Merge pull request #187 from spdx/updatelib

Update versions for SPDX libraries

pom.xml

@@ -120,17 +120,17 @@
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>java-spdx-library</artifactId>
-	  	<version>2.0.0-RC1</version>
+	  	<version>2.0.0-RC2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-rdf-store</artifactId>
-	  	<version>2.0.0-RC1</version>
+	  	<version>2.0.0-RC2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-jackson-store</artifactId>
-	  	<version>2.0.0-RC1</version>
+	  	<version>2.0.0-RC2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.apache.ws.xmlschema</groupId>
@@ -140,12 +140,12 @@
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-spreadsheet-store</artifactId>
-	  	<version>2.0.0-RC1</version>
+	  	<version>2.0.0-RC2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-tagvalue-store</artifactId>
-	  	<version>2.0.0-RC1</version>
+	  	<version>2.0.0-RC2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>com.networknt</groupId>
@@ -161,7 +161,7 @@
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-v3jsonld-store</artifactId>
-	  	<version>1.0.0-RC2</version>
+	  	<version>1.0.0-RC3</version>
 	  </dependency>
 		<dependency>
 			<groupId>org.apache.poi</groupId>
@@ -175,12 +175,6 @@
 			<version>5.2.0</version>
 			<scope>compile</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.spdx</groupId>
-			<artifactId>spdx-rdf-store</artifactId>
-			<version>2.0.0-RC1</version>
-			<scope>compile</scope>
-		</dependency>
 	</dependencies>
     <build>
   		<resources>

src/main/java/org/spdx/tools/SpdxConverter.java

@@ -143,7 +143,6 @@ public static void convert(String fromFilePath, String toFilePath) throws SpdxCo
 	 * @param toFilePath Path of output file for the conversion
 	 * @param fromFileType Serialization type of the file to convert from
 	 * @param toFileType Serialization type of the file to convert to
-	 * @param excludeLicenseDetails If true, don't copy over properties of the listed licenses
 	 * @throws SpdxConverterException 
 	 */
 	public static void convert(String fromFilePath, String toFilePath, SerFileType fromFileType, 
@@ -293,7 +292,7 @@ private static void copyV2ToV3(ISerializableModelStore fromStore,
 		CreationInfo defaultCreationInfo = Spdx2to3Converter.convertCreationInfo(fromDoc.getCreationInfo(),
 				toStore, toUriPrefix);
 		Spdx2to3Converter converter = new Spdx2to3Converter(toStore, copyManager, defaultCreationInfo, 
-				SpdxModelFactory.getLatestSpecVersion(), toUriPrefix);
+				SpdxModelFactory.getLatestSpecVersion(), toUriPrefix, !excludeLicenseDetails);
 		converter.convertAndStore(fromDoc);
 		// Make sure we get all files, packages and snippets - any relationships and annotations will be copied
 		// as properties.  Note that the conversion of the document should already have been copied.

src/main/java/org/spdx/tools/Verify.java

@@ -128,10 +128,9 @@ public static void main(String[] args) {
 	 * @param filePath File path to the SPDX file to be verified
 	 * @param fileType 
 	 * @return A list of verification errors - if empty, the SPDX file is valid
-	 * @throws InvalidFileNameException 
-	 * @throws IOException 
-	 * @throws SpdxVerificationException 
-	 * @throws Errors where the SPDX file can not be parsed or the filename is invalid
+	 * @throws InvalidFileNameException on invalid file name or file not found
+	 * @throws IOException on IO error
+	 * @throws SpdxVerificationException where the SPDX file can not be parsed or the filename is invalid
 	 */
 	public static List<String> verify(String filePath, SerFileType fileType) throws SpdxVerificationException {
 		Objects.requireNonNull(filePath);

src/main/java/org/spdx/tools/compare/DocumentSheet.java

@@ -394,7 +394,6 @@ private void setCellEqualValue(Cell cell) {
 	}
 
 	/**
-	 * @param docNames
 	 * @throws SpdxCompareException
 	 * @throws InvalidSPDXAnalysisException 
 	 */

src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java

@@ -427,7 +427,7 @@ public void importVerificationErrors(
 	}
 
 	/**
-	 * @throws AnalyzeException
+	 * @throws SpreadsheetException
 	 *
 	 */
 	public void close() throws SpreadsheetException {

src/test/java/org/spdx/tools/SpdxConverterTestV3.java

@@ -12,6 +12,7 @@
 import java.nio.file.Path;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 
 import org.junit.After;
 import org.junit.Before;
@@ -20,6 +21,7 @@
 import org.spdx.library.ModelCopyManager;
 import org.spdx.library.SpdxModelFactory;
 import org.spdx.library.model.v3_0_1.core.Element;
+import org.spdx.library.model.v3_0_1.core.NamespaceMap;
 import org.spdx.library.model.v3_0_1.core.SpdxDocument;
 import org.spdx.library.model.v3_0_1.software.SpdxFile;
 import org.spdx.library.model.v3_0_1.software.SpdxPackage;
@@ -106,6 +108,12 @@ public void testV2JsonToV3JsonLD() throws SpdxConverterException, InvalidSPDXAna
 
 		assertEquals(sourcePackage.getName().get(), resultPackage.getName().get());
 		assertEquals(sourceFile.getName().get(), resultFile.getName().get());
+
+		assertEquals(1, resultDoc.getNamespaceMaps().size());
+		Optional<NamespaceMap> map = resultDoc.getNamespaceMaps().stream().findFirst();
+		assertTrue(map.isPresent());
+		assertEquals("http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301#", map.get().getNamespace());
+		assertEquals("DocumentRef-spdx-tool-1.2", map.get().getPrefix());
 		// TODO: create a more extensive set of checks
 	}
 

src/test/java/org/spdx/tools/VerifyTest.java

@@ -30,6 +30,7 @@ public class VerifyTest extends TestCase {
 	static final String TEST_YAML_FILE_PATH = TEST_DIR + File.separator + "SPDXYAMLExample-2.3.spdx.yaml";
 	static final String TEST_WARNING_FILE_PATH = TEST_DIR + File.separator + "SPDXTagExample-v2.2-warning.spdx";
     static final String BAD_JSON_FILE_PATH = TEST_DIR + File.separator + "BadJSON.spdx.json";
+	static final String DOUBLE_JSON_LD_FILE_PATH = TEST_DIR + File.separator + "double.jsonld";
 
 	protected void setUp() throws Exception {
 		super.setUp();
@@ -44,7 +45,7 @@ protected void tearDown() throws Exception {
 
 	public void testUpsupportedVersionFields() throws SpdxVerificationException {
 		List<String> result = Verify.verify(TEST_V23_FIELDS_IN_V22_FILE, SerFileType.JSON);
-		assertTrue(result.size() > 0);
+        assertFalse(result.isEmpty());
 	}
 
 	public void testVerifyTagFile() throws SpdxVerificationException {
@@ -72,13 +73,13 @@ public void testVerify() throws SpdxVerificationException {
 
 	public void testVerifyWarning() throws SpdxVerificationException {
 		List<String> result = Verify.verify(TEST_WARNING_FILE_PATH, SerFileType.TAG);
-		assertTrue(result.size() > 0);
+        assertFalse(result.isEmpty());
 		assertTrue(result.get(0).contains("deprecated"));
 	}
 
 	public void testVerifyBadJSON() throws SpdxVerificationException {
 		List<String> result = Verify.verify(BAD_JSON_FILE_PATH, SerFileType.JSON);
-		assertTrue(result.size() == 4);
+        assertEquals(4, result.size());
 	}
 
 	public void testVerifyJsonLD() throws SpdxVerificationException {
@@ -89,10 +90,15 @@ public void testVerifyJsonLD() throws SpdxVerificationException {
 	// Test specific spec versions for the JSON format
 	public void testVerifyJSONVersion() throws SpdxVerificationException {
 		List<String> result = Verify.verify(JSON_V2_2_FILE_PATH, SerFileType.JSON);
-		assertTrue(result.size() == 0);
+        assertEquals(0, result.size());
 		result = Verify.verify(JSON_V2_3_FILE_PATH, SerFileType.JSON);
-		assertTrue(result.size() == 0);
+        assertEquals(0, result.size());
 		result = Verify.verify(JSON_BAD_VERSION_FILE_PATH, SerFileType.JSON); // a 2.3 version syntax with a 2.2 specversion
-		assertTrue(result.size() > 0);
+        assertFalse(result.isEmpty());
+	}
+
+	public void testVerifyDouble() throws SpdxVerificationException {
+		List<String> result = Verify.verify(DOUBLE_JSON_LD_FILE_PATH, SerFileType.JSONLD);
+        assertEquals(0, result.size());
 	}
 }

testResources/double.jsonld

@@ -0,0 +1,122 @@
+{
+  "@context": "https://spdx.org/rdf/3.0.1/spdx-context.jsonld",
+  "@graph": [
+    {
+      "type": "Organization",
+      "spdxId": "SPDXRef-MyOrganization:-73f9a129-5eea-4de8-b38b-96832cc72d57",
+      "name": "MyOrganization",
+      "creationInfo": "_:creationinfo"
+    },
+    {
+      "type": "CreationInfo",
+      "@id": "_:creationinfo",
+      "specVersion": "3.0.1",
+      "createdBy": [
+        "SPDXRef-MyOrganization:-73f9a129-5eea-4de8-b38b-96832cc72d57"
+      ],
+      "created": "2025-01-07T07:01:21Z"
+    },
+    {
+      "type": "SpdxDocument",
+      "spdxId": "SPDXRef-Document:-8b2134c3-1472-48c3-bbd9-53cdef129f09",
+      "creationInfo": "_:creationinfo",
+      "dataLicense": "SPDXRef-License:-DataLicenseCC1.0",
+      "profileConformance": [
+        "core",
+        "software",
+        "security",
+        "simpleLicensing"
+      ],
+      "rootElement": [
+        "BOM:ROOT"
+      ]
+    },
+	{
+      "type": "simplelicensing_LicenseExpression",
+      "spdxId": "SPDXRef-License:-DataLicenseCC1.0",
+      "name": "Data License CC 1.0",
+      "description": "Refer to this element if another element's data license is CC 1.0",
+      "creationInfo": "_:creationinfo",
+      "simplelicensing_licenseExpression": "CC-BY-1.0"
+    },
+    {
+      "type": "simplelicensing_LicenseExpression",
+      "spdxId": "SPDXRef-License:-NoAssertion",
+      "name": "NoAssertion",
+      "description": "Refer to this element if another element's license can't be asserted.",
+      "creationInfo": "_:creationinfo",
+      "simplelicensing_licenseExpression": "NOASSERTION"
+    },
+	{
+	  "type": "software_Package",
+      "spdxId": "SPDX-ID:-73fde02b-0fda-50b2-ad2e-a219f85c7ce4",
+      "creationInfo": "_:creationinfo",
+      "name": "An example software",
+      "originatedBy": [
+        "Organization: An example organization"
+      ],
+      "software_copyrightText": "NOASSERTION",
+      "software_primaryPurpose": "application",
+      "description": "This is an example software"
+	},
+	{
+      "type": "security_Vulnerability",
+      "spdxId": "SPDXRef-Vulnerability:-CVE-2016-4285",
+      "name": "CVE-2016-4285",
+      "creationInfo": "_:creationinfo",
+      "externalIdentifier": [
+        {
+          "type": "ExternalIdentifier",
+          "externalIdentifierType": "cve",
+          "identifier": "CVE-2016-4285",
+          "identifierLocator": [
+            "https://nvd.nist.gov/vuln/detail/CVE-2016-4285"
+          ]
+        }
+      ]
+    },
+    {
+      "type": "security_CvssV3VulnAssessmentRelationship",
+      "spdxId": "SPDXRef-CVSSAssessment:-CVE-2016-4285",
+      "creationInfo": "_:creationinfo",
+      "relationshipType": "hasAssessmentFor",
+      "security_score": "8.8",
+      "security_severity": "high",
+      "security_vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+      "from": "SPDXRef-Vulnerability:-CVE-2016-4285",
+      "to": [
+        "SPDX-ID:-73fde02b-0fda-50b2-ad2e-a219f85c7ce4"
+      ]
+    },
+    {
+      "type": "security_VexAffectedVulnAssessmentRelationship",
+      "spdxId": "SPDXRef-VexAffectedRelationship:-CVE-2016-4285",
+      "creationInfo": "_:creationinfo",
+      "relationshipType": "affects",
+      "security_actionStatement": "no_assertion",
+      "from": "SPDXRef-Vulnerability:-CVE-2016-4285",
+      "to": [
+        "SPDX-ID:-73fde02b-0fda-50b2-ad2e-a219f85c7ce4"
+      ]
+    },
+	{
+      "type": "software_Sbom",
+      "spdxId": "BOM:ROOT",
+      "creationInfo": "_:creationinfo",
+      "software_sbomType": [
+        "analyzed"
+      ],
+      "rootElement": [
+        "SPDX-ID:-73fde02b-0fda-50b2-ad2e-a219f85c7ce4"
+      ],
+      "element": [
+        "SPDXRef-License:-DataLicenseCC1.0",
+        "SPDXRef-License:-NoAssertion",
+		"SPDX-ID:-73fde02b-0fda-50b2-ad2e-a219f85c7ce4",
+		"SPDXRef-Vulnerability:-CVE-2016-4285",
+		"SPDXRef-CVSSAssessment:-CVE-2016-4285",
+		"SPDXRef-VexAffectedRelationship:-CVE-2016-4285"
+      ]
+    }
+  ]
+}