until_time=spdx2_package.valid_until_date, - purpose=package_purpose, + primary_purpose=package_purpose, package_version=spdx2_package.version, download_location=download_location, package_url=package_url, diff --git a/src/spdx_tools/spdx3/model/agent.py b/src/spdx_tools/spdx3/model/agent.py index 0470ed304..9aa326e22 100644 --- a/src/spdx_tools/spdx3/model/agent.py +++ b/src/spdx_tools/spdx3/model/agent.py @@ -19,11 +19,11 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/ai/ai_package.py b/src/spdx_tools/spdx3/model/ai/ai_package.py index 9d5dd4114..b297385e3 100644 --- a/src/spdx_tools/spdx3/model/ai/ai_package.py +++ b/src/spdx_tools/spdx3/model/ai/ai_package.py @@ -46,14 +46,14 @@ def __init__( supplied_by: List[str], download_location: str, package_version: str, - purpose: List[SoftwarePurpose], + primary_purpose: SoftwarePurpose, release_time: datetime, creation_info: Optional[CreationInfo] = None, summary: Optional[str] = None, description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, originated_by: List[str] = None, @@ -61,6 +61,7 @@ def __init__( valid_until_time: Optional[datetime] = None, standard: List[str] = None, content_identifier: Optional[str] = None, + additional_purpose: List[SoftwarePurpose] = None, concluded_license: Optional[LicenseField] = None, declared_license: Optional[LicenseField] = None, copyright_text: Optional[str] = None, @@ -85,9 +86,10 @@ def __init__( safety_risk_assessment: Optional[SafetyRiskAssessmentType] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier originated_by = [] if originated_by is None else originated_by + additional_purpose = [] if additional_purpose is None else additional_purpose standard = [] if standard is None else standard standard_compliance = [] if standard_compliance is None else standard_compliance type_of_model = [] if type_of_model is None else type_of_model diff --git a/src/spdx_tools/spdx3/model/annotation.py b/src/spdx_tools/spdx3/model/annotation.py index 9a016cfe8..e74d9d578 100644 --- a/src/spdx_tools/spdx3/model/annotation.py +++ b/src/spdx_tools/spdx3/model/annotation.py @@ -34,14 +34,14 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, content_type: List[str] = None, statement: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier content_type = [] if content_type is None else content_type check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/bom.py b/src/spdx_tools/spdx3/model/bom.py index 332d31652..a9ad7d57e 100644 --- a/src/spdx_tools/spdx3/model/bom.py +++ b/src/spdx_tools/spdx3/model/bom.py @@ -32,7 +32,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, namespaces: List[NamespaceMap] = None, @@ -40,7 +40,7 @@ def __init__( context: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier namespaces = [] if namespaces is None else namespaces imports = [] if imports is None else imports diff --git a/src/spdx_tools/spdx3/model/build/build.py b/src/spdx_tools/spdx3/model/build/build.py index 8d784e819..c6662ccce 100644 --- a/src/spdx_tools/spdx3/model/build/build.py +++ b/src/spdx_tools/spdx3/model/build/build.py @@ -33,7 +33,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, build_id: Optional[str] = None, @@ -46,7 +46,7 @@ def __init__( environment: Dict[str, str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier config_source_entrypoint = [] if config_source_entrypoint is None else config_source_entrypoint config_source_uri = [] if config_source_uri is None else config_source_uri diff --git a/src/spdx_tools/spdx3/model/bundle.py b/src/spdx_tools/spdx3/model/bundle.py index c90352308..63640f845 100644 --- a/src/spdx_tools/spdx3/model/bundle.py +++ b/src/spdx_tools/spdx3/model/bundle.py @@ -31,7 +31,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, namespaces: List[NamespaceMap] = None, @@ -39,7 +39,7 @@ def __init__( context: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier namespaces = [] if namespaces is None else namespaces imports = [] if imports is None else imports diff --git a/src/spdx_tools/spdx3/model/dataset/dataset.py b/src/spdx_tools/spdx3/model/dataset/dataset.py index 774a3bef2..bbb82cc3a 100644 --- a/src/spdx_tools/spdx3/model/dataset/dataset.py +++ b/src/spdx_tools/spdx3/model/dataset/dataset.py @@ -14,6 +14,23 @@ from spdx_tools.spdx3.model.software import Package, SoftwarePurpose +class DatasetType(Enum): + STRUCTURED = auto() + NUMERIC = auto() + TEXT = auto() + CATEGORICAL = auto() + GRAPH = auto() + TIMESERIES = auto() + TIMESTAMP = auto() + SENSOR = auto() + IMAGE = auto() + SYNTACTIC = auto() + AUDIO = auto() + VIDEO = auto() + OTHER = auto() + NO_ASSERTION = auto() + + class ConfidentialityLevelType(Enum): RED = auto() AMBER = auto() @@ -31,7 +48,7 @@ class DatasetAvailabilityType(Enum): @dataclass_with_properties class Dataset(Package): - dataset_type: str = None + dataset_type: List[DatasetType] = None data_collection_process: Optional[str] = None intended_use: Optional[str] = None dataset_size: Optional[int] = None @@ -51,22 +68,23 @@ def __init__( name: str, originated_by: List[str], download_location: str, - purpose: List[SoftwarePurpose], + primary_purpose: SoftwarePurpose, built_time: datetime, release_time: datetime, - dataset_type: str, + dataset_type: List[DatasetType], creation_info: Optional[CreationInfo] = None, summary: Optional[str] = None, description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, supplied_by: List[str] = None, valid_until_time: Optional[datetime] = None, standard: List[str] = None, content_identifier: Optional[str] = None, + additional_purpose: List[SoftwarePurpose] = None, concluded_license: Optional[LicenseField] = None, declared_license: Optional[LicenseField] = None, copyright_text: Optional[str] = None, @@ -89,9 +107,10 @@ def __init__( dataset_availability: Optional[DatasetAvailabilityType] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier originated_by = [] if originated_by is None else originated_by + additional_purpose = [] if additional_purpose is None else additional_purpose supplied_by = [] if supplied_by is None else supplied_by standard = [] if standard is None else standard data_preprocessing = [] if data_preprocessing is None else data_preprocessing diff --git a/src/spdx_tools/spdx3/model/element.py b/src/spdx_tools/spdx3/model/element.py index f5ec4790e..08f2d7b85 100644 --- a/src/spdx_tools/spdx3/model/element.py +++ b/src/spdx_tools/spdx3/model/element.py @@ -19,7 +19,7 @@ class Element(ABC): description: Optional[str] = None comment: Optional[str] = None verified_using: List[IntegrityMethod] = field(default_factory=list) - external_references: List[ExternalReference] = field(default_factory=list) + external_reference: List[ExternalReference] = field(default_factory=list) external_identifier: List[ExternalIdentifier] = field(default_factory=list) extension: Optional[str] = None # placeholder for extension diff --git a/src/spdx_tools/spdx3/model/external_identifier.py b/src/spdx_tools/spdx3/model/external_identifier.py index a7ae2a8d2..ee458151e 100644 --- a/src/spdx_tools/spdx3/model/external_identifier.py +++ b/src/spdx_tools/spdx3/model/external_identifier.py @@ -13,9 +13,11 @@ class ExternalIdentifierType(Enum): CPE22 = auto() CPE23 = auto() + CVE = auto() EMAIL = auto() GITOID = auto() PURL = auto() + SECURITY_OTHER = auto() SWHID = auto() SWID = auto() URL_SCHEME = auto() diff --git a/src/spdx_tools/spdx3/model/external_reference.py b/src/spdx_tools/spdx3/model/external_reference.py index 5e29aa583..2f44a54d6 100644 --- a/src/spdx_tools/spdx3/model/external_reference.py +++ b/src/spdx_tools/spdx3/model/external_reference.py @@ -16,23 +16,39 @@ class ExternalReferenceType(Enum): BINARY_ARTIFACT = auto() BUILD_META = auto() BUILD_SYSTEM = auto() + CERTIFICATION_REPORT = auto() CHAT = auto() + COMPONENT_ANALYSIS_REPORT = auto() DOCUMENTATION = auto() + DYNAMIC_ANALYSIS_REPORT = auto() + EOL_NOTICE = auto() FUNDING = auto() ISSUE_TRACKER = auto() + LICENSE = auto() MAILING_LIST = auto() METRICS = auto() - LICENSE = auto() OTHER = auto() - RELEASE_NOTES = auto() + PRODUCT_METADATA = auto() + QUALITY_ASSESSMENT_REPORT = auto() RELEASE_HISTORY = auto() + RELEASE_NOTES = auto() + RISK_ASSESSMENT = auto() + RUNTIME_ANALYSIS_REPORT = auto() + SECURE_SOFTWARE_ATTESTATION = auto() + SECURITY_ADVERSARY_MODEL = auto() SECURITY_ADVISORY = auto() SECURITY_FIX = auto() SECURITY_OTHER = auto() + SECURITY_PEN_TEST_REPORT = auto() + SECURITY_POLICY = auto() + SECURITY_THREAT_MODEL = auto() SOCIAL_MEDIA = auto() SOURCE_ARTIFACT = auto() + STATIC_ANALYSIS_REPORT = auto() SUPPORT = auto() VCS = auto() + VULNERABILITY_DISCLOSURE_REPORT = auto() + VULNERABILITY_EXPLOITABILITY_ASSESSMENT = auto() @dataclass_with_properties diff --git a/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py b/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py index f5181a616..a06e108ce 100644 --- a/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py +++ b/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py @@ -44,7 +44,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -54,6 +54,6 @@ def __init__( ): to = [] if to is None else to verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/namespace_map.py b/src/spdx_tools/spdx3/model/namespace_map.py index 88ad49bf8..c4d1217a5 100644 --- a/src/spdx_tools/spdx3/model/namespace_map.py +++ b/src/spdx_tools/spdx3/model/namespace_map.py @@ -1,16 +1,14 @@ # SPDX-FileCopyrightText: 2023 spdx contributors # # SPDX-License-Identifier: Apache-2.0 -from beartype.typing import Optional - from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties from spdx_tools.common.typing.type_checks import check_types_and_set_values @dataclass_with_properties class NamespaceMap: - prefix: Optional[str] = None - namespace: Optional[str] = None # anyURI + prefix: str + namespace: str # anyURI - def __init__(self, prefix: Optional[str] = None, namespace: Optional[str] = None): + def __init__(self, prefix: str, namespace: str): check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/organization.py b/src/spdx_tools/spdx3/model/organization.py index f896b2b33..c297b24b3 100644 --- a/src/spdx_tools/spdx3/model/organization.py +++ b/src/spdx_tools/spdx3/model/organization.py @@ -19,11 +19,11 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/person.py b/src/spdx_tools/spdx3/model/person.py index b06e263db..782e5a366 100644 --- a/src/spdx_tools/spdx3/model/person.py +++ b/src/spdx_tools/spdx3/model/person.py @@ -19,11 +19,11 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/relationship.py b/src/spdx_tools/spdx3/model/relationship.py index 04550b419..873559460 100644 --- a/src/spdx_tools/spdx3/model/relationship.py +++ b/src/spdx_tools/spdx3/model/relationship.py @@ -13,12 +13,15 @@ class RelationshipType(Enum): + AFFECTS = auto() AMENDS = auto() ANCESTOR = auto() AVAILABLE_FROM = auto() BUILD_DEPENDENCY = auto() BUILD_TOOL = auto() + COORDINATED_BY = auto() CONTAINS = auto() + CONFIG_OF = auto() COPY = auto() DATA_FILE = auto() DEPENDENCY_MANIFEST = auto() @@ -29,21 +32,37 @@ class RelationshipType(Enum): DEV_TOOL = auto() DISTRIBUTION_ARTIFACT = auto() DOCUMENTATION = auto() + DOES_NOT_AFFECT = auto() DYNAMIC_LINK = auto() EXAMPLE = auto() + EVIDENCE_FOR = auto() EXPANDED_FROM_ARCHIVE = auto() + EXPLOIT_CREATED_BY = auto() FILE_ADDED = auto() FILE_DELETED = auto() FILE_MODIFIED = auto() + FIXED_BY = auto() + FIXED_IN = auto() + FOUND_BY = auto() GENERATES = auto() + HAS_ASSESSMENT_FOR = auto() + HAS_ASSOCIATED_VULNERABILITY = auto() + HOST_OF = auto() + INPUT_OF = auto() + INVOKED_BY = auto() METAFILE = auto() + ON_BEHALF_OF = auto() OPTIONAL_COMPONENT = auto() OPTIONAL_DEPENDENCY = auto() OTHER = auto() + OUTPUT_OF = auto() PACKAGES = auto() PATCH = auto() PREREQUISITE = auto() PROVIDED_DEPENDENCY = auto() + PUBLISHED_BY = auto() + REPORTED_BY = auto() + REPUBLISHED_BY = auto() REQUIREMENT_FOR = auto() RUNTIME_DEPENDENCY = auto() SPECIFICATION_FOR = auto() @@ -52,30 +71,10 @@ class RelationshipType(Enum): TEST_CASE = auto() TEST_DEPENDENCY = auto() TEST_TOOL = auto() - VARIANT = auto() - BUILD_INPUT_OF = auto() - BUILD_OUTPUT_OF = auto() - BUILD_CONFIG_OF = auto() - BUILD_INVOKED_BY = auto() - BUILD_ON_BEHALF_OF = auto() - BUILD_HOST_OF = auto() - HAS_ASSOCIATED_VULNERABILITY = auto() - COORDINATED_BY = auto() - HAS_CVSS_V2_ASSESSMENT_FOR = auto() - HAS_CVSS_V3_ASSESSMENT_FOR = auto() - HAS_EPSS_ASSESSMENT_FOR = auto() - HAS_EXPLOIT_CATALOG_ASSESSMENT_FOR = auto() - HAS_SSVC_ASSESSMENT_FOR = auto() - EXPLOIT_CREATED_BY = auto() - FIXED_BY = auto() - FOUND_BY = auto() - PUBLISHED_BY = auto() - REPORTED_BY = auto() - REPUBLISHED_BY = auto() - AFFECTS = auto() - DOES_NOT_AFFECT = auto() - FIXED_IN = auto() + TESTED_ON = auto() + TRAINED_ON = auto() UNDER_INVESTIGATION_FOR = auto() + VARIANT = auto() class RelationshipCompleteness(Enum): @@ -107,7 +106,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -116,6 +115,6 @@ def __init__( ): to = [] if to is None else to verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py index f480e961b..c686f9dfc 100644 --- a/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py @@ -37,7 +37,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -52,6 +52,6 @@ def __init__( vector: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py index fb30a215c..ab8a803af 100644 --- a/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py @@ -37,7 +37,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -52,6 +52,6 @@ def __init__( vector: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py index cde6445d6..f5001a92d 100644 --- a/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py @@ -36,7 +36,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -50,6 +50,6 @@ def __init__( severity: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py index 6ed309047..a7a67ac68 100644 --- a/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py @@ -45,7 +45,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -58,6 +58,6 @@ def __init__( withdrawn_time: Optional[datetime] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py index e72f6c30f..d98803874 100644 --- a/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py @@ -28,7 +28,7 @@ class SsvcDecisionType(Enum): @dataclass_with_properties class SsvcVulnAssessmentRelationship(VulnAssessmentRelationship): - decision: SsvcDecisionType = None + decision_type: SsvcDecisionType = None def __init__( self, @@ -36,14 +36,14 @@ def __init__( from_element: str, relationship_type: RelationshipType, to: List[str], - decision: SsvcDecisionType, + decision_type: SsvcDecisionType, creation_info: Optional[CreationInfo] = None, name: Optional[str] = None, summary: Optional[str] = None, description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -56,6 +56,6 @@ def __init__( withdrawn_time: Optional[datetime] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py index 014190770..2dc242273 100644 --- a/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py @@ -36,7 +36,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -53,7 +53,7 @@ def __init__( action_statement_time: List[datetime] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier action_statement_time = [] if action_statement_time is None else action_statement_time check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py index 79a495bb9..c8bdc2b38 100644 --- a/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py @@ -32,7 +32,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -47,6 +47,6 @@ def __init__( status_notes: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py index 659ea747f..4c019a973 100644 --- a/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py @@ -29,7 +29,7 @@ class VexJustificationType(Enum): @dataclass_with_properties class VexNotAffectedVulnAssessmentRelationship(VexVulnAssessmentRelationship): - justification: Optional[VexJustificationType] = None + justification_type: Optional[VexJustificationType] = None impact_statement: Optional[str] = None impact_statement_time: Optional[datetime] = None @@ -45,7 +45,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -58,11 +58,11 @@ def __init__( withdrawn_time: Optional[datetime] = None, vex_version: Optional[str] = None, status_notes: Optional[str] = None, - justification: Optional[VexJustificationType] = None, + justification_type: Optional[VexJustificationType] = None, impact_statement: Optional[str] = None, impact_statement_time: Optional[datetime] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py index a24db0156..ba63480bc 100644 --- a/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py +++ b/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py @@ -32,7 +32,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -47,6 +47,6 @@ def __init__( status_notes: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/security/vulnerability.py b/src/spdx_tools/spdx3/model/security/vulnerability.py index 1daa006a6..a137b1cb7 100644 --- a/src/spdx_tools/spdx3/model/security/vulnerability.py +++ b/src/spdx_tools/spdx3/model/security/vulnerability.py @@ -25,7 +25,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, published_time: Optional[datetime] = None, @@ -33,6 +33,6 @@ def __init__( withdrawn_time: Optional[datetime] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/software/file.py b/src/spdx_tools/spdx3/model/software/file.py index 0651aaadf..c962b4dbd 100644 --- a/src/spdx_tools/spdx3/model/software/file.py +++ b/src/spdx_tools/spdx3/model/software/file.py @@ -26,7 +26,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, originated_by: List[str] = None, @@ -36,7 +36,8 @@ def __init__( valid_until_time: Optional[datetime] = None, standard: List[str] = None, content_identifier: Optional[str] = None, - purpose: List[SoftwarePurpose] = None, + primary_purpose: Optional[SoftwarePurpose] = None, + additional_purpose: List[SoftwarePurpose] = None, concluded_license: Optional[LicenseField] = None, declared_license: Optional[LicenseField] = None, copyright_text: Optional[str] = None, @@ -44,10 +45,10 @@ def __init__( content_type: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier originated_by = [] if originated_by is None else originated_by supplied_by = [] if supplied_by is None else supplied_by standard = [] if standard is None else standard - purpose = [] if purpose is None else purpose + additional_purpose = [] if additional_purpose is None else additional_purpose check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/software/package.py b/src/spdx_tools/spdx3/model/software/package.py index 2b20ba398..0c249cc1b 100644 --- a/src/spdx_tools/spdx3/model/software/package.py +++ b/src/spdx_tools/spdx3/model/software/package.py @@ -30,7 +30,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, originated_by: List[str] = None, @@ -40,7 +40,8 @@ def __init__( valid_until_time: Optional[datetime] = None, standard: List[str] = None, content_identifier: Optional[str] = None, - purpose: List[SoftwarePurpose] = None, + primary_purpose: Optional[SoftwarePurpose] = None, + additional_purpose: List[SoftwarePurpose] = None, concluded_license: Optional[LicenseField] = None, declared_license: Optional[LicenseField] = None, copyright_text: Optional[str] = None, @@ -52,10 +53,10 @@ def __init__( source_info: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier originated_by = [] if originated_by is None else originated_by supplied_by = [] if supplied_by is None else supplied_by standard = [] if standard is None else standard - purpose = [] if purpose is None else purpose + additional_purpose = [] if additional_purpose is None else additional_purpose check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/software/sbom.py b/src/spdx_tools/spdx3/model/software/sbom.py index ff702953f..1fb06f615 100644 --- a/src/spdx_tools/spdx3/model/software/sbom.py +++ b/src/spdx_tools/spdx3/model/software/sbom.py @@ -45,7 +45,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, namespaces: List[NamespaceMap] = None, @@ -54,7 +54,7 @@ def __init__( sbom_type: List[SBOMType] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier namespaces = [] if namespaces is None else namespaces imports = [] if imports is None else imports diff --git a/src/spdx_tools/spdx3/model/software/snippet.py b/src/spdx_tools/spdx3/model/software/snippet.py index 4dc5ac6e3..b3ab61396 100644 --- a/src/spdx_tools/spdx3/model/software/snippet.py +++ b/src/spdx_tools/spdx3/model/software/snippet.py @@ -28,7 +28,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, originated_by: List[str] = None, @@ -38,7 +38,8 @@ def __init__( valid_until_time: Optional[datetime] = None, standard: List[str] = None, content_identifier: Optional[str] = None, - purpose: List[SoftwarePurpose] = None, + primary_purpose: Optional[SoftwarePurpose] = None, + additional_purpose: List[SoftwarePurpose] = None, concluded_license: Optional[LicenseField] = None, declared_license: Optional[LicenseField] = None, copyright_text: Optional[str] = None, @@ -47,10 +48,10 @@ def __init__( line_range: Optional[PositiveIntegerRange] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier originated_by = [] if originated_by is None else originated_by supplied_by = [] if supplied_by is None else supplied_by standard = [] if standard is None else standard - purpose = [] if purpose is None else purpose + additional_purpose = [] if additional_purpose is None else additional_purpose check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/software/software_artifact.py b/src/spdx_tools/spdx3/model/software/software_artifact.py index 582c71613..afc2b7ff3 100644 --- a/src/spdx_tools/spdx3/model/software/software_artifact.py +++ b/src/spdx_tools/spdx3/model/software/software_artifact.py @@ -2,6 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 from abc import abstractmethod +from dataclasses import field from beartype.typing import List, Optional @@ -14,7 +15,8 @@ @dataclass_with_properties class SoftwareArtifact(Artifact): content_identifier: Optional[str] = None - purpose: List[SoftwarePurpose] = None + primary_purpose: Optional[SoftwarePurpose] = None + additional_purpose: List[SoftwarePurpose] = field(default_factory=list) concluded_license: Optional[LicenseField] = None declared_license: Optional[LicenseField] = None copyright_text: Optional[str] = None diff --git a/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py b/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py index 1ce96aeb7..c6751ecaa 100644 --- a/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py +++ b/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py @@ -52,7 +52,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, completeness: Optional[RelationshipCompleteness] = None, @@ -64,6 +64,6 @@ def __init__( ): to = [] if to is None else to verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/software/software_purpose.py b/src/spdx_tools/spdx3/model/software/software_purpose.py index 282def1d5..4e071181f 100644 --- a/src/spdx_tools/spdx3/model/software/software_purpose.py +++ b/src/spdx_tools/spdx3/model/software/software_purpose.py @@ -19,8 +19,10 @@ class SoftwarePurpose(Enum): FRAMEWORK = auto() INSTALL = auto() LIBRARY = auto() + MODEL = auto() MODULE = auto() OPERATING_SYSTEM = auto() OTHER = auto() PATCH = auto() SOURCE = auto() + TEST = auto() diff --git a/src/spdx_tools/spdx3/model/software_agent.py b/src/spdx_tools/spdx3/model/software_agent.py index 50fb57540..28e4b33a2 100644 --- a/src/spdx_tools/spdx3/model/software_agent.py +++ b/src/spdx_tools/spdx3/model/software_agent.py @@ -19,11 +19,11 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/model/spdx_document.py b/src/spdx_tools/spdx3/model/spdx_document.py index 43fcb3d6b..d9c70401c 100644 --- a/src/spdx_tools/spdx3/model/spdx_document.py +++ b/src/spdx_tools/spdx3/model/spdx_document.py @@ -32,7 +32,7 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, namespaces: List[NamespaceMap] = None, @@ -40,7 +40,7 @@ def __init__( context: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier namespaces = [] if namespaces is None else namespaces imports = [] if imports is None else imports diff --git a/src/spdx_tools/spdx3/model/tool.py b/src/spdx_tools/spdx3/model/tool.py index bc8447c1f..b4ba72cf3 100644 --- a/src/spdx_tools/spdx3/model/tool.py +++ b/src/spdx_tools/spdx3/model/tool.py @@ -19,11 +19,11 @@ def __init__( description: Optional[str] = None, comment: Optional[str] = None, verified_using: List[IntegrityMethod] = None, - external_references: List[ExternalReference] = None, + external_reference: List[ExternalReference] = None, external_identifier: List[ExternalIdentifier] = None, extension: Optional[str] = None, ): verified_using = [] if verified_using is None else verified_using - external_references = [] if external_references is None else external_references + external_reference = [] if external_reference is None else external_reference external_identifier = [] if external_identifier is None else external_identifier check_types_and_set_values(self, locals()) diff --git a/src/spdx_tools/spdx3/writer/console/element_writer.py b/src/spdx_tools/spdx3/writer/console/element_writer.py index 6614279f1..61eb72ecd 100644 --- a/src/spdx_tools/spdx3/writer/console/element_writer.py +++ b/src/spdx_tools/spdx3/writer/console/element_writer.py @@ -26,8 +26,8 @@ def write_element_properties(element: Element, text_output: TextIO): # as soon as there are more inherited classes we need to implement a logic # that determines the correct write function for the "integrity_method" object write_hash(integrity_method, text_output, heading=False) - write_optional_heading(element.external_references, "External References\n", text_output) - for external_reference in element.external_references: + write_optional_heading(element.external_reference, "External Reference\n", text_output) + for external_reference in element.external_reference: write_external_reference(external_reference, text_output) write_optional_heading(element.external_identifier, "External Identifier\n", text_output) for external_identifier in element.external_identifier: diff --git a/tests/spdx3/bump/test_package_bump.py b/tests/spdx3/bump/test_package_bump.py index e199b2995..6dc9ab39d 100644 --- a/tests/spdx3/bump/test_package_bump.py +++ b/tests/spdx3/bump/test_package_bump.py @@ -51,7 +51,7 @@ def test_bump_package(originator, expected_originator, supplier, expected_suppli assert isinstance(package, Package) assert package.spdx_id == expected_new_package_id assert package.package_version == spdx2_package.version - assert package.external_references == [ + assert package.external_reference == [ ExternalReference(ExternalReferenceType.SECURITY_ADVISORY, ["advisory_locator"], None, "advisory_comment") ] assert package.external_identifier == [ @@ -90,7 +90,7 @@ def test_bump_of_single_purl_without_comment(): package = payload.get_element(expected_new_package_id) assert package.package_url == "purl_locator" - assert package.external_references == [] + assert package.external_reference == [] assert package.external_identifier == [] @@ -108,7 +108,7 @@ def test_bump_of_single_purl_with_comment(): package = payload.get_element(expected_new_package_id) assert package.package_url is None - assert package.external_references == [] + assert package.external_reference == [] assert package.external_identifier == [ ExternalIdentifier(ExternalIdentifierType.PURL, "purl_locator", "purl_comment") ] @@ -129,7 +129,7 @@ def test_bump_of_multiple_purls(): package = payload.get_element(expected_new_package_id) assert package.package_url is None - assert package.external_references == [] + assert package.external_reference == [] TestCase().assertCountEqual( package.external_identifier, [ diff --git a/tests/spdx3/fixtures.py b/tests/spdx3/fixtures.py index 64511a1eb..219135f4b 100644 --- a/tests/spdx3/fixtures.py +++ b/tests/spdx3/fixtures.py @@ -35,7 +35,12 @@ ) from spdx_tools.spdx3.model.ai.ai_package import AIPackage, SafetyRiskAssessmentType from spdx_tools.spdx3.model.build import Build -from spdx_tools.spdx3.model.dataset.dataset import ConfidentialityLevelType, Dataset, DatasetAvailabilityType +from spdx_tools.spdx3.model.dataset.dataset import ( + ConfidentialityLevelType, + Dataset, + DatasetAvailabilityType, + DatasetType, +) from spdx_tools.spdx3.model.licensing import ( CustomLicense, CustomLicenseAddition, @@ -206,7 +211,7 @@ def listed_license_fixture( "description": "elementDescription", "comment": "elementComment", "verified_using": [hash_fixture()], - "external_references": [external_reference_fixture()], + "external_reference": [external_reference_fixture()], "external_identifier": [external_identifier_fixture()], "extension": "extensionPlaceholder", } @@ -297,32 +302,32 @@ def listed_license_fixture( "score": "4.3", "severity": "low", "vector": "(AV:N/AC:M/Au:N/C:P/I:N/A:N)", - "relationship_type": RelationshipType.HAS_CVSS_V2_ASSESSMENT_FOR, + "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR, } CVSS_V3_VULN_ASSESSMENT_RELATIONSHIP_DICT = { "score": "6.8", "severity": "medium", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "relationship_type": RelationshipType.HAS_CVSS_V3_ASSESSMENT_FOR, + "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR, } EPSS_VULN_ASSESSMENT_RELATIONSHIP_DICT = { "probability": 80, "severity": "high", - "relationship_type": RelationshipType.HAS_EPSS_ASSESSMENT_FOR, + "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR, } SSVC_VULN_ASSESSMENT_RELATIONSHIP_DICT = { - "decision": SsvcDecisionType.ACT, - "relationship_type": RelationshipType.HAS_SSVC_ASSESSMENT_FOR, + "decision_type": SsvcDecisionType.ACT, + "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR, } EXPLOIT_CATALOG_VULN_ASSESSMENT_RELATIONSHIP_DICT = { "catalog_type": ExploitCatalogType.KEV, "exploited": True, "locator": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", - "relationship_type": RelationshipType.HAS_EXPLOIT_CATALOG_ASSESSMENT_FOR, + "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR, } VEX_VULN_ASSESSMENT_RELATIONSHIP_DICT = { @@ -337,7 +342,7 @@ def listed_license_fixture( } VEX_NOT_AFFECTED_VULN_ASSESSMENT_RELATIONSHIP_DICT = { - "justification": VexJustificationType.COMPONENT_NOT_PRESENT, + "justification_type": VexJustificationType.COMPONENT_NOT_PRESENT, "impact_statement": "Not using this vulnerable part of this library.", "impact_statement_time": datetime(2015, 10, 15), "relationship_type": RelationshipType.DOES_NOT_AFFECT, @@ -380,7 +385,8 @@ def listed_license_fixture( SOFTWARE_ARTIFACT_DICT = { "content_identifier": "https://spdx.test/tools-python/contentIdentifier", - "purpose": [SoftwarePurpose.OTHER], + "primary_purpose": SoftwarePurpose.SOURCE, + "additional_purpose": [SoftwarePurpose.OTHER], "concluded_license": listed_license_fixture(), "declared_license": listed_license_fixture(), "copyright_text": "copyrightText", @@ -405,7 +411,7 @@ def listed_license_fixture( } DATASET_DICT = { - "dataset_type": "DatasetType", + "dataset_type": [DatasetType.OTHER], "data_collection_process": "DatasetDataCollectionProcess", "intended_use": "DatasetIntendedUse", "dataset_size": 10,