This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 799455d document and test license type
799455d is described below
commit 799455d1d22e5edc4acea513bd9ffa30079c673a
Author: Stefan Bodewig <[email protected]>
AuthorDate: Thu May 14 09:20:49 2026 +0200
document and test license type
---
docs/externalreferenceset.html | 2 +-
docs/index.html | 6 +-
docs/license.html | 76 ++++++++++++++
src/main/org/apache/ant/cyclonedx/License.java | 39 +++++++-
src/tests/antunit/externalreferences-test.xml | 2 +-
src/tests/antunit/license-test.xml | 131 +++++++++++++++++++++++++
6 files changed, 248 insertions(+), 8 deletions(-)
diff --git a/docs/externalreferenceset.html b/docs/externalreferenceset.html
index 0f416b7..ed51828 100644
--- a/docs/externalreferenceset.html
+++ b/docs/externalreferenceset.html
@@ -61,7 +61,7 @@ <h4>externalReference</h4>
</tr>
</table>
- <h2>Examples</h2>
+ <h3>Examples</h3>
<p>Below is a set of external references this Ant Library could
use for itself.</p>
diff --git a/docs/index.html b/docs/index.html
index bbe6200..ee7c3d2 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -60,6 +60,7 @@ <h2>Tasks and Types provided by this Ant Library</h2>
<ul>
<li><a href="externalreferenceset.html">externalreferenceset</a></li>
+ <li><a href="license.html">license</a></li>
</ul>
<h2>Requirements and Dependencies of this Ant Library</h2>
@@ -79,8 +80,9 @@ <h2>Requirements and Dependencies of this Ant Library</h2>
as <a href="https://github.com/package-url/packageurl-java";>Package
URL (purl) for Java</a>. It also depends
on <a href="https://github.com/FasterXML/jackson";>Jackson</a>
- but it may be possible to avoid the Jackson dependency if you
- only create the JSON format of the SBOM.</p>
+ and <a href="https://github.com/FasterXML/woodstox/";>woodstox</a>
+ when writing the BOM. It may be possible to avoid the woodstox
+ dependency if you only create the JSON format of the SBOM.</p>
</body>
</html>
diff --git a/docs/license.html b/docs/license.html
new file mode 100644
index 0000000..7ff1760
--- /dev/null
+++ b/docs/license.html
@@ -0,0 +1,76 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - license</title>
+ </head>
+
+ <body>
+ <h2 id="license">license</h2>
+
+ <p>licenses can be attached to components in CycloneDX SBOMs. The
+ license elements can be used as top-level elements and be given
+ an id so they can be later referred to via
+ the <code>refid</code> attribute -
+ see <a href="https://ant.apache.org/manual/using.html#references";>the
+ Ant manual</a>.</p>
+
+ <h3>Attributes</h3>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>licenseId</td>
+ <td>The id of the license. Must be a
+ valid <a href="https://spdx.org/licenses/";>SPDX
+ identifier</a>.</td>
+ <td rowspan="2">One of the two is required</td>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the license.</td>
+ </tr>
+ </table>
+
+ <h3>Nested elements</h3>
+
+ <h4>url</h4>
+
+ <p>At most one
+ nested <a
href="https://ant.apache.org/manual/Types/resources.html#url";>url-resource</a>
+ named <code>url</code> can be used to specify the URL of the license.</p>
+
+ <h3>Examples</h3>
+
+ <p>Below is a license referencing the license of this Antlib itself.</p>
+
+ <pre>
+ <cdx:license
+ licenseId="Apache-2.0"
+ id="apache-2"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ </cdx:license>
+ </pre>
+
+ </body>
diff --git a/src/main/org/apache/ant/cyclonedx/License.java
b/src/main/org/apache/ant/cyclonedx/License.java
index c171ab8..0e3ebdc 100644
--- a/src/main/org/apache/ant/cyclonedx/License.java
+++ b/src/main/org/apache/ant/cyclonedx/License.java
@@ -4,36 +4,67 @@ import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.types.DataType;
import org.apache.tools.ant.types.resources.URLResource;
+/**
+ * A license element to be attached to a component.
+ *
+ * <p>Licenses are required to have an id or a name attribute. Due to
+ * Ant's own usage of the {@code id} attribute the SBOM id of the
+ * license is called {@code licenseId} here.</p>
+ *
+ * <p>The CycloneDX specification supports more information for a
+ * license than this type currently exposes.</p>
+ *
+ * <p>This class is a type exposed by this Ant Library. When using the
+ * inherited {@code refid} attribute it can reference an instance
+ * defined previously - in which case no child elements or other
+ * attributes are allowed.</p>
+ */
public class License extends DataType {
private String id;
private String name;
private String url;
+ /**
+ * Sets the {@code id} of the license.
+ *
+ * <p>Must be a valid <a href="https://spdx.org/licenses/";>SPDX</a>
+ * identifier. This library doesn't enforce the SPDX identifier
+ * but the CycloneDX Core library does.</p>
+ */
public void setLicenseId(String id) {
checkAttributesAllowed();
this.id = id;
}
+ /**
+ * Sets the name of the license.
+ */
public void setName(String name) {
checkAttributesAllowed();
this.name = name;
}
+ /**
+ * Sets the url of the license.
+ *
+ * <p>Even though this is a nested element of the license element,
+ * at most one child is allowed.</p>
+ */
public void addConfiguredUrl(URLResource url) {
- checkAttributesAllowed();
+ checkChildrenAllowed();
if (this.url != null) {
- throw new BuildException("only one URL is allowed");
+ throw new BuildException("only one URL is allowed in license");
}
this.url = url.getURL().toExternalForm();
}
- public org.cyclonedx.model.License toCycloneDxLicense() {
+ org.cyclonedx.model.License toCycloneDxLicense() {
if (isReference()) {
return getRef().toCycloneDxLicense();
}
dieOnCircularReference();
if (name == null && id == null) {
- throw new BuildException("license name or id is required");
+ throw new BuildException("license name or licenseId is required");
}
org.cyclonedx.model.License l = new org.cyclonedx.model.License();
if (name != null) {
diff --git a/src/tests/antunit/externalreferences-test.xml
b/src/tests/antunit/externalreferences-test.xml
index 6357078..5ee7767 100644
--- a/src/tests/antunit/externalreferences-test.xml
+++ b/src/tests/antunit/externalreferences-test.xml
@@ -61,7 +61,7 @@
</au:expectfailure>
</target>
- <target name="testExternalReferenceWorksAsDirectChildrenOfComponent">
+ <target name="testExternalReferenceWorksAsDirectChildOfComponent">
<cdx:componentbom
outputdirectory="${output}" format="xml"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
diff --git a/src/tests/antunit/license-test.xml
b/src/tests/antunit/license-test.xml
new file mode 100644
index 0000000..ffc0063
--- /dev/null
+++ b/src/tests/antunit/license-test.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project name="license-test" default="antunit">
+
+ <import file="shared.xml" />
+
+ <target name="testLicenseRequiresIdOrName">
+ <au:expectfailure
+ expectedMessage="license name or licenseId is required"
+ xmlns:au="antlib:org.apache.ant.antunit">
+ <cdx:componentbom
+ outputdirectory="${output}" format="xml"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component name="testname">
+ <license/>
+ </component>
+ </cdx:componentbom>
+ </au:expectfailure>
+ </target>
+
+ <target name="testLicenseDoesntAllowMultipleUrls">
+ <au:expectfailure
+ expectedMessage="only one URL is allowed in license"
+ xmlns:au="antlib:org.apache.ant.antunit">
+ <cdx:componentbom
+ outputdirectory="${output}" format="xml"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component name="testname">
+ <license name="foo">
+ <url url="https://example.org/"/>
+ <url url="https://example.com/"/>
+ </license>
+ </component>
+ </cdx:componentbom>
+ </au:expectfailure>
+ </target>
+
+ <target name="testLicenseWorksAsDirectChildOfComponent">
+ <cdx:componentbom
+ outputdirectory="${output}" format="xml"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component name="testname">
+ <license name="foo">
+ <url url="https://example.org/"/>
+ </license>
+ </component>
+ </cdx:componentbom>
+ <xmlproperty file="${output}/bom.xml"/>
+ <au:assertPropertyEquals
+ xmlns:au="antlib:org.apache.ant.antunit"
+ name="bom.metadata.component.licenses.license.name"
+ value="foo"/>
+ <au:assertPropertyEquals
+ xmlns:au="antlib:org.apache.ant.antunit"
+ name="bom.metadata.component.licenses.license.url"
+ value="https://example.org/"/>
+ </target>
+
+ <target name="testLicenseWorksViaReference">
+ <cdx:license
+ licenseId="0BSD" id="test-license"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://example.org/"/>
+ </cdx:license>
+ <cdx:componentbom
+ outputdirectory="${output}" format="xml"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component name="testname">
+ <license refid="test-license"/>
+ </component>
+ </cdx:componentbom>
+ <xmlproperty file="${output}/bom.xml"/>
+ <au:assertPropertyEquals
+ xmlns:au="antlib:org.apache.ant.antunit"
+ name="bom.metadata.component.licenses.license.id"
+ value="0BSD"/>
+ <au:assertPropertyEquals
+ xmlns:au="antlib:org.apache.ant.antunit"
+ name="bom.metadata.component.licenses.license.url"
+ value="https://example.org/"/>
+ </target>
+
+ <target
+ name="testLicenseWithRefIdDoesntAllowNestedChildren">
+ <cdx:license
+ name="foo" licenseId="0BSD" id="test-license"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://example.org/"/>
+ </cdx:license>
+ <au:expectfailure
+ expectedMessage='You must not specify nested elements when using refid'
+ xmlns:au="antlib:org.apache.ant.antunit">
+ <cdx:license refid="test-license"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://example.org/"/>
+ </cdx:license>
+ </au:expectfailure>
+ </target>
+
+ <target
+ name="testLicenseWithRefIdDoesntAllowOtherAttributes">
+ <cdx:license
+ name="foo" licenseId="0BSD" id="test-license"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://example.org/"/>
+ </cdx:license>
+ <au:expectfailure
+ expectedMessage='You must not specify more than one attribute when
using refid'
+ xmlns:au="antlib:org.apache.ant.antunit">
+ <cdx:license refid="test-license"
+ name="foo"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ </cdx:license>
+ </au:expectfailure>
+ </target>
+</project>
